Lucene search
K

76 matches found

CVE
CVE
added 2025/05/28 5:3 p.m.90 views

CVE-2025-32801

Summary: CVE-2025-32801 affects Kea configurations that can load a malicious hook library via API directives, with root/context privilege. Affected versions: Kea 2.4.0–2.4.1, 2.6.0–2.6.2, and 2.7.0–2.7.8. Impact: local privilege escalation and high impact components (root may load arbitrary code)...

7.8CVSS7.1AI score0.00233EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/05/22 3:30 a.m.161 views

Report

It is an offensive tool for web application exploitation. The re...

7.2AI score
Exploits0
OSV
OSV
added 2025/04/16 3:15 p.m.2 views

UBUNTU-CVE-2025-22051

In the Linux kernel, the following vulnerability has been resolved: staging: gpib: Fix Oops after disconnect in agilent usb If the agilent usb dongle is disconnected subsequent calls to the driver cause a NULL dereference Oops as the businterface is set to NULL on disconnect. This problem was...

5.5CVSS5.9AI score0.00173EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2025/04/16 2:12 p.m.1 views

CVE-2025-22051 staging: gpib: Fix Oops after disconnect in agilent usb

In the Linux kernel, the following vulnerability has been resolved: staging: gpib: Fix Oops after disconnect in agilent usb If the agilent usb dongle is disconnected subsequent calls to the driver cause a NULL dereference Oops as the businterface is set to NULL on disconnect. This problem was...

6.1AI score0.00173EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/04/10 12:0 a.m.7 views

PT-2025-23104

Name of the Vulnerable Software and Affected Versions Kea versions 2.4.0 through 2.4.1 Kea versions 2.6.0 through 2.6.2 Kea versions 2.7.0 through 2.7.8 Description Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave...

7.8CVSS5.9AI score0.00233EPSS
Exploits0References46
GithubExploit
GithubExploit
added 2024/11/29 6:6 a.m.87 views

CVE-Research

It is an offensive tool for web application security research. T...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2024/10/14 11:8 a.m.16 views

Supply Chain Attacks Can Exploit Entry Points in Python, npm, and Open-Source Ecosystems

Cybersecurity researchers have found that entry points could be abused across multiple programming ecosystems like PyPI, npm, Ruby Gems, NuGet, Dart Pub, and Rust Crates to stage software supply chain attacks. "Attackers can leverage these entry points to execute malicious code when specific...

7.7AI score
Exploits0
Veracode
Veracode
added 2024/07/25 5:58 p.m.14 views

Code Injection

Woodpecker is vulnerable to Code Injection. The vulnerability is due to insufficient user validation, allowing any user to trigger malicious workflows that can either take over the host running the agent or extract secrets by overwriting plugin entry points...

8.8CVSS7.2AI score0.00737EPSS
Exploits0References8Affected Software2
Veracode
Veracode
added 2024/07/25 8:55 a.m.15 views

Code Injection

Woodpecker is vulnerable to Code Injection. The vulnerability is due to insufficient user validation, allowing any user to trigger malicious workflows that can either take over the host running the agent or extract secrets by overwriting plugin entry points...

8.8CVSS6.9AI score0.00618EPSS
Exploits0References7Affected Software2
NVD
NVD
added 2024/06/10 10:15 p.m.29 views

CVE-2024-36471

Import functionality is vulnerable to DNS rebinding attacks between verification and processing of the URL. Project administrators can run these imports, which could cause Allura to read from internal services and expose them. This issue affects Apache Allura from 1.0.1 through 1.16.0. Users are...

7.5CVSS0.0075EPSS
Exploits0References2
CVE
CVE
added 2024/06/10 9:55 p.m.63 views

CVE-2024-36471

Apache Allura is affected (versions 1.0.1–1.16.0). The import functionality permits DNS rebinding attacks between URL verification and processing, potentially allowing Allura to read from internal services and expose them. Impact is described as high with network access and no authentication requ...

7.5CVSS7.5AI score0.0075EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/11/07 8:56 a.m.19 views

CVE-2023-46851 Apache Allura: sensitive information exposure via import

Allura Discussion and Allura Forum importing does not restrict URL values specified in attachments. Project administrators can run these imports, which could cause Allura to read local files and expose them. Exposing internal files then can lead to other exploits, like session hijacking, or remot...

7.3AI score0.01647EPSS
Exploits0References2
Code423n4
Code423n4
added 2023/05/30 12:0 a.m.67 views

Tokens with multiple entry points can lead to loss of funds in rageQuit()

Lines of code Vulnerability details Tokens with multiple entry points can lead to loss of funds in rageQuit ERC20 tokens with multiple entry points also known as double entry tokens or two address tokens can be used to exploit the rageQuit function and steal funds from the party. Impact The...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2022/08/02 11:5 a.m.42 views

What is ransomware and how can you defend your business from it?

Ransomware is a kind of malware used by cybercriminals to stop users from accessing their systems or files; the cybercriminals then threaten to leak, destroy or withhold sensitive information unless a ransom is paid. Ransomware attacks can target either the data held on computer systems known as...

0.6AI score
Exploits0
Microsoft Malware Protection
Microsoft Malware Protection
added 2022/06/13 4:0 p.m.27 views

The many lives of BlackCat ransomware

The BlackCat ransomware, also known as ALPHV, is a prevalent threat and a prime example of the growing ransomware-as-a-service RaaS gig economy. It’s noteworthy due to its unconventional programming language Rust, multiple target devices and possible entry points, and affiliation with prolific...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/12/07 12:25 p.m.19 views

Someone Is Running Lots of Tor Relays

Since 2017, someone is running about a thousand -- 10% of the total -- Tor servers in an attempt to deanonymize the network: Grouping these servers under the KAX17 umbrella, Nusenu says this threat actor has constantly added servers with no contact details to the Tor network in industrial...

6.9AI score
Exploits0
OSV
OSV
added 2020/08/26 7:15 p.m.3 views

CVE-2019-4701

IBM Security Guardium Data Encryption GDE 3.0.0.2 is deployed with active debugging code that can create unintended entry points. IBM X-Force ID: 171936...

5.3CVSS6.4AI score0.00657EPSS
Exploits0References2
NVD
NVD
added 2020/08/26 7:15 p.m.25 views

CVE-2019-4701

IBM Security Guardium Data Encryption GDE 3.0.0.2 is deployed with active debugging code that can create unintended entry points. IBM X-Force ID: 171936...

5.3CVSS5.2AI score0.00657EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/08/26 7:0 p.m.20 views

CVE-2019-4701

IBM Security Guardium Data Encryption GDE 3.0.0.2 is deployed with active debugging code that can create unintended entry points. IBM X-Force ID: 171936...

5.3CVSS5.2AI score0.00657EPSS
Exploits0References2
Gitee
Gitee
added 2020/03/26 2:49 p.m.4 views

AssassinGo

This is an extensible and concurrency pentest framework in Go, also with a WebGUI. It is an offensive tool for Network Scanning, Vulnerability Scanning, and Information Gathering. The primary CVE ID is not specified in the provided context. The target product/service is not explicitly stated, but...

6.6AI score
Exploits0
Rows per page
Query Builder