Lucene search
+L

92 matches found

euvd
euvd
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-42881

Malicious code in bioql PyPI...

5.5CVSS5.6AI score0.00364EPSS
Exploits1References4
euvd
euvd
added 2025/10/03 8:7 p.m.18 views

EUVD-2025-31407

Malicious code in bioql PyPI...

7.5CVSS6.3AI score0.00482EPSS
Exploits1References4
nvd
nvd
added 2025/09/27 5:15 a.m.5 views

CVE-2025-3193

Versions of the package algoliasearch-helper from 2.0.0-rc1 and before 3.11.2 are vulnerable to Prototype Pollution in the merge function in merge.js, which allows constructor.prototype to be written even though doing so throws an error. In the "extreme edge-case" that the resulting error is...

7.5CVSS0.00482EPSS
Exploits1References3
cve
cve
added 2025/09/27 5:0 a.m.23 views

CVE-2025-3193

The CVE-2025-3193 entry concerns algoliasearch-helper versions 2.0.0-rc1 through 3.11.2 (and earlier) with a Prototype Pollution in the _merge() function of merge.js. The underlying issue allows modification of constructor.prototype and, in an extreme edge-case where the resulting error is caught...

7.5CVSS6.7AI score0.00482EPSS
Exploits1References3Affected Software1
github
github
added 2025/09/25 4:39 p.m.10 views

Rack has an unsafe default in Rack::QueryParser allows params_limit bypass via semicolon-separated parameters

Summary Rack::QueryParser in version 2.2.18 enforces its paramslimit only for parameters separated by &, while still splitting on both & and ;. As a result, attackers could use ; separators to bypass the parameter count limit and submit more parameters than intended. Details The issue arises...

7.5CVSS6.8AI score0.00535EPSS
Exploits0References4Affected Software1
cvelist
cvelist
added 2025/09/15 12:36 p.m.11 views

CVE-2025-39803 scsi: ufs: core: Remove WARN_ON_ONCE() call from ufshcd_uic_cmd_compl()

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Remove WARNONONCE call from ufshcduiccmdcompl The UIC completion interrupt may be disabled while an UIC command is being processed. When the UIC completion interrupt is reenabled, an UIC interrupt is triggered an...

0.00133EPSS
Exploits0References2
nessus
nessus
added 2025/08/14 12:0 a.m.8 views

Fedora 42 : open62541 (2025-c2afaee8fe)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-c2afaee8fe advisory. Changes in v1.4.13: server: Cover edge-case in the EventFilter validation client: Cover edge-case in the UserTokenPolicy validation arch: Process delayed...

5.6AI score
Exploits0References1
susecve
susecve
added 2025/05/02 2:3 a.m.5 views

SUSE CVE-2025-23141

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Acquire SRCU in KVMGETMPSTATE to protect guest memory accesses Acquire a lock on kvm-srcu when userspace is getting MP state to handle a rather extreme edge case where "accepting" APIC events, i.e. processing pending IN...

5.5CVSS6.3AI score0.00166EPSS
Exploits0References29
osv
osv
added 2025/05/01 12:55 p.m.8 views

CVE-2025-23141 KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Acquire SRCU in KVMGETMPSTATE to protect guest memory accesses Acquire a lock on kvm-srcu when userspace is getting MP state to handle a rather extreme edge case where "accepting" APIC events, i.e. processing pending IN...

5.5CVSS5.9AI score0.00166EPSS
Exploits0References11
cvelist
cvelist
added 2025/01/09 12:33 a.m.24 views

CVE-2024-37372

The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases...

3.6CVSS0.00477EPSS
Exploits0References2
susecve
susecve
added 2024/09/28 2:51 a.m.3 views

SUSE CVE-2024-46829

In the Linux kernel, the following vulnerability has been resolved: rtmutex: Drop rtmutex::waitlock before scheduling rtmutexhandledeadlock is called with rtmutex::waitlock held. In the good case it returns with the lock held and in the deadlock case it emits a warning and goes into an endless...

5.5CVSS6.5AI score0.00196EPSS
Exploits0References3
osv
osv
added 2024/08/15 10:15 p.m.3 views

CVE-2024-34742

In shouldWrite of OwnersData.java, there is a possible edge case that prevents MDM policies from being persisted due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.9AI score0.00078EPSS
Exploits0References2
susecve
susecve
added 2024/07/10 3:27 a.m.7 views

SUSE CVE-2024-37372

The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases...

3.6CVSS8.6AI score0.00477EPSS
Exploits0References6
cnvd
cnvd
added 2024/05/31 12:0 a.m.4 views

JetBrains TeamCity Authentication Bypass Vulnerability

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. An authentication bypass vulnerability exists in...

9.8CVSS7.3AI score0.00465EPSS
Exploits0References1
cnnvd
cnnvd
added 2024/05/29 12:0 a.m.5 views

JetBrains TeamCity 安全漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. An authentication bypass vulnerability exists in...

9.8CVSS7.2AI score0.00465EPSS
Exploits0References2
osv
osv
added 2024/05/19 9:15 a.m.3 views

DEBIAN-CVE-2024-35878

In the Linux kernel, the following vulnerability has been resolved: of: module: prevent NULL pointer dereference in vsnprintf In ofmodalias, we can get passed the str and len parameters which would cause a kernel oops in vsnprintf since it only allows passing a NULL ptr when the length is also 0...

5.3CVSS6AI score0.00787EPSS
Exploits0References1
attackerkb
attackerkb
added 2023/12/25 7:15 a.m.4 views

CVE-2023-47247

In SysAid On-Premise before 23.3.34, there is an edge case in which an end user is able to delete a Knowledge Base article, aka bug 15102...

4.3CVSS5.8AI score0.00331EPSS
Exploits0References2
code423n4
code423n4
added 2023/11/10 12:0 a.m.14 views

Users of ReraiseCrowdfund will potentially not receive appropriate voting power

Lines of code Vulnerability details Bug Description The recent code update introduces the functionality for authorities to reduce the total voting power by invoking the decreaseTotalVotingPower function of the party. However, this functionality can lead to issues when used in the time frame after...

7AI score
Exploits0
code423n4
code423n4
added 2023/10/25 12:0 a.m.13 views

M-05 Unmitigated

Lines of code Vulnerability details Mitigation of M-05: Mitigation Error, see comments Link to Issue: code-423n4/2023-09-asymmetry-findings45 Comments To mitigate M-05, the sponsor has added a delay of one epoch when the available CVX balance is enough to cover the withdrawal: 81: uint256...

7AI score
Exploits0
code423n4
code423n4
added 2023/10/25 12:0 a.m.8 views

M-07 Unmitigated

Lines of code Vulnerability details Mitigation of M-07: Mitigation Error, see comments Link to Issue: code-423n4/2023-09-asymmetry-findings38 Comments The changes related to this issue are: Access control has been added to AfEth::depositRewards using the onlyVotiumOrRewarder modifier. This functi...

7AI score
Exploits0
Rows per page
Query Builder