Lucene search
+L

222 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:19 p.m.3 views

CVE-2025-68623

In Microsoft DirectX End-User Runtime Web Installer 9.29.1974.0, a low-privilege user can replace an executable file during the installation process, which may result in unintended elevation of privileges. During installation, the installer runs with HIGH integrity and downloads executables and...

8.8CVSS5.9AI score0.00129EPSS
Exploits0References1
OSV
OSV
added 2026/03/23 9:43 p.m.6 views

GHSA-RC55-58F4-687G Roadiz has Server-Side Request Forgery (SSRF) in roadiz/documents

This vulnerability allows an authenticated attacker to read any file on the server's local file system that the web server process has access to, including highly sensitive environment variables, database credentials, and internal configuration files. | Field | Details | | :--- | :--- | |...

6.8CVSS5.9AI score0.00383EPSS
Exploits1References4
OSV
OSV
added 2026/03/13 9:35 a.m.3 views

BIT-GITLAB-2026-1230 Use of Incorrectly-Resolved Name or Reference in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 1.0 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to cause repository downloads to contain different code than displayed in the web interface due to incorrect...

6.5CVSS5.9AI score0.00192EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/11 6:30 p.m.5 views

EUVD-2025-208593

In Microsoft DirectX End-User Runtime Web Installer 9.29.1974.0, a low-privilege user can replace an executable file during the installation process, which may result in unintended elevation of privileges. During installation, the installer runs with HIGH integrity and downloads executables and...

8.8CVSS5.8AI score0.00129EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.5 views

PT-2026-24724

In Microsoft DirectX End-User Runtime Web Installer 9.29.1974.0, a low-privilege user can replace an executable file during the installation process, which may result in unintended elevation of privileges. During installation, the installer runs with HIGH integrity and downloads executables and...

8.8CVSS5.8AI score0.00129EPSS
Exploits0References5
CVE
CVE
added 2026/03/11 12:0 a.m.11 views

CVE-2025-68623

CVE-2025-68623 affects Microsoft DirectX End-User Runtime Web Installer 9.29.1974.0. Cisco Talos TALOS-2025-2293 documents a local privilege escalation: during installation, the dxwebsetup.exe installer creates a writable TEMP path, writes dxwsetup.exe, then executes it with high integrity. An at...

8.8CVSS5.8AI score0.00129EPSS
Exploits0References3
Snyk
Snyk
added 2026/02/18 5:45 p.m.3 views

Arbitrary Code Injection

Overview nltk is a Natural Language Toolkit NLTK is a Python package for natural language processing. Affected versions of this package are vulnerable to Arbitrary Code Injection via the unzipiter function due to the lack of validation before unpacking untrusted downloaded packages. An attacker c...

10CVSS7.6AI score0.0079EPSS
Exploits1References2
CVE
CVE
added 2026/01/28 11:43 a.m.20 views

CVE-2026-0483

CVE-2026-0483 is a stored XSS in Live Helper Chat’s PDF file upload for versions before 4.72. An attacker can upload a malicious PDF containing an XSS payload; when a user downloads and opens the file via the app’s link, arbitrary JavaScript executes in the user’s context. Public sources (PT Secu...

6.9CVSS6AI score0.00243EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/01/05 1:9 a.m.9 views

Malicious code in pyrogrom (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ef643052c84683fba662eaded2786ba6fa993e69224608070ad949d4f3d0c3e4 The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...

7.1AI score
Exploits0References2
Zero Day Initiative
Zero Day Initiative
added 2025/12/17 12:0 a.m.8 views

Microsoft Edge Mark-Of-The-Web Removal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

8.8CVSS7.2AI score0.00375EPSS
Exploits0References1
Veracode
Veracode
added 2025/12/13 4:32 a.m.13 views

Improper Cache Control

Liferay Portal is vulnerable to improper cache control. The vulnerability is due to the use of incorrect cache-control headers, which allows an attacker to gain unauthorized access to downloaded files through the browser’s cache...

5.5CVSS5.2AI score0.00123EPSS
Exploits0References6Affected Software2
Positive Technologies
Positive Technologies
added 2025/11/17 12:0 a.m.9 views

PT-2025-47160

Name of the Vulnerable Software and Affected Versions GoSign Desktop versions through 2.4.1 Description GoSign Desktop versions through 2.4.1 disable TLS certificate validation when configured to use a proxy server. This occurs if a user selects a proxy server without verifying that outbound HTTP...

3.2CVSS6.8AI score0.00116EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/11/01 12:30 a.m.13 views

Liferay Portal and DXP use an incorrect cache-control header

The Document Library and the Adaptive Media modules in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions uses an incorrect cache-control heade...

5.5CVSS6.7AI score0.00123EPSS
Exploits0References6Affected Software2
EUVD
EUVD
added 2025/11/01 12:30 a.m.9 views

EUVD-2025-37404

The Document Library and the Adaptive Media modules in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions uses an incorrect cache-control heade...

4.6CVSS6.1AI score0.00123EPSS
Exploits0References2
NVD
NVD
added 2025/11/01 12:15 a.m.8 views

CVE-2025-62276

The Document Library and the Adaptive Media modules in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions uses an incorrect cache-control heade...

5.5CVSS0.00123EPSS
Exploits0References1
CVE
CVE
added 2025/10/31 11:34 p.m.20 views

CVE-2025-62276

The CVE-2025-62276 issue affects Liferay Portal and DXP: Document Library and Adaptive Media modules expose a misconfigured cache-control header across multiple versions (Liferay Portal 7.4.0–7.4.3.111 and legacy DXP releases up to 2023.Q4.10, plus 7.4 GA up to update 92). This header flaw enable...

5.5CVSS6.2AI score0.00123EPSS
Exploits0References1Affected Software2
EUVD
EUVD
added 2025/10/16 9:31 p.m.5 views

EUVD-2025-34826

The ConnectWise Automate Agent does not fully verify the authenticity of files downloaded from the server, such as updates, dependencies, and integrations. This creates a risk where an on-path attacker could perform a man-in-the-middle attack and substitute malicious files for legitimate ones by...

9.6CVSS6.2AI score0.00217EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/16 7:0 p.m.2 views

CVE-2025-11493 Self-Update Verification Mechanism Process in ConnectWise Automate

The ConnectWise Automate Agent does not fully verify the authenticity of files downloaded from the server, such as updates, dependencies, and integrations. This creates a risk where an on-path attacker could perform a man-in-the-middle attack and substitute malicious files for legitimate ones by...

8.8CVSS6.4AI score0.00217EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/16 12:0 a.m.8 views

ConnectWise Automate Agent 安全漏洞

ConnectWise Automate Agent is a remote monitoring and management software from ConnectWise USA. A security vulnerability exists in ConnectWise Automate Agent that stems from not fully verifying the authenticity of files downloaded from a server, which could lead to a man-in-the-middle attack...

8.8CVSS6.9AI score0.00217EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2004-0538

Malware in sbrugna...

10CVSS6.4AI score0.0484EPSS
Exploits0References3
Rows per page
Query Builder