Lucene search
K

4722 matches found

Cvelist
Cvelist
added 2025/05/01 2:9 p.m.25 views

CVE-2022-49800 tracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event()

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix memory leak in testgensynthcmd and testemptysynthevent testgensynthcmd only free buf in fail path, hence buf will leak when there is no failure. Add kfreebuf to prevent the memleak. The same reason and solution in...

0.00159EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/05/01 12:0 a.m.3 views

PT-2025-22217

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been identified where a client can send an empty newname string to the ksmbd server, causing a kernel oops from d alloc. This issue occurs when...

5.5CVSS6.7AI score0.00149EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2025/04/29 12:15 p.m.2 views

CVE-2025-3891

A flaw was found in the modauthopenidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability...

7.5CVSS6.5AI score0.01214EPSS
Exploits0References14Affected Software14
OSV
OSV
added 2025/04/29 12:15 p.m.2 views

DEBIAN-CVE-2025-3891

A flaw was found in the modauthopenidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability...

7.5CVSS6AI score0.01214EPSS
Exploits0References1
OSV
OSV
added 2025/04/29 12:15 p.m.7 views

UBUNTU-CVE-2025-3891

A flaw was found in the modauthopenidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability...

7.5CVSS7.1AI score0.01214EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/04/29 11:56 a.m.7 views

CVE-2025-3891 Mod_auth_openidc: dos via empty post in mod_auth_openidc with oidcpreservepost enabled

A flaw was found in the modauthopenidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability...

7.5CVSS5.3AI score0.01214EPSS
Exploits0References13
CNNVD
CNNVD
added 2025/04/29 12:0 a.m.2 views

Red Hat Enterprise Linux 7 安全漏洞

Red Hat Enterprise Linux 7 is a Linux operating system for business users from Red Hat, an American company. A security vulnerability exists in Red Hat Enterprise Linux 7 that originates from a crash when processing an empty POST request, which could result in a denial of service...

7.5CVSS5.5AI score0.01214EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/04/25 4:31 p.m.5 views

CVE-2025-24640

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dan-Lucian Stefancu Empty Tags Remover empty-tags-remover allows Reflected XSS.This issue affects Empty Tags Remover: from n/a through = 1.0...

7.1CVSS5.9AI score0.00235EPSS
Exploits0References1
SUSE Linux
SUSE Linux
added 2025/04/25 12:39 p.m.2 views

Security update for runc

This update for runc fixes the following issues: CVE-2024-45310: Fixed unintentional creation of empty files/directories on host bsc1230092 Other fixes: Update to runc v1.2.6. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...

3.6CVSS7.4AI score0.00317EPSS
Exploits0References4
OSV
OSV
added 2025/04/25 12:39 p.m.6 views

SUSE-SU-2025:1374-1 Security update for runc

This update for runc fixes the following issues: - CVE-2024-45310: Fixed unintentional creation of empty files/directories on host bsc1230092 Other fixes: - Update to runc v1.2.6...

3.6CVSS4.6AI score0.00317EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2025/04/22 7:0 a.m.3 views

Libsoup: null pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in content-disposition header

...

7.5CVSS8.1AI score0.00694EPSS
Exploits0
OSV
OSV
added 2025/04/19 6:27 a.m.4 views

CGA-2C8X-WMCP-R4QJ

Bulletin has no description...

6.5CVSS6.7AI score0.0045EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2025/04/18 11:19 p.m.10 views

SUSE CVE-2025-37785

In the Linux kernel, the following vulnerability has been resolved: ext4: fix OOB read when checking dotdot dir Mounting a corrupted filesystem with directory which contains '.' dir entry with reclen == block size results in out-of-bounds read later on, when the corrupted directory is removed...

6CVSS6.3AI score0.00226EPSS
Exploits0References24
OSV
OSV
added 2025/04/18 5:58 a.m.2 views

BELL-CVE-2025-22030

Bulletin has no description...

5.5CVSS6.5AI score0.00164EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/18 12:0 a.m.2 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the ext4emptydir function that can lead to out-of-bounds reads when checking the dotdot directory...

7.1CVSS6.5AI score0.00226EPSS
Exploits0References9
NVD
NVD
added 2025/04/17 4:15 p.m.6 views

CVE-2025-24640

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dan-Lucian Stefancu Empty Tags Remover empty-tags-remover allows Reflected XSS.This issue affects Empty Tags Remover: from n/a through = 1.0...

7.1CVSS0.00235EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/17 3:48 p.m.16 views

CVE-2025-24640 WordPress Empty Tags Remover Plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dan-Lucian Stefancu Empty Tags Remover empty-tags-remover allows Reflected XSS.This issue affects Empty Tags Remover: from n/a through = 1.0...

7.1CVSS0.00235EPSS
Exploits0References1
CVE
CVE
added 2025/04/17 3:48 p.m.46 views

CVE-2025-24640

CVE-2025-24640 concerns the WordPress plugin Empty Tags Remover (versions ≤ 1.0). The issue is an Improper Neutralization of Input During Web Page Generation that enables a Reflected XSS . Affected component is the plugin’s input handling, leading to script injection in reflected contexts. The CV...

7.1CVSS5.9AI score0.00235EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/17 12:0 a.m.3 views

WordPress plugin Empty Tags Remover 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

7.1CVSS5.8AI score0.00235EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/17 12:0 a.m.4 views

PT-2025-17041 · Unknown · Empty Tags Remover

Name of the Vulnerable Software and Affected Versions: Empty Tags Remover versions 1.0 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential attackers to inje...

7.1CVSS6.4AI score0.00235EPSS
Exploits0References4
Rows per page
Query Builder