Lucene search
K

2184 matches found

CVE
CVE
added 2025/12/31 9:36 p.m.28 views

CVE-2025-34469

CVE-2025-34469 affects Cowrie before 2.9.0. In emulated shell mode, the wget and curl commands perform real outbound HTTP requests, enabling unauthenticated attackers to generate unbounded traffic to arbitrary targets. This SSRF can turn the Cowrie honeypot into a denial-of-service amplification ...

7.5CVSS7.1AI score0.00616EPSS
In wildExploits1References5Affected Software1
EUVD
EUVD
added 2025/12/31 9:36 p.m.8 views

EUVD-2025-204642

Cowrie versions prior to 2.9.0 contain a server-side request forgery SSRF vulnerability in the emulated shell implementation of wget and curl. In the default emulated shell configuration, these command emulations perform real outbound HTTP requests to attacker-supplied destinations. Because no...

6.9CVSS7AI score0.00616EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2025/12/31 12:0 a.m.7 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992777)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992777 advisory. In the Linux kernel, the following vulnerability has been resolved: arm64: fix oops in concurrently setting insnemulation sysctls emulationprochandler changes...

5.5CVSS6.1AI score0.00203EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/12/30 12:0 a.m.4 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992318)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992318 advisory. In the Linux kernel, the following vulnerability has been resolved: arm64: fix oops in concurrently setting insnemulation sysctls emulationprochandler changes...

5.5CVSS6.1AI score0.00203EPSS
Exploits0References4
OSV
OSV
added 2025/12/27 8:15 p.m.6 views

AZL-73201 CVE-2025-14180 affecting package php for versions less than 8.3.29-1

In PHP versions 8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTREMULATEPREPARES enabled, an invalid character sequence such as \x99 in a prepared statement parameter may cause the quoting function...

8.2CVSS5.8AI score0.00573EPSS
Exploits2References1
CVE
CVE
added 2025/12/27 7:21 p.m.46 views

CVE-2025-14180

CVE-2025-14180 affects PHP’s PDO PostgreSQL driver when using PDO::ATTR_EMULATE_PREPARES and can cause a NULL return from PQescapeStringConn on certain invalid parameter sequences, leading to a NULL pointer dereference in pdo_parse_params() and potential server crashes. Connected advisories confi...

8.2CVSS6.5AI score0.00573EPSS
Exploits2References1Affected Software1
Packet Storm News
Packet Storm News
added 2025/12/27 12:0 a.m.6 views

SCyTAG: Scalable Cyber-Twin for Threat-Assessment Based on Attack Graphs

Understanding the risks associated with an enterprise environment is the first step toward improving its security. Organizations employ various methods to assess and prioritize the risks identified in cyber threat intelligence CTI reports that may be relevant to their operations. Some methodologi...

6.6AI score
Exploits0
OSV
OSV
added 2025/12/24 1:16 p.m.11 views

UBUNTU-CVE-2023-54116

In the Linux kernel, the following vulnerability has been resolved: drm/fbdev-generic: prohibit potential out-of-bounds access The fbdev test of IGT may write after EOF, which lead to out-of-bound access for drm drivers with fbdev-generic. For example, run fbdev test on a x86+ast2400 platform, wi...

5.8AI score0.00173EPSS
Exploits0References5
OSV
OSV
added 2025/12/24 1:6 p.m.4 views

CVE-2023-54116 drm/fbdev-generic: prohibit potential out-of-bounds access

In the Linux kernel, the following vulnerability has been resolved: drm/fbdev-generic: prohibit potential out-of-bounds access The fbdev test of IGT may write after EOF, which lead to out-of-bound access for drm drivers with fbdev-generic. For example, run fbdev test on a x86+ast2400 platform, wi...

6.5AI score0.00173EPSS
Exploits0References6
EUVD
EUVD
added 2025/12/24 12:30 p.m.4 views

EUVD-2025-205087

In the Linux kernel, the following vulnerability has been resolved: macintosh/machid: fix race condition in machidtoggleemumouse The following warning appears when running syzkaller, and this issue also exists in the mainline code. ------------ cut here ------------ listadd double add:...

5.8AI score0.00165EPSS
Exploits0References5
NVD
NVD
added 2025/12/24 11:16 a.m.7 views

CVE-2025-68367

In the Linux kernel, the following vulnerability has been resolved: macintosh/machid: fix race condition in machidtoggleemumouse The following warning appears when running syzkaller, and this issue also exists in the mainline code. ------------ cut here ------------ listadd double add:...

0.00165EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2025/12/24 11:16 a.m.11 views

CVE-2025-68367

In the Linux kernel, the following vulnerability has been resolved: macintosh/machid: fix race condition in machidtoggleemumouse The following warning appears when running syzkaller, and this issue also exists in the mainline code. ------------ cut here ------------ listadd double add:...

5.9AI score0.00165EPSS
Exploits0References34
Cvelist
Cvelist
added 2025/12/24 10:32 a.m.25 views

CVE-2025-68367 macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse

In the Linux kernel, the following vulnerability has been resolved: macintosh/machid: fix race condition in machidtoggleemumouse The following warning appears when running syzkaller, and this issue also exists in the mainline code. ------------ cut here ------------ listadd double add:...

0.00165EPSS
Exploits0References8
CVE
CVE
added 2025/12/24 10:32 a.m.16 views

CVE-2025-68367

CVE-2025-68367 is a Linux kernel race in mac_hid_toggle_emumouse where two processes concurrently write to mac_hid emulation, each reading old_val=0 outside the mutex and both registering the input handler, causing a double list_add. The fix moves the old_val read inside the mutex-protected regio...

5.9AI score0.00165EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2025/12/24 10:32 a.m.2 views

CVE-2025-68367

In the Linux kernel, the following vulnerability has been resolved: macintosh/machid: fix race condition in machidtoggleemumouse The following warning appears when running syzkaller, and this issue also exists in the mainline code. ------------ cut here ------------ listadd double add:...

5.2AI score0.00165EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2025/12/24 10:32 a.m.2 views

CVE-2025-68367 macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse

In the Linux kernel, the following vulnerability has been resolved: macintosh/machid: fix race condition in machidtoggleemumouse The following warning appears when running syzkaller, and this issue also exists in the mainline code. ------------ cut here ------------ listadd double add:...

6.1AI score0.00165EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2025/12/24 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2025-68367

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - macintosh/machid: fix race condition in machidtoggleemumouse The following warning appears when running syzkaller, and this issue also exists in the mainline...

6.5AI score0.00165EPSS
Exploits0References3
OSV
OSV
added 2025/12/22 4:35 p.m.12 views

SUSE-SU-2025:4505-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-50253: bpf: make sure skb-len != 0 when redirecting to a tunneling device bsc1249912. - CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in...

7.8CVSS7.9AI score0.00338EPSS
Exploits1References142
Snyk
Snyk
added 2025/12/20 5:42 p.m.5 views

Server-side Request Forgery (SSRF)

Overview cowrie is a Cowrie SSH/Telnet Honeypot. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the emulation of wget and curl commands in shell mode. An attacker can cause the system to send arbitrary HTTP requests to external hosts by repeatedly invokin...

8.3CVSS7.2AI score0.00616EPSS
Exploits1References3
OSV
OSV
added 2025/12/20 5:42 p.m.5 views

GHSA-83JG-M2PM-4JXJ Cowrie has a SSRF vulnerability in wget/curl emulation enabling DDoS amplification

Summary A Server-Side Request Forgery SSRF vulnerability in Cowrie's emulated shell mode allows unauthenticated attackers to abuse the honeypot as an amplification vector for HTTP-based denial-of-service attacks against arbitrary third-party hosts. Details When Cowrie operates in emulated shell...

8.3CVSS7.2AI score0.00616EPSS
Exploits1References9
Rows per page
Query Builder