Lucene search
K

6052 matches found

BDU FSTEC
BDU FSTEC
added 2025/03/27 12:0 a.m.8 views

The vulnerability of the Linux operating system’s kernel USB component, which allows a hacker to trigger a service failure

The vulnerability of the usbtmccreateurb function in the Linux kernel USB component is related to a memory leak. Exploiting this vulnerability could allow an attacker to cause a system failure...

5.5CVSS6.6AI score0.00221EPSS
Exploits0References15Affected Software8
CNNVD
CNNVD
added 2025/03/27 12:0 a.m.2 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel, which stems from an integer overflow in bitmapipcreate...

5.5CVSS6.4AI score0.00191EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/03/27 12:0 a.m.2 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from traceeventshist not checking the createhistfield return value...

5.5CVSS5.4AI score0.00247EPSS
Exploits0References8
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/03/25 7:13 a.m.4 views

Malicious code in create-sensort-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware da1473448f21d07682398de668daf47a21453a0c884d94a67902afec6616de29 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2025/03/25 7:13 a.m.2 views

MAL-2025-2662 Malicious code in create-sensort-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware da1473448f21d07682398de668daf47a21453a0c884d94a67902afec6616de29 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
CNNVD
CNNVD
added 2025/03/25 12:0 a.m.1 views

B&R Industrial Automation B&R APROL 代码注入漏洞

B&R Industrial Automation B&R APROL is a process control system from B&R Industrial Automation, Austria. A code injection vulnerability exists in B&R Industrial Automation B&R APROL versions prior to 4.4-00P5, which stems from a code injection in the AprolCreateReport component that could allow a...

9.2CVSS7AI score0.00375EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/03/21 12:0 a.m.6 views

The vulnerability of the rx_create() function in the drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c module of the Linux kernel allows a hacker to cause a service failure.

The vulnerability of the rxcreate function in the drivers/net/ethernet/mellanox/mlx5/core/enaccel/ipsecfs.c file of the Linux kernel is related to the use of pointers. Exploiting this vulnerability could allow an attacker to cause a service failure...

7.5CVSS6.1AI score0.00239EPSS
Exploits0References9Affected Software2
CVE
CVE
added 2025/03/21 12:0 a.m.63 views

CVE-2025-30345

OpenSlides CVE-2025-30345 affects OpenSlides versions prior to 4.2.5. The vulnerability arises in the chat_group.create action: while some HTML elements (e.g., SCRIPT) are filtered, others are not, and HTML entities are not consistently encoded when deleting chats or deleting messages, potentiall...

4.1CVSS6.7AI score0.0026EPSS
Exploits1References1Affected Software1
Openbugbounty
Openbugbounty
added 2025/03/20 4:50 p.m.8 views

horticus.biz Cross Site Scripting vulnerability OBB-4038403

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Snyk
Snyk
added 2025/03/20 12:32 p.m.2 views

Deserialization of Untrusted Data

Overview agentscope is an AgentScope: A Flexible yet Robust Multi-Agent Platform. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the AgentServerServicer.createagent method. An attacker can execute arbitrary commands on the server by deserializing untrust...

9.8CVSS7.6AI score0.01631EPSS
Exploits0References2
Snyk
Snyk
added 2025/03/20 10:46 a.m.3 views

Cross-site Request Forgery (CSRF)

Overview polyaxon is a Command Line Interface CLI and client to interact with Polyaxon API. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the create endpoint. An attacker who can convince a user to follow a malicious link can cause the creation of a...

6.9CVSS7AI score0.0023EPSS
Exploits0References2
PyPA
PyPA
added 2025/03/20 10:15 a.m.7 views

PYSEC-2025-17

In mlflow/mlflow version 2.18, an admin is able to create a new user account without setting a password. This vulnerability could lead to security risks, as accounts without passwords may be susceptible to unauthorized access. Additionally, this issue violates best practices for secure user accou...

5.5CVSS6.7AI score0.00336EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.2 views

dify 代码问题漏洞

dify is an open source LLM application development platform from LangGenius Open Source. A code issue vulnerability exists in version 0.10.2 of dify, which stems from the Create Knowledge section when uploading DOCX files is vulnerable to server-side request forgery attacks...

6.5CVSS6.7AI score0.00472EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2025/03/19 12:52 a.m.4 views

kernel: net/mlx5e: fix a double-free in arfs_create_groups

A double-free vulnerability was found in the arfscreategroups function in the Linux kernel's net/mlx5e driver. This issue could lead to memory corruption or a system crash if exploited, as freeing the same memory twice may cause undefined behavior...

5.3CVSS6.8AI score0.00861EPSS
Exploits0References5
OSV
OSV
added 2025/03/17 2:15 p.m.5 views

CVE-2025-2379

A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /create-pass.php. The manipulation of the argument visname leads to sql injection. The attack can be initiated remotely. The...

9.8CVSS5.8AI score0.00487EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2025/03/17 1:34 a.m.4 views

xorg: xwayland: Out-of-bounds write in CreatePointerBarrierClient()

An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will return the last element of the list if no matching...

7.8CVSS5.8AI score0.00369EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2025/03/17 12:0 a.m.7 views

Vulnerability of the siw_create_listen() function in the drivers/infiniband/sw/siw/siw_cm.c module – the Linux kernel’s InfiniBand support driver, which allows an attacker to compromise the confidentiality, integrity, and accessibility of protected information.

Vulnerability of the siwcreatelisten function in the drivers/infiniband/sw/siw/siwcm.c module – The Linux kernel’s InfiniBand support driver is vulnerable due to the repeated use of previously released memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality...

7.8CVSS6.7AI score0.00208EPSS
Exploits0References9Affected Software3
RedhatCVE
RedhatCVE
added 2025/03/15 2:16 a.m.10 views

CVE-2025-25620

Unifiedtransform 2.0 is vulnerable to Cross Site Scripting XSS in the Create assignment function...

5.4CVSS6AI score0.00516EPSS
Exploits1References1
OSV
OSV
added 2025/03/13 6:32 p.m.11 views

GHSA-3WGM-2GW2-VH5M Kubernetes GitRepo Volume Inadvertent Local Repository Access

A security vulnerability was discovered in Kubernetes that could allow a user with create pod permission to exploit gitRepo volumes to access local git repositories belonging to other pods on the same node. This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone...

6.5CVSS6.5AI score0.00516EPSS
Exploits0References5
OSV
OSV
added 2025/03/10 6:24 p.m.0 views

GHSA-G6WM-2V64-WQ36 LocalS3 CreateBucketConfiguration Endpoint XML External Entity (XXE) Injection

Description The LocalS3 service's bucket creation endpoint is vulnerable to XML External Entity XXE injection. When processing the CreateBucketConfiguration XML document during bucket creation, the service's XML parser is configured to resolve external entities. This allows an attacker to declare...

6.9CVSS5.9AI score0.00497EPSS
Exploits1References4
Rows per page
Query Builder