Lucene search
K

10 matches found

Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.10 views

PT-2026-27306

sbt 1.12.7 is released, featuring a security fix for CVE-2026-32948, Source dependency feature via crafted VCS URL leading to arbitrary code execution on Windows...

6.4AI score0.00304EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/19 12:0 a.m.3 views

CVE-2025-67114

Use of a deterministic credential generation algorithm in /ftl/bin/calcf2 in Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote attackers to derive valid administrative/root credentials from the device's MAC address, enabling authentication bypass an...

5.9AI score0.00517EPSS
Exploits0References4
OSV
OSV
added 2026/03/18 7:46 a.m.5 views

SUSE-SU-2026:0916-1 Security update for gvfs

This update for gvfs fixes the following issues: - CVE-2026-28295: fixed by using control connection address for PASV data bsc1258953. - CVE-2026-28296: fixed by rejecting paths containing CR/LF characters bsc1258954...

4.3CVSS5.8AI score0.0036EPSS
Exploits2References5
EUVD
EUVD
added 2026/02/04 4:7 p.m.6 views

EUVD-2026-5474

In the Linux kernel, the following vulnerability has been resolved: Octeontx2-af: Add proper checks for fwdata firmware populates MAC address, link modes supported, advertised and EEPROM data in shared firmware structure which kernel access via MAC blockCGX/RPM. Accessing fwdata, on boards booted...

5.1AI score0.00121EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/20 12:0 a.m.5 views

CVE-2025-55423

A command injection vulnerability exists in the upnprelay function in multiple ipTIME router models because the controlURL value used to pass port-forwarding information to an upper router is passed to system without proper validation or sanitization, allowing OS command injection...

9.8CVSS5.4AI score0.03333EPSS
Exploits2References5
OSV
OSV
added 2025/12/31 1:15 a.m.2 views

DEBIAN-CVE-2025-11961

pcapetheraton is an auxiliary function in libpcap, it takes a string argument and returns a fixed-size allocated buffer. The string argument must be a well-formed MAC-48 address in one of the supported formats, but this requirement has been poorly documented. If an application calls the function...

1.9CVSS5.2AI score0.00098EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/10 12:0 a.m.15 views

PT-2025-46157

Name of the Vulnerable Software and Affected Versions JetBrains YouTrack versions prior to 2025.3.104432 Description A missing VCS URL validation in JetBrains YouTrack allows delegation to unauthorized repositories through the Junie widget. This issue affects versions prior to 2025.3.104432...

7.4CVSS6.6AI score0.0001EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/10/06 12:0 a.m.10 views

CVE-2025-59452

The YoSmart YoLink API through 2025-10-02 uses an endpoint URL that is derived from a device's MAC address along with an MD5 hash of non-secret information, such as a key that begins with cf50...

5.8CVSS0.00423EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2025/04/05 2:23 p.m.35 views

North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages

The North Korean threat actors behind the ongoing Contagious Interview campaign are spreading their tentacles on the npm ecosystem by publishing more malicious packages that deliver the BeaverTail malware, as well as a new remote access trojan RAT loader. "These latest samples employ hexadecimal...

7.7AI score
Exploits0
CNVD
CNVD
added 2018/05/31 12:0 a.m.3 views

node-tkinter information disclosure vulnerability

node-tkinter is a malware that steals environment variables and sends them to attackers. A security vulnerability exists in node-tkinter. An attacker can use this vulnerability to steal environment variables and send them to an address under the attacker's control...

7.5CVSS7.6AI score0.01083EPSS
Exploits0References1
Rows per page
Query Builder