Lucene search
K

15 matches found

Tenable Nessus
Tenable Nessus
added 2026/02/19 12:0 a.m.5 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : Nova vulnerability (USN-8049-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8049-1 advisory. Dan Smith discovered that Nova incorrectly called qemu-img without a format restriction when resizing disks. An attacker could possibly use th...

8.2CVSS5.8AI score0.00341EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/18 12:0 a.m.7 views

CVE-2026-24708

An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in a...

8.2CVSS5.5AI score0.00341EPSS
Exploits0References3Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/25 12:16 a.m.5 views

Malicious code in @dev-blinq/blinqioclient (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b3a1d417e283165e25dc75c9510f4bcdde80854ca5600090b4de220548e72ae1 The package @dev-blinq/blinqioclient was found to contain malicious code. Source: google-open-source-security...

6.9AI score
Exploits0References8
OSV
OSV
added 2025/11/25 12:16 a.m.1 views

MAL-2025-191375 Malicious code in @voiceflow/stitches-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 06695269b63d5e1d5d67fbf2ec3e8ba8a46439f10a30ca584e674ad93dbf53f1 The package @voiceflow/stitches-react was found to contain malicious code. Source: ghsa-malware...

6.8AI score
Exploits0References4
OSV
OSV
added 2025/11/24 1:46 p.m.3 views

MAL-2025-190786 Malicious code in typeorm-orbit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1ef9bad1469b974150720a17445c8403c0b0cd2bd2dbb393948afc47f102f95 The package typeorm-orbit was found to contain malicious code. Source: ghsa-malware a8e95331758f44ad97cde664359ec7ba72c0ad0c10caeaf02926a6007d23bb7f...

6.8AI score
Exploits0References4
NVD
NVD
added 2025/10/28 12:15 p.m.6 views

CVE-2025-40068

In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: Fix integer overflow in rununpack The MFT record relative to the file being opened contains its runlist, an array containing information about the file's location on the physical disk. Analysis of all Call Stack paths...

0.00202EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/09/16 12:0 a.m.2 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from failure to properly handle the firmware return result of a QP/RQ destruction, which could result in the...

7.8CVSS5.9AI score0.00142EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/08/21 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-30215

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NATS-Server is a High-Performance server for NATS.io, the cloud and edge native messaging system. In versions starting from 2.2.0 but prior to 2.10.27 and 2.11....

9.6CVSS7.5AI score0.00529EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-38356

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc: Explicitly exit CT safe mode on unwind During driver probe we might be briefly...

5.5CVSS6.1AI score0.00154EPSS
Exploits0References3
Snyk
Snyk
added 2025/07/20 9:0 p.m.5 views

Embedded Malicious Package

Overview @toptal/picasso-tailwind is a malicious package. through the preinstall and postinstall scripts. A potentially compromised account operating in Toptal's GitHub organization exposed an AWS token, leading to the account being taken over. This allowed the attackers to expose private...

9.8CVSS7.4AI score
Exploits0References2
OSV
OSV
added 2025/04/18 7:17 p.m.8 views

BIT-NATS-2025-30215 NATS-Server Fails to Authorize Certain Jetstream Admin APIs

NATS-Server is a High-Performance server for NATS.io, the cloud and edge native messaging system. In versions starting from 2.2.0 but prior to 2.10.27 and 2.11.1, the management of JetStream assets happens with messages in the $JS. subject namespace in the system account; this is partially expose...

9.6CVSS9AI score0.00529EPSS
Exploits0References4
OSV
OSV
added 2025/04/16 12:15 a.m.6 views

AZL-60406 CVE-2025-30215 affecting package telegraf for versions less than 1.31.0-9

NATS-Server is a High-Performance server for NATS.io, the cloud and edge native messaging system. In versions starting from 2.2.0 but prior to 2.10.27 and 2.11.1, the management of JetStream assets happens with messages in the $JS. subject namespace in the system account; this is partially expose...

9.6CVSS7.1AI score0.00529EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/15 11:25 p.m.11 views

CVE-2025-30215 NATS-Server Fails to Authorize Certain Jetstream Admin APIs

NATS-Server is a High-Performance server for NATS.io, the cloud and edge native messaging system. In versions starting from 2.2.0 but prior to 2.10.27 and 2.11.1, the management of JetStream assets happens with messages in the $JS. subject namespace in the system account; this is partially expose...

9.6CVSS6.7AI score0.00529EPSS
Exploits0References2
OSV
OSV
added 2022/06/30 5:15 p.m.5 views

CVE-2021-38941

IBM CloudPak for Multicloud Monitoring 2.0 and 2.3 has a few containers running in privileged mode which is vulnerable to host information leakage or destruction if unauthorized access to these containers could execute arbitrary commands. IBM X-Force ID: 211048...

8.1CVSS6AI score0.00854EPSS
Exploits0References2
Exploit DB
Exploit DB
added 2000/04/21 12:0 a.m.24 views

OpenLDAP 1.2.7/1.2.8/1.2.9/1.2.10 - '/usr/tmp/' Symlink

source: https://www.securityfocus.com/bid/1232/info A vulnerability exists in OpenLDAP as shipped with some versions of Linux, including RedHat 6.1 and 6.2, and TurboLinux 6.0.2 and earlier. OpenLDAP will create files in /usr/tmp, which is actually a symbolic link to the world writable /tmp...

7.4AI score
Exploits0
Rows per page
Query Builder