Lucene search
+L

1630 matches found

CNNVD
CNNVD
added 2026/01/13 12:0 a.m.7 views

Microsoft Lightweight Directory Access Protocol(LDAP) 输入验证错误漏洞

Microsoft Lightweight Directory Access Protocol LDAP is a directory services protocol from Microsoft Corporation USA that operates on a layer above the TCP/IP stack. An input validation error vulnerability exists in Microsoft Lightweight Directory Access Protocol LDAP. An attacker could exploit...

6.5CVSS5.8AI score0.01116EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.7 views

Microsoft Windows SMB Server 竞争条件问题漏洞

Microsoft Windows SMB Server is a network file-sharing protocol from Microsoft. It allows applications on a computer to read and write files and request services from server programs on a computer network. An elevation of privilege vulnerability exists in Microsoft Windows SMB Server due to...

7.5CVSS5.9AI score0.01154EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.7 views

Microsoft Windows 信息泄露漏洞

Microsoft Windows is a suite of operating systems for use on personal devices from the U.S.-based Microsoft Corporation Microsoft. Microsoft Windows suffers from an information disclosure vulnerability. An attacker could exploit this vulnerability to obtain sensitive information. The following...

5.5CVSS5.8AI score0.00614EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.7 views

Microsoft Windows Remote Procedure Call Runtime 资源管理错误漏洞

Microsoft Windows Remote Procedure Call Runtime is a powerful technology for creating distributed client/server programs from Microsoft Corporation USA. A resource management error vulnerability exists in Microsoft Windows Remote Procedure Call Runtime. An attacker could exploit the vulnerability...

7.8CVSS5.8AI score0.0046EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.12 views

Microsoft Windows 资源管理错误漏洞

Microsoft Windows is a suite of operating systems for use on personal devices from Microsoft Corporation USA. Microsoft Windows suffers from a resource management error vulnerability. An attacker could exploit this vulnerability to gain elevated privileges. The following products and versions are...

7.8CVSS5.8AI score0.00387EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/09 10:4 a.m.31 views

CVE-2025-10569 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to create a denial of service condition by providing crafted responses to external API calls...

6.5CVSS0.00479EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/07 9:35 a.m.12 views

CVE-2019-7095

Adobe Digital Editions versions 4.5.10.185749 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution...

10CVSS7.6AI score0.0874EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/13 5:3 a.m.7 views

CVE-2025-65120

Reflected cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1. If a user accesses a crafted page or URL, an arbitrary script may be executed on the web browser of the user...

6.1CVSS6.1AI score0.0016EPSS
Exploits0References1
NVD
NVD
added 2025/12/12 5:16 a.m.5 views

CVE-2025-53523

Stored cross-site scripting vulnerabilities exist in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. A logged-in user can prepare a malicious page or URL, and an arbitrary script may be executed on the web browser when...

5.4CVSS0.00147EPSS
Exploits0References2
CVE
CVE
added 2025/12/12 5:2 a.m.10 views

CVE-2025-61987

CVE-2025-61987 affects GroupSession variants: Free edition prior to 5.3.0, byCloud prior to 5.3.3, and ZION prior to 5.3.2. The root cause is lack of origin validation in WebSockets, which may allow exposure of chat information to users accessing crafted pages. Affected software is GroupSession (...

6.9CVSS6.1AI score0.00132EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2025/12/12 5:2 a.m.11 views

CVE-2025-61950

CVE-2025-61950 affects Japan Total System GroupSession family (Free edition before ver5.3.0, byCloud before ver5.3.3, ZION before ver5.3.2). Description: an authenticated user can bypass authorization and alter the memo field of a Circular notice due to an improper authorization check. Impact des...

5.3CVSS6.3AI score0.00165EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/12 4:13 a.m.5 views

CVE-2025-12562

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an unauthenticated user to create a denial of service condition by sending crafted GraphQL queries that bypass query complexity limits...

7.5CVSS6.7AI score0.0079EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.9 views

PT-2025-50878

In GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1, "External page display restriction" is set to "Do not limit" in the initial configuration. With this configuration, the user may be redirected to an arbitrary website...

5.1CVSS6.8AI score0.00177EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/11 3:30 p.m.13 views

Security Bulletin: Multiple security vulnerabilities in IBM Business Automation Manager Open Editions.

Summary Multiple vulnerabilities were addressed in IBM Business Automation Manager Open Editions 9.3.1. Vulnerability Details CVEID:CVE-2025-61748 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component:...

8.2CVSS8.1AI score0.01049EPSS
Exploits1Affected Software1
UbuntuCve
UbuntuCve
added 2025/12/11 5:16 a.m.8 views

CVE-2025-8405

GitLab has remediated a security issue in GitLab CE/EE affecting all versions from 17.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to perform unauthorized actions on behalf of other users by injecting malicious HTML into vulnerability...

7.7CVSS7.3AI score0.00494EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2025/12/11 4:5 a.m.25 views

CVE-2025-8405

Removed by vendor...

7.7CVSS7.3AI score0.00494EPSS
Exploits0
OSV
OSV
added 2025/12/11 3:33 a.m.3 views

CVE-2025-14157 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 6.3 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to cause a Denial of Service condition by sending crafted API calls with large content parameters...

6.5CVSS6.6AI score0.00275EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/12/09 11:32 p.m.8 views

CVE-2025-64499

Tuleap is a free and open source suite for management of software development and collaboration. Tuleap Community Editon versions prior to 17.0.99.1762456922 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 are vulnerable to CSRF attacks through planning management API...

5.4CVSS6.7AI score0.0012EPSS
Exploits0References1
Microsoft KB
Microsoft KB
added 2025/12/09 8:0 a.m.44 views

Description of the security update for Office 2016: December 9, 2025 (KB5002812)

None None...

7.8CVSS7AI score0.00562EPSS
Exploits0
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.6 views

Microsoft Windows Storage 访问控制错误漏洞

Microsoft Windows Storage is a data storage solution from Microsoft Corporation USA. An access control error vulnerability exists in Microsoft Windows Storage. An attacker could exploit this vulnerability to elevate privileges. The following products and editions are affected:Windows 10 Version...

7.8CVSS6.3AI score0.02208EPSS
Exploits0References1
Rows per page
Query Builder