Lucene search
K

41 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:58 a.m.14 views

CVE-2020-7962

An issue was discovered in One Identity Password Manager 5.8. An attacker could enumerate valid answers for a user. It is possible for an attacker to detect a valid answer based on the HTTP response content, and reuse this answer later for a password reset on a chosen password. The enumeration is...

5.3CVSS7AI score0.00861EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:43 a.m.7 views

CVE-1999-0133

fmfls license server for Adobe Framemaker allows local users to overwrite arbitrary files and gain root access...

2.1CVSS7AI score0.00608EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/06 1:19 p.m.4 views

CVE-2025-6013

A flaw was found in github.com/hashicorp/vault. The LDAP authentication method fails to properly enforce multi-factor authentication when usernameasalias is enabled and a user possesses multiple Common Names CNs containing differing leading or trailing spaces. A remote attacker authenticated as a...

6.5CVSS6.4AI score0.00468EPSS
Exploits0References4
NVD
NVD
added 2025/08/04 4:15 p.m.14 views

CVE-2025-5988

A flaw was found in the Ansible aap-gateway. Cross-site request forgery CSRF origin checking is not done on requests from the gateway to external components, such as the controller, hub, and eda...

5.3CVSS0.00238EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/06/19 2:25 p.m.5 views

CVE-2025-49763

A flaw was found in trafficserver. The Edge Side Includes ESI plugin lacks a limit on maximum inclusion depth, allowing a remote attacker to trigger excessive memory consumption by inserting malicious instructions. This condition occurs due to the plugin's inability to restrict the nesting of ESI...

7.5CVSS7.2AI score0.00632EPSS
Exploits0References4
OSV
OSV
added 2025/06/17 3:15 p.m.3 views

CVE-2025-49180

A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate...

7.8CVSS6.4AI score0.00273EPSS
Exploits0References32
NVD
NVD
added 2025/06/17 3:15 p.m.6 views

CVE-2025-49176

A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check...

7.3CVSS0.00299EPSS
Exploits0References35
NVD
NVD
added 2025/06/17 3:15 p.m.9 views

CVE-2025-49177

A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests...

6.1CVSS0.00361EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/06/17 2:49 p.m.6 views

CVE-2025-49177

A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests. Mitigation Mitigation for this issue is either not available or the currently available options don't meet...

6.1CVSS5.2AI score0.00361EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2025/06/17 2:49 p.m.4 views

CVE-2025-49177

A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests...

6.1CVSS6.5AI score0.00361EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/06/17 12:44 p.m.7 views

CVE-2025-6020

A flaw was found in linux-pam. The module pamnamespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions. Mitigation Disable the pamnamespace module if it is not essential for...

7.8CVSS7.4AI score0.0039EPSS
Exploits0References3
NVD
NVD
added 2025/06/12 1:15 p.m.8 views

CVE-2025-6021

A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input...

7.5CVSS0.01067EPSS
Exploits1References28
CVE
CVE
added 2025/05/27 8:51 p.m.60 views

CVE-2025-5198

CVE-2025-5198 describes a Cross-site Scripting (XSS) flaw in Stackrox where the vulnerability can be triggered if script code is placed in a small subset of table cells, specifically when contained in the name of a Kubernetes “Role” object applied to a secured cluster. The exploit would require c...

5.4CVSS4.9AI score0.00227EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/05/27 2:15 p.m.3 views

CVE-2025-48798

A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing use-after-free issues...

7.3CVSS7AI score0.0017EPSS
Exploits0References14
Cvelist
Cvelist
added 2025/05/24 12:0 a.m.12 views

CVE-2025-48752

In the process-sync crate 0.2.2 for Rust, the drop function lacks a check for whether the pthreadmutex is unlocked...

2.9CVSS0.00297EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/23 8:58 a.m.4 views

CVE-2024-34596

Improper authentication in SmartThings prior to version 1.8.17 allows remote attackers to bypass the expiration date for members set by the owner...

7.5CVSS7.3AI score0.00483EPSS
Exploits0References1
NVD
NVD
added 2025/05/22 3:16 p.m.9 views

CVE-2025-5024

A flaw was found in gnome-remote-desktop. Once gnome-remote-desktop listens for RDP connections, an unauthenticated attacker can exhaust system resources and repeatedly crash the process. There may be a resource leak after many attacks, which will also result in gnome-remote-desktop no longer bei...

7.4CVSS0.00783EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added 2025/05/22 12:1 p.m.4 views

CVE-2016-7064

A flaw was found in pritunl-client before version 1.0.1116.6. A lack of signature verification leads to sensitive information leakage...

7.5CVSS6.3AI score0.00698EPSS
Exploits0References1
NVD
NVD
added 2025/05/09 4:15 p.m.10 views

CVE-2025-4432

A flaw was found in Rust's Ring package. A panic may be triggered when overflow checking is enabled. In the QUIC protocol, this flaw allows an attacker to induce this panic by sending a specially crafted packet. It will likely occur unintentionally in 1 out of every 232 packets sent or received...

5.3CVSS0.00825EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2025/05/09 4:6 p.m.4 views

CVE-2025-4432 Ring: some aes functions may panic when overflow checking is enabled in ring

A flaw was found in Rust's Ring package. A panic may be triggered when overflow checking is enabled. In the QUIC protocol, this flaw allows an attacker to induce this panic by sending a specially crafted packet. It will likely occur unintentionally in 1 out of every 232 packets sent or received...

5.3CVSS5.4AI score0.00825EPSS
Exploits0References8
Rows per page
Query Builder