Lucene search
K

263 matches found

AlpineLinux
AlpineLinux
added 2026/03/06 12:0 a.m.4 views

CVE-2025-69644

An issue was discovered in Binutils before 2.46. The objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed debug information. A logic flaw in the handling of DWARF location list headers can cause objdump to enter an unbounded loop and produce endless...

5CVSS5.8AI score0.00126EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/03/06 12:0 a.m.5 views

CVE-2025-69645

Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug information. A logic error in the handling of DWARF compilation units can result in an invalid offsetsize value being used inside bytegetlittleendian, leading to an abort SIGABR...

5.5CVSS5.8AI score0.00166EPSS
Exploits1References2
CVE
CVE
added 2026/03/06 12:0 a.m.36 views

CVE-2025-69652

GNU Binutils readelf (up to version 2.46) contains a vulnerability when processing crafted ELF binaries with malformed DWARF/debug info. Root cause: incomplete cleanup in process_debug_info can leave invalid debug_info_p state, causing a fatal abort in byte_get_little_endian() for certain zero-le...

6.2CVSS6.1AI score0.00173EPSS
Exploits1References2Affected Software1
Snyk
Snyk
added 2026/03/06 12:0 a.m.2 views

Unchecked Input for Loop Condition

Overview Affected versions of this package are vulnerable to Unchecked Input for Loop Condition through the processing of crafted binaries containing malformed DWARF debug information. An attacker can cause the application to crash or become unresponsive by supplying specially crafted input files...

5CVSS5.8AI score0.00126EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/02/05 12:25 a.m.6 views

SUSE CVE-2026-23043

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix NULL pointer dereference in doabortlogreplay Coverity reported a NULL pointer dereference issue CID 1666756 in doabortlogreplay. When btrfsallocpath fails in replayonebuffer, wc-subvolpath is NULL, but...

5.2AI score0.00145EPSS
Exploits0References3
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.89 views

VICIdial Sensitive Information Disclosure

VICIdial's Web Client is susceptible to information disclosure because it contains many sensitive files that can be accessed from the client side. These files contain mysqli logs, auth logs, debug information, successful and unsuccessful login attempts with their corresponding IP's, User-Agents,...

6.6AI score
Exploits0References1
OSV
OSV
added 2026/01/27 9:34 a.m.4 views

CLSA-2026-1769506462 Fix CVE(s): CVE-2025-8225

SECURITY UPDATE: debuginformation memory leak in processdebuginfo - debian/patches/CVE-2025-8225.patch: prevent memory leak by checking allocnumdebuginfoentries instead of numdebuginfoentries to determine whether debuginformation has been allocated - CVE-2025-8225...

4.8CVSS6AI score0.00223EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/13 10:53 p.m.5 views

CVE-2025-14720

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on multiple AJAX actions in all versions up to, and including, 1.2.38. This makes it possible for unauthenticated attackers to mark payments as...

5.3CVSS5.5AI score0.0028EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2026/01/13 12:0 a.m.2 views

CasaOS <= 0.4.15 Information Disclosure Vulnerability - Version Check

CasaOS is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:icewhale:casaos"; if...

6.9CVSS5.9AI score0.00548EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/09 6:34 a.m.4 views

CVE-2025-14720 Booking for Appointments and Events Calendar – Amelia <= 1.2.38 - Missing Authorization to Unauthenticated Multiple AJAX Actions

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on multiple AJAX actions in all versions up to, and including, 1.2.38. This makes it possible for unauthenticated attackers to mark payments as...

5.3CVSS5.2AI score0.0028EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/09 6:34 a.m.26 views

CVE-2025-14720 Booking for Appointments and Events Calendar – Amelia <= 1.2.38 - Missing Authorization to Unauthenticated Multiple AJAX Actions

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on multiple AJAX actions in all versions up to, and including, 1.2.38. This makes it possible for unauthenticated attackers to mark payments as...

5.3CVSS0.0028EPSS
Exploits0References2
CVE
CVE
added 2026/01/09 6:34 a.m.17 views

CVE-2025-14720

CVE-2025-14720 : Booking for Appointments and Events Calendar – Amelia (WordPress) is vulnerable to unauthorized access due to missing capability checks on multiple AJAX actions in all versions up to 1.2.38. Unauthenticated attackers can mark payments as refunded, trigger sending of queued notifi...

5.3CVSS5.2AI score0.0028EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/06 12:0 a.m.3 views

PT-2026-1454

RED-V Super Digital Signage System 5.1.1 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive webserver log files. Attackers can visit multiple endpoints to retrieve system resources and debug log information without authentication...

7.5CVSS6.5AI score0.00378EPSS
Exploits1References7
Snyk
Snyk
added 2026/01/05 9:54 p.m.3 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the /v1/users/image and /v1/sys/debug endpoints. An attacker can retrieve sensitive configuration files, system debug information, and enumerate file existence by sending crafted requests to these endpoints...

6.9CVSS6.8AI score0.00548EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/05 9:54 p.m.3 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the /v1/users/image and /v1/sys/debug endpoints. An attacker can retrieve sensitive configuration files, system debug information, and enumerate file existence by sending crafted requests to these endpoints...

6.9CVSS6.8AI score0.00548EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/04 10:5 p.m.7 views

CVE-2025-34171

CasaOS versions up to and including 0.4.15 expose multiple unauthenticated endpoints that allow remote attackers to retrieve sensitive configuration files and system debug information. The /v1/users/image endpoint can be abused with a user-controlled path parameter to access files under...

6.9CVSS6.5AI score0.00548EPSS
Exploits0References1
OSV
OSV
added 2025/12/18 9:43 a.m.5 views

CLSA-2025-1766051004 Fix CVE(s): CVE-2025-8225

SECURITY UPDATE: debuginformation memory leak in processdebuginfo - debian/patches/CVE-2025-8225.patch: prevent memory leak by checking allocnumdebuginfoentries instead of numdebuginfoentries to determine whether debuginformation has been allocated - CVE-2025-8225...

4.8CVSS6AI score0.00223EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/11/21 7:37 p.m.6 views

CVE-2025-52671

Debug information disclosure in the SQL error message to in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to acquire information about the software, PHP and database versions currently in use...

4.3CVSS5AI score0.00307EPSS
Exploits1References1
EUVD
EUVD
added 2025/11/20 9:30 p.m.5 views

EUVD-2025-198346

Debug information disclosure in the SQL error message to in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to acquire information about the software, PHP and database versions currently in use...

4.3CVSS4.8AI score0.00307EPSS
Exploits1References2
CVE
CVE
added 2025/11/20 7:10 p.m.9 views

CVE-2025-52671

CVE-2025-52671 describes an information-disclosure vulnerability in Revive Adserver where SQL error messages reveal debugging details, enabling non-admin users to learn software, PHP, and database versions. Connected sources (CNVD, RH, EUVD, NVD, OSV, CVE/CVEList, and a HackerOne report) consiste...

4.3CVSS6.4AI score0.00307EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder