Lucene search
K

30 matches found

CNNVD
CNNVD
added 2026/04/23 12:0 a.m.12 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained security vulnerabilities. These vulnerabilities stemmed from a flaw in the bootstrap JSON data used as a control interface, which allowed information leakage. This...

6.9CVSS5.8AI score0.00297EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/05 12:0 a.m.4 views

Amazon Linux 2 : python-urllib3, --advisory ALAS2-2025-3110 (ALAS-2025-3110)

The version of python-urllib3 installed on the remote host is prior to 1.25.9-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3110 advisory. urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number...

8.9CVSS7.5AI score0.00622EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/17 10:3 a.m.14 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in net/http/internal CVE-2025-22871

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in net/http/internal CVE-2025-22871 Vulnerability Details CVEID:CVE-2025-22871 DESCRIPTION: The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This...

9.1CVSS6.5AI score0.00724EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/28 11:36 a.m.8 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in net/http/internal CVE-2025-22871

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in net/http/internal CVE-2025-22871 Vulnerability Details CVEID:CVE-2025-22871 DESCRIPTION: The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This...

9.1CVSS6.5AI score0.00724EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-45731

Malicious code in bioql PyPI...

8.8CVSS8.8AI score0.00855EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/03 8:10 a.m.4 views

Security Bulletin: A vulnerability in form-data may affect IBM Decision Optimization for IBM Cloud Pak for Data (CVE-2025-7783)

Summary There is a vulnerability in form-data used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerabili...

9.4CVSS4.8AI score0.01735EPSS
Exploits1Affected Software1
CNNVD
CNNVD
added 2025/07/30 12:0 a.m.4 views

Apple多款产品 安全漏洞

Apple macOS and others are products of Apple Inc. of the U.S. Apple macOS is a specialized operating system developed for Mac computers.Apple iPadOS is an operating system for iPad tablets.Apple macOS Sequoia is an operating system.... A security vulnerability exists in several Apple products tha...

5.5CVSS6AI score0.0021EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/07/08 11:17 p.m.2 views

net/http: Request smuggling due to acceptance of invalid chunked data in net/http

A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...

9.1CVSS7.1AI score0.00724EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/07/01 4:53 p.m.4 views

com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError

A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur...

8.7CVSS7.1AI score0.00634EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/06/24 12:0 a.m.4 views

Mitel MiContact Center Business 安全漏洞

Mitel MiContact Center Business is an all-media contact center platform from Mitel Canada. The platform is used in customer communication, production management and other scenarios. A security vulnerability exists in Mitel MiContact Center Business version 10.2.0.3 and prior versions, which stems...

7.1CVSS6.1AI score0.0031EPSS
Exploits0References2
OSV
OSV
added 2025/06/09 4:15 a.m.4 views

CVE-2025-5860

A vulnerability, which was classified as critical, was found in PHPGurukul Maid Hiring Management System 1.0. This affects an unknown part of the file /admin/search-booking-request.php. The manipulation of the argument searchdata leads to sql injection. It is possible to initiate the attack...

9.8CVSS5.7AI score0.00394EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/06/02 7:5 p.m.5 views

CVE-2025-1051 Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability

Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

8.8CVSS7.9AI score0.00326EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:28 a.m.13 views

CVE-2024-38873

An issue was discovered in the friendlycaptchaofficial aka Integration of Friendly Captcha extension before 0.1.4 for TYPO3. The extension fails to check the requirement of the captcha field in submitted form data, allowing a remote user to bypass the captcha check. This only affects the captcha...

5.3CVSS6.9AI score0.0055EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2025/05/06 12:0 a.m.6 views

The vulnerability of D-Link DWR 2000M 5G router’s microprogramming software lies in the lack of measures taken to clean data at the management level, allowing attackers to execute arbitrary codes.

The vulnerability of D-Link DWR 2000M 5G router’s microprogramming software is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

8CVSS5.9AI score0.08095EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2025/04/23 5:16 p.m.5 views

CVE-2025-1049

Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

8.8CVSS0.0035EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/12/27 12:0 a.m.5 views

The vulnerability of the CI/CD application deployment and integration teamcity backup file of JetBrains, which allows a hacker to expose user credentials and session cookie files.

The vulnerability of the CI/CD application deployment and integration team environment from JetBrains TeamCity is related to improper cross-border deletion of critical data. Exploiting this vulnerability can allow a malicious actor to access user credentials and cookie session files remotely...

7.5CVSS5.5AI score0.00304EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/12/24 12:0 a.m.2 views

Apache HugeGraph 安全漏洞

Apache HugeGraph is a fast and scalable graph database from the Apache USA Foundation. A security vulnerability exists in Apache HugeGraph version 1.0.0 through versions prior to 1.5.0, which stems from the presence of an assumed immutable data vulnerability that could allow an attacker to bypass...

9.8CVSS9.4AI score0.69651EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2024/02/20 5:19 a.m.33 views

CVE-2024-22369

A deserialization of untrusted data flaw was found in Apache Camel SQL Component JDBCAggregationRepository. The affected versions of Apache Camel are vulnerable to unsafe deserialization, where, under specific conditions, it is possible to deserialize a malicious payload...

7.8CVSS7.8AI score0.00747EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2023/11/22 12:0 a.m.4 views

The vulnerability of Siemens SCALANCE industrial switches’ microprogramming software relates to unauthorized access to shared data in a multi-threaded context, allowing attackers to gain increased privileges.

The vulnerability of Siemens SCALANCE industrial switches’ microprogramming software is related to unsynchronized access to shared data in a multi-threaded context. Exploiting this vulnerability could allow an attacker operating remotely to enhance their privileges...

6.8CVSS7.2AI score0.00666EPSS
Exploits0References4Affected Software40
SUSE CVE
SUSE CVE
added 2023/02/15 3:57 a.m.3 views

SUSE CVE-2020-14374

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A flawed bounds checking in the copydata function leads to a buffer overflow allowing an attacker in a virtual machine to write arbitrary data to any address in the vhostcrypto application. The highest threat from this...

8.8CVSS7.2AI score0.00429EPSS
Exploits0References9
Rows per page
Query Builder