Lucene search
K

942 matches found

OSV
OSV
added 2025/11/27 6:30 p.m.3 views

GHSA-5P82-2Q3R-WJ3M ThingsBoard allows an authenticated user to upload malicious SVG images

ThingsBoard in versions prior to v4.2.1 allows an authenticated user to upload malicious SVG images via the "Image Gallery", leading to a Stored Cross-Site Scripting XSS vulnerability. The exploit can be triggered when any user accesses the public API endpoint of the malicious SVG images, or if t...

6.2CVSS5.7AI score0.00033EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/27 12:0 a.m.4 views

PT-2025-48282

Name of the Vulnerable Software and Affected Versions ThingsBoard versions prior to 4.2.1 Description An authenticated user can upload malicious SVG images through the "Image Gallery". This leads to a Stored Cross-Site Scripting XSS issue. The exploit is triggered when any user accesses the publi...

6.2CVSS5.4AI score0.00033EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/11/25 7:7 a.m.6 views

CVE-2025-62372

vLLM is an inference and serving engine for large language models LLMs. From version 0.5.5 to before 0.11.1, users can crash the vLLM engine serving multimodal models by passing multimodal embedding inputs with correct ndim but incorrect shape e.g. hidden dimension is wrong, regardless of whether...

8.3CVSS6.6AI score0.00331EPSS
Exploits0References7
Veracode
Veracode
added 2025/11/24 8:49 a.m.6 views

Allocation Of Resources Without Limits Or Throttling

pdfmake is vulnerable to Allocation of Resources Without Limits or Throttling. The vulnerability is due to improper handling of repeatedly redirected URLs during file embedding, where the library follows redirect chains without enforcing limits, and an attacker can exploit this by supplying craft...

8.7CVSS7AI score0.00331EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2025/11/21 1:22 a.m.6 views

EUVD-2025-198357

vLLM is an inference and serving engine for large language models LLMs. From version 0.5.5 to before 0.11.1, users can crash the vLLM engine serving multimodal models by passing multimodal embedding inputs with correct ndim but incorrect shape e.g. hidden dimension is wrong, regardless of whether...

8.3CVSS6.3AI score0.00331EPSS
Exploits0References5
CVE
CVE
added 2025/11/21 1:22 a.m.26 views

CVE-2025-62372

CVE-2025-62372 affects vLLM (inference/serving engine). From version 0.5.5 up to before 0.11.1, passing multimodal embedding inputs with correct ndim but incorrect shape (e.g., wrong hidden dimension) can crash the engine when serving multimodal models, regardless of whether those inputs are supp...

8.3CVSS6.5AI score0.00331EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/11/21 1:22 a.m.8 views

CVE-2025-62372 vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs

vLLM is an inference and serving engine for large language models LLMs. From version 0.5.5 to before 0.11.1, users can crash the vLLM engine serving multimodal models by passing multimodal embedding inputs with correct ndim but incorrect shape e.g. hidden dimension is wrong, regardless of whether...

8.3CVSS6.7AI score0.00331EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2025/11/19 9:15 p.m.5 views

CVE-2025-58181

SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption...

5.3CVSS6.8AI score0.00521EPSS
Exploits0References9
NVD
NVD
added 2025/11/12 9:15 a.m.8 views

CVE-2025-64402

Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of Apache OpenOffice, documents that used "OLE objects" linked to...

6.5CVSS0.00464EPSS
Exploits0References3
NVD
NVD
added 2025/11/11 6:15 p.m.3 views

CVE-2025-60714

Heap-based buffer overflow in Windows OLE allows an unauthorized attacker to execute code locally...

7.8CVSS0.00543EPSS
Exploits0References1
OSV
OSV
added 2025/11/11 6:15 p.m.2 views

CVE-2025-60714

Heap-based buffer overflow in Windows OLE allows an unauthorized attacker to execute code locally...

7.8CVSS6.2AI score0.00543EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/11 5:59 p.m.5 views

EUVD-2025-93416

Heap-based buffer overflow in Windows OLE allows an unauthorized attacker to execute code locally...

7.8CVSS6AI score0.00543EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/11 5:59 p.m.6 views

CVE-2025-60714 Windows OLE Remote Code Execution Vulnerability

...

7.8CVSS0.00543EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/11 5:59 p.m.2 views

CVE-2025-60714 Windows OLE Remote Code Execution Vulnerability

...

7.8CVSS6.6AI score0.00543EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2025/11/11 8:0 a.m.4 views

Windows OLE Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows OLE allows an unauthorized attacker to execute code locally...

7.8CVSS6.1AI score0.00543EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/11/11 12:0 a.m.5 views

PT-2025-46475

Name of the Vulnerable Software and Affected Versions Windows OLE affected versions not specified Description A heap-based buffer overflow exists in Windows OLE. This flaw could allow an unauthorized attacker to execute code locally. Recommendations At the moment, there is no information about a...

7.8CVSS6AI score0.00543EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/11/11 12:0 a.m.6 views

Microsoft Windows 安全漏洞

Microsoft Windows is a suite of operating systems for use on personal devices from Microsoft Corporation USA. A security vulnerability exists in Microsoft Windows OLE. An attacker exploiting this vulnerability could execute code. The following products and editions are affected:Windows 10 Version...

7.8CVSS5.4AI score0.00543EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/11/09 12:0 a.m.5 views

SteganoSNN: SNN-Based Audio-In-Image Steganography with Encryption

Secure data hiding remains a fundamental challenge in digital communication, requiring a careful balance between computational efficiency and perceptual transparency. The balance between security and performance is increasingly fragile with the emergence of generative AI systems capable of...

6.9AI score
Exploits0
Veracode
Veracode
added 2025/11/06 5:33 p.m.7 views

Cross-site Scripting (XSS)

starcitizenwiki/embedvideo is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper restriction of HTML attributes in the video embedding functionality, which allows an attacker to inject and execute arbitrary web scripts through crafted wikitext...

8.6CVSS6.8AI score0.00282EPSS
Exploits1References6Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/31 2:12 p.m.3 views

CVE-2025-64387 CLICKJACKING

The web application is vulnerable to a so-called ‘clickjacking’ attack. In this type of attack, the vulnerable page is inserted into a page controlled by the attacker in order to deceive the victim. This deception can range from making the victim click on a button to making them enter their login...

5.1CVSS6.5AI score0.00352EPSS
Exploits0References3
Rows per page
Query Builder