6052 matches found
The vulnerability of the Linux operating system’s kernel USB component, which allows a hacker to trigger a service failure
The vulnerability of the usbtmccreateurb function in the Linux kernel USB component is related to a memory leak. Exploiting this vulnerability could allow an attacker to cause a system failure...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel, which stems from an integer overflow in bitmapipcreate...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from traceeventshist not checking the createhistfield return value...
Malicious code in create-sensort-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware da1473448f21d07682398de668daf47a21453a0c884d94a67902afec6616de29 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-2662 Malicious code in create-sensort-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware da1473448f21d07682398de668daf47a21453a0c884d94a67902afec6616de29 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
B&R Industrial Automation B&R APROL 代码注入漏洞
B&R Industrial Automation B&R APROL is a process control system from B&R Industrial Automation, Austria. A code injection vulnerability exists in B&R Industrial Automation B&R APROL versions prior to 4.4-00P5, which stems from a code injection in the AprolCreateReport component that could allow a...
The vulnerability of the rx_create() function in the drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c module of the Linux kernel allows a hacker to cause a service failure.
The vulnerability of the rxcreate function in the drivers/net/ethernet/mellanox/mlx5/core/enaccel/ipsecfs.c file of the Linux kernel is related to the use of pointers. Exploiting this vulnerability could allow an attacker to cause a service failure...
CVE-2025-30345
OpenSlides CVE-2025-30345 affects OpenSlides versions prior to 4.2.5. The vulnerability arises in the chat_group.create action: while some HTML elements (e.g., SCRIPT) are filtered, others are not, and HTML entities are not consistently encoded when deleting chats or deleting messages, potentiall...
horticus.biz Cross Site Scripting vulnerability OBB-4038403
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Deserialization of Untrusted Data
Overview agentscope is an AgentScope: A Flexible yet Robust Multi-Agent Platform. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the AgentServerServicer.createagent method. An attacker can execute arbitrary commands on the server by deserializing untrust...
Cross-site Request Forgery (CSRF)
Overview polyaxon is a Command Line Interface CLI and client to interact with Polyaxon API. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the create endpoint. An attacker who can convince a user to follow a malicious link can cause the creation of a...
PYSEC-2025-17
In mlflow/mlflow version 2.18, an admin is able to create a new user account without setting a password. This vulnerability could lead to security risks, as accounts without passwords may be susceptible to unauthorized access. Additionally, this issue violates best practices for secure user accou...
dify 代码问题漏洞
dify is an open source LLM application development platform from LangGenius Open Source. A code issue vulnerability exists in version 0.10.2 of dify, which stems from the Create Knowledge section when uploading DOCX files is vulnerable to server-side request forgery attacks...
kernel: net/mlx5e: fix a double-free in arfs_create_groups
A double-free vulnerability was found in the arfscreategroups function in the Linux kernel's net/mlx5e driver. This issue could lead to memory corruption or a system crash if exploited, as freeing the same memory twice may cause undefined behavior...
CVE-2025-2379
A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /create-pass.php. The manipulation of the argument visname leads to sql injection. The attack can be initiated remotely. The...
xorg: xwayland: Out-of-bounds write in CreatePointerBarrierClient()
An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will return the last element of the list if no matching...
Vulnerability of the siw_create_listen() function in the drivers/infiniband/sw/siw/siw_cm.c module – the Linux kernel’s InfiniBand support driver, which allows an attacker to compromise the confidentiality, integrity, and accessibility of protected information.
Vulnerability of the siwcreatelisten function in the drivers/infiniband/sw/siw/siwcm.c module – The Linux kernel’s InfiniBand support driver is vulnerable due to the repeated use of previously released memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality...
CVE-2025-25620
Unifiedtransform 2.0 is vulnerable to Cross Site Scripting XSS in the Create assignment function...
GHSA-3WGM-2GW2-VH5M Kubernetes GitRepo Volume Inadvertent Local Repository Access
A security vulnerability was discovered in Kubernetes that could allow a user with create pod permission to exploit gitRepo volumes to access local git repositories belonging to other pods on the same node. This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone...
GHSA-G6WM-2V64-WQ36 LocalS3 CreateBucketConfiguration Endpoint XML External Entity (XXE) Injection
Description The LocalS3 service's bucket creation endpoint is vulnerable to XML External Entity XXE injection. When processing the CreateBucketConfiguration XML document during bucket creation, the service's XML parser is configured to resolve external entities. This allows an attacker to declare...