Lucene search
K

19182 matches found

Snyk
Snyk
added 2025/11/06 11:32 p.m.2 views

Missing Release of Memory after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime via the Attach functionality. An attacker can cause excessive memory consumption on the host by repeatedly initiating CRI Attach requests, leading to resource exhaustion due to goroutin...

6.9CVSS6.5AI score0.00151EPSS
Exploits1References2
OSV
OSV
added 2025/11/06 8:15 p.m.4 views

CVE-2025-34242

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxNetworkController.ajaxAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

6.5CVSS5.8AI score0.0026EPSS
Exploits0References3
NVD
NVD
added 2025/11/06 8:15 p.m.4 views

CVE-2025-34242

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxNetworkController.ajaxAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

8.6CVSS0.0026EPSS
Exploits0References3
CVE
CVE
added 2025/11/06 7:49 p.m.10 views

CVE-2025-34247

Advantech WebAccess/VPN versions prior to 1.1.5 are affected by a SQL injection in NetworksController.addNetworkAction(). An authenticated, low-privileged observer user can inject SQL via datatable search parameters, potentially disclosing database information. Affected product scope and impact a...

6.5CVSS7.2AI score0.00264EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/06 7:48 p.m.4 views

CVE-2025-34245 Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxStandaloneVpnClientsController.ajaxAction()

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxStandaloneVpnClientsController.ajaxAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

5.3CVSS7.2AI score0.0026EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/06 7:46 p.m.3 views

CVE-2025-34242 Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxNetworkController.ajaxAction()

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxNetworkController.ajaxAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

8.6CVSS7.2AI score0.0026EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/06 7:46 p.m.5 views

CVE-2025-34242 Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxNetworkController.ajaxAction()

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxNetworkController.ajaxAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

8.6CVSS0.0026EPSS
Exploits0References3
CVE
CVE
added 2025/11/06 7:46 p.m.12 views

CVE-2025-34242

Advantech WebAccess/VPN before version 1.1.5 contains a SQL injection in AjaxNetworkController.ajaxAction(). An authenticated, low-privileged observer can inject SQL via datatable search parameters, leading to disclosure of database information. Affected product/version: Advantech WebAccess/VPN

8.6CVSS7.2AI score0.0026EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2025/11/06 7:39 p.m.3 views

CVE-2025-34236 Advantech WebAccess/VPN < 1.1.5 Stored XSS via NetworksController.addNetworkAction()

Advantech WebAccess/VPN versions prior to 1.1.5 contain a stored cross-site scripting XSS vulnerability via NetworksController.addNetworkAction. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's...

6.2CVSS0.00178EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/06 2:10 p.m.10 views

Security Bulletin: Due to the use of helm, IBM Kubecost Self Hosted is affected by stack overflow and memory exhaustion

Summary helm is used by IBM Kubecost Self Hosted as part of the cluster-controller component CVE-2025-32387, CVE-2025-32386 Vulnerability Details CVEID:CVE-2025-32387 DESCRIPTION: Helm is a package manager for Charts for Kubernetes. A JSON Schema file within a chart can be crafted with a deeply...

6.5CVSS6.7AI score0.00407EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/06 12:0 a.m.6 views

PT-2025-45349

Name of the Vulnerable Software and Affected Versions Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181 Dell Integrated Dell Remote Access Controller 15G and 16G versions 6.10.80.00 through 7.20.10.50 Dell Integrated Dell Remote Access Controller 10, 17G versions...

6.7CVSS5.5AI score0.00385EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/06 12:0 a.m.3 views

PT-2025-45372

Name of the Vulnerable Software and Affected Versions Advantech WebAccess/VPN versions prior to 1.1.5 Description The software contains a SQL injection issue in the NetworksController.addNetworkAction function. An authenticated, low-privileged user can inject SQL code through datatable search...

5.1CVSS7.8AI score0.00264EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/11/06 12:0 a.m.3 views

Dell iDRAC9和Dell iDRAC10 路径遍历漏洞

The Dell iDRAC9 and Dell iDRAC10 are both products of Dell Inc. of the United States Dell.The Dell iDRAC9 is provides provides comprehensive, embedded management, automation capabilities across the PowerEdge family of servers. The Dell iDRAC10 is an integrated remote access controller. A path...

6.7CVSS6.7AI score0.00385EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/06 12:0 a.m.4 views

Advantech WebAccess/VPN 安全漏洞

Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a cross-site scripti...

6.3CVSS6.1AI score0.00176EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/11/06 12:0 a.m.5 views

Advantech WebAccess/VPN 安全漏洞

Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a SQL injection...

6.5CVSS8AI score0.0026EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/06 12:0 a.m.5 views

PT-2025-45403

Name of the Vulnerable Software and Affected Versions containerd versions 1.7.28 and below containerd versions 2.0.0-beta.0 through 2.0.6 containerd versions 2.1.0-beta.0 through 2.1.4 containerd versions 2.2.0-beta.0 through 2.2.0-rc.1 Description containerd, an open-source container runtime, is...

9.8CVSS5.7AI score0.00579EPSS
Exploits2References69
Tenable Nessus
Tenable Nessus
added 2025/11/06 12:0 a.m.2 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990523)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990523 advisory. In the Linux kernel, the following vulnerability has been resolved: xhci: Fix command ring pointer corruption while aborting a command The command ring pointer is...

5.5CVSS6.3AI score0.00236EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/11/06 12:0 a.m.2 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990606)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990606 advisory. In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qmp: fix reset-controller leak on probe errors Make sure to release the lane reset...

5.5CVSS5.9AI score0.00247EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/06 12:0 a.m.4 views

PT-2025-45513

Name of the Vulnerable Software and Affected Versions KubeVirt versions prior to 1.7.0-beta.0 Description KubeVirt, a virtual machine management add-on for Kubernetes, contains a flaw in the virt-controller. An attacker can disrupt control over a running Virtual Machine Instance VMI by creating a...

5.3CVSS5.5AI score0.00317EPSS
Exploits1References21
RedhatCVE
RedhatCVE
added 2025/11/05 10:4 p.m.7 views

CVE-2025-62720

LinkAce is a self-hosted archive to collect website links. Versions 2.3.1 and below allow any authenticated user to export the entire database of links from all users in the system, including private links that should only be accessible to their owners. The HTML and CSV export functions in the...

7.1CVSS6.4AI score0.0033EPSS
Exploits1References1
Rows per page
Query Builder