Lucene search
K

348 matches found

RedhatCVE
RedhatCVE
added 2025/09/24 9:16 p.m.6 views

CVE-2025-59343

tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the destination directory is predictable with a specific tarball. This issue has been patched in version 3.1.1, 2.1.4, and 1.16.6. A workaround involves...

8.7CVSS6.2AI score0.00516EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/09/23 6:35 p.m.7 views

CVE-2025-10585

Type confusion in V8 in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High Mitigation Mitigation for this issue is either not available or the currently available options do not meet the...

8.8CVSS6.7AI score0.05426EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/09/22 9:49 p.m.3 views

CVE-2025-59420

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.4, Authlib’s JWS verification accepts tokens that declare unknown critical header parameters crit, violating RFC 7515 “must‑understand” semantics. An attacker can craft a signed token with a critical...

7.5CVSS6.3AI score0.00244EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/09/22 2:35 p.m.6 views

CVE-2025-9900

A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controll...

8.8CVSS7.1AI score0.00739EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/09/17 5:34 p.m.4 views

CVE-2022-50356

In the Linux kernel, the following vulnerability has been resolved: net: sched: sfb: fix null pointer access issue when sfbinit fails When the default qdisc is sfb, if the qdisc of devqueue fails to be inited during mqprioinit, sfbreset is invoked to clear resources. In this case, the q-qdisc is...

7CVSS5.4AI score0.00191EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/09/11 11:42 p.m.5 views

CVE-2025-48040

Uncontrolled Resource Consumption vulnerability in Erlang OTP ssh sshsftp modules allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl. This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to...

6.9CVSS6.3AI score0.00402EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/09/10 9:19 p.m.14 views

CVE-2025-59052

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Angular uses a DI container the "platform injector" to hold request-specific state during server-side rendering. For historical reasons, the container was stored as ...

7.1CVSS6.2AI score0.00326EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/09/08 5:9 p.m.4 views

CVE-2025-58782

A Deserialization of Untrusted Data vulnerability has been discovered in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons. Deployments that accept JNDI URIs for JCR lookup from untrusted users allows them to inject malicious JNDI references, potentially leading to arbitrary code execution...

7.7CVSS7.8AI score0.01286EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/09/05 6:13 p.m.3 views

CVE-2025-10043

A path traversal validation flaw exists in Keycloak’s vault key handling on Windows. The previous fix for CVE-2024-10492 did not account for the Windows file separator \. As a result, a high-privilege administrator could probe for the existence of files outside the expected realm context through...

2.7CVSS3.6AI score0.00727EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/09/04 8:47 p.m.6 views

CVE-2025-9636

An authentication flaw has been discovered in pgAdmin 4. his vulnerability allows an attacker to manipulate the OAuth flow, potentially leading to unauthorised account access, account takeover, data breaches, and privilege escalation. Mitigation Mitigation for this issue is either not available o...

7.9CVSS6.9AI score0.00213EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/04 7:23 p.m.5 views

CVE-2025-55190

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. In versions 2.13.0 through 2.13.8, 2.14.0 through 2.14.15, 3.0.0 through 3.0.12 and 3.1.0-rc1 through 3.1.1, API tokens with project-level permissions are able to retrieve sensitive repository credentials usernames, passwor...

9.9CVSS6.1AI score0.04518EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/09/04 4:38 p.m.4 views

CVE-2025-6984

An XML External Entity flaw has been discovered in the langchain-community python package. The EverNoteLoader component has an insecure use of the etree.iterparse function which does not disable external entity references. This can lead to sensitive information disclosure. An attacker could explo...

7.5CVSS7AI score0.01531EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/09/04 6:22 a.m.7 views

CVE-2025-9866

An inappropriate implementation in extensions flaw was found in Google Chrome. This vulnerability allows a remote attacker to bypass the content security policy via a crafted HTML page. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the...

8.8CVSS5.8AI score0.00353EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/04 3:7 a.m.3 views

CVE-2025-58057

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final and below, when supplied with specially crafted...

7.5CVSS6.1AI score0.00561EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/09/03 9:18 p.m.6 views

CVE-2025-57833

An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed QuerySet.annotate or QuerySet.alias. Mitigation...

7.1CVSS7.3AI score0.15602EPSS
Exploits4References6
RedhatCVE
RedhatCVE
added 2025/08/31 10:2 a.m.1 views

CVE-2025-58068

A request smuggling flaw was found in the Eventlet PyPI library. The Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability allows attackers to bypass front-end security controls, launch targeted attacks against active si...

9.1CVSS6.1AI score0.00363EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/08/31 9:46 a.m.2 views

CVE-2025-58066

nptd-rs is a tool for synchronizing your computer's clock, implementing the NTP and NTS protocols. In versions between 1.2.0 and 1.6.1 inclusive servers which allow non-NTS traffic are affected by a denial of service vulnerability, where an attacker can induce a message storm between two NTP...

5.3CVSS6.2AI score0.00313EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/31 7:39 a.m.6 views

CVE-2025-9572

No description is available for this CVE. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability...

5CVSS6.5AI score0.00348EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/08/21 6:20 p.m.12 views

CVE-2025-9308

A vulnerability has been found in yarnpkg Yarn up to 1.22.22. This impacts the function setOptions of the file src/util/request-manager.js. Such manipulation leads to inefficient regular expression complexity. Local access is required to approach this attack. This vulnerability only affects...

5.5CVSS3.7AI score0.00188EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2025/08/21 5:29 p.m.8 views

CVE-2025-57753

vite-plugin-static-copy is rollup-plugin-copy for Vite with dev server support. Files not included in src are accessible with a crafted request. The vulnerability is fixed in 2.3.2 and 3.1.2. Mitigation Mitigation for this issue is either not available or the currently available options do not me...

6.5CVSS6AI score0.00394EPSS
Exploits0References4
Rows per page
Query Builder