Lucene search
K

125 matches found

OSV
OSV
added 2025/12/08 3:42 p.m.12 views

CLSA-2025-1765208529 vim: Fix of 2 CVEs

CVE-2025-53906: drop leading ../ on write of zipfiles, don't forcefully overwrite existing files - CVE-2025-29768: use glob '-' to protect filenames starting with '-'...

4.4CVSS6.3AI score0.00731EPSS
Exploits1References1
OSV
OSV
added 2025/11/07 6:35 p.m.7 views

CLSA-2025-1762540530 Fix CVE(s): CVE-2020-10745, CVE-2022-42898

SECURITY UPDATE: DNS string buffer overflow - debian/patches/CVE-2020-10745.patch: add input validation to prevent buffer overflows when handling DNS/NBT names with consecutive dots or exceeding RFC 1035 255-byte limit. The fix enforces proper bounds checking and component length validation in...

8.8CVSS7.3AI score0.06419EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2025/11/04 4:48 a.m.5 views

go-jose: Go JOSE's Parsing Vulnerable to Denial of Service

A flaw was found in GO-JOSE. In affected versions, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code uses strings.Splittoken, "." to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large numb...

8.7CVSS6.8AI score0.00369EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/22 6:30 p.m.4 views

EUVD-2022-54801

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on inlinedots inode As Wenqing reported in bugzilla: https://bugzilla.kernel.org/showbug.cgi?id=215765 It will cause a kernel panic with steps: - mkdir mnt - mount tmp40.img mnt - ls mnt...

5.5CVSS4.9AI score0.00245EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-15737

Malicious code in bioql PyPI...

7.1CVSS8.7AI score0.00192EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/09/26 9:26 a.m.4 views

Malicious code in com.unity.dots.runtime (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2025/09/26 9:26 a.m.2 views

MAL-2025-47627 Malicious code in com.unity.dots.runtime (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.3 views

Malicious code in a-vailable-al-bum-file-9447-dots-and-loops-ee4hh-qjicit (npm)

The package a-vailable-al-bum-file-9447-dots-and-loops-ee4hh-qjicit was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.3 views

MAL-2025-13926 Malicious code in a-vailable-al-bum-file-9447-dots-and-loops-ee4hh-qjicit (npm)

The package a-vailable-al-bum-file-9447-dots-and-loops-ee4hh-qjicit was found to contain malicious code...

7.2AI score
Exploits0
OSV
OSV
added 2025/08/01 1:3 p.m.3 views

OESA-2025-1941 apache-commons-vfs security update

Commons VFS provides a uniform view of files through a single API which is designed for accessing various different file systems. These file systems could be a local disk, an HTTP server or a ZIP archive file. The key features are listed as follows: The API is consistent among various file types...

7.5CVSS6.6AI score0.01277EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/07/08 12:50 a.m.6 views

apache-commons-vfs: Apache Commons VFS: Possible path traversal issue when using NameScope.DESCENDENT

A flaw was found in Apache Commons VFS. The FileObject API in Commons VFS has a 'resolveFile' method that takes a 'scope' parameter. Specifying 'NameScope.DESCENDENT' promises that "an exception is thrown if the resolved file is not a descendent of the base file". However, when the path contains...

7.5CVSS7.1AI score0.01277EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 8:39 a.m.3 views

CVE-2024-23340

@hono/node-server is an adapter that allows users to run Hono applications on Node.js. Since v1.3.0, @hono/node-server has used its own Request object with url behavior that is unexpected. In the standard API, if the URL contains .., here called "double dots", the URL string returned by Request...

5.3CVSS7AI score0.00722EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/21 4:38 p.m.13 views

CVE-2025-22789

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fyrewurks polka dots allows Reflected XSS.This issue affects polka dots: from n/a through 1.2...

7.1CVSS8.6AI score0.00192EPSS
Exploits0References1
NVD
NVD
added 2025/05/19 4:15 p.m.8 views

CVE-2025-22789

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fyrewurks polka dots allows Reflected XSS.This issue affects polka dots: from n/a through 1.2...

7.1CVSS0.00192EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/19 3:59 p.m.7 views

CVE-2025-22789 WordPress polka dots theme <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fyrewurks polka dots allows Reflected XSS.This issue affects polka dots: from n/a through 1.2...

7.1CVSS7AI score0.00192EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/19 3:59 p.m.15 views

CVE-2025-22789 WordPress polka dots theme <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fyrewurks polka dots allows Reflected XSS.This issue affects polka dots: from n/a through 1.2...

7.1CVSS0.00192EPSS
Exploits0References1
CVE
CVE
added 2025/05/19 3:59 p.m.25 views

CVE-2025-22789

CVE-2025-22789 affects the WordPress polka dots theme (versions up to 1.2). Root cause: improper neutralization of input during web page generation, enabling a reflected XSS. Impact: potential script execution in a victim’s browser (CVSS v3.1 base score 7.1; network attack, no privileges, user in...

7.1CVSS8.6AI score0.00192EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/19 12:0 a.m.8 views

PT-2025-22001 · Unknown · Polka Dots

Name of the Vulnerable Software and Affected Versions: polka dots versions 1.2 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential attackers to inject...

7.1CVSS9.2AI score0.00192EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/05/13 5:19 p.m.7 views

go-jose: Go JOSE's Parsing Vulnerable to Denial of Service

A flaw was found in GO-JOSE. In affected versions, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code uses strings.Splittoken, "." to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large numb...

8.7CVSS6.8AI score0.00369EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2025/05/13 5:18 p.m.3 views

go-jose: Go JOSE's Parsing Vulnerable to Denial of Service

A flaw was found in GO-JOSE. In affected versions, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code uses strings.Splittoken, "." to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large numb...

8.7CVSS6.8AI score0.00369EPSS
Exploits0References7
Rows per page
Query Builder