Lucene search
K

2668 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-25632

Malicious code in bioql PyPI...

8.1CVSS8.1AI score0.00458EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-37634

Malicious code in bioql PyPI...

8.8CVSS6.5AI score0.0028EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-47368

Malicious code in bioql PyPI...

10CVSS6.6AI score0.00317EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-29841

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.07359EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.37 views

EUVD-2025-24827

Malicious code in bioql PyPI...

7.3CVSS6.5AI score0.00115EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/10/01 11:25 p.m.3 views

SUSE CVE-2025-11226

ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program...

5.3CVSS9.3AI score0.00181EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/10/01 9:30 a.m.13 views

QOS.CH logback-core is vulnerable to Arbitrary Code Execution through file processing

QOS.CH logback-core versions up to 1.5.18 contain an ACE vulnerability in conditional configuration file processing in Java applications. This vulnerability allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting a malicious environment...

7CVSS7.7AI score0.00181EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2025/10/01 9:30 a.m.3 views

GHSA-25QH-J22F-PWP8 QOS.CH logback-core is vulnerable to Arbitrary Code Execution through file processing

QOS.CH logback-core versions up to 1.5.18 contain an ACE vulnerability in conditional configuration file processing in Java applications. This vulnerability allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting a malicious environment...

5.9CVSS7.4AI score0.00181EPSS
Exploits0References7
NVD
NVD
added 2025/10/01 8:15 a.m.6 views

CVE-2025-11226

ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program...

7CVSS0.00181EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2025/10/01 7:26 a.m.2 views

CVE-2025-11226

ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program...

7CVSS6.1AI score0.00181EPSS
Exploits0
Cvelist
Cvelist
added 2025/10/01 7:26 a.m.11 views

CVE-2025-11226 Conditional processing of logback.xml configuration file, in conjuction with Spring Framework and Janino

ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program...

7CVSS0.00181EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/01 7:26 a.m.11 views

CVE-2025-11226 Conditional processing of logback.xml configuration file, in conjuction with Spring Framework and Janino

ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program...

7CVSS7.4AI score0.00181EPSS
Exploits0References2
CVE
CVE
added 2025/10/01 7:26 a.m.49 views

CVE-2025-11226

CVE-2025-11226 is an ACE vulnerability in logback-core’s conditional configuration file processing. The attackable path is present in Java applications using logback-core versions up to 1.5.18 (some sources reference up to 1.5.34); exploitation can enable arbitrary code execution by compromising ...

7CVSS7.4AI score0.00181EPSS
Exploits0References2
GitLab Advisory Database
GitLab Advisory Database
added 2025/10/01 12:0 a.m.8 views

QOS.CH logback-core is vulnerable to Arbitrary Code Execution through file processing

QOS.CH logback-core versions up to 1.5.18 contain an ACE vulnerability in conditional configuration file processing in Java applications. This vulnerability allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting a malicious environment...

7CVSS7.3AI score0.00181EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2025/09/30 1:17 p.m.14 views

CVE-2025-9232 Out-of-bounds read in HTTP client no_proxy handling

Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'noproxy' environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. Impact summary: An out-of-bounds read can trigger a crash...

0.02016EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/09/30 12:0 a.m.4 views

NewStart CGSL MAIN 6.06 : dbus Multiple Vulnerabilities (NS-SA-2025-0231)

The remote NewStart CGSL host, running version MAIN 6.06, has dbus packages installed that are affected by multiple vulnerabilities: - dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 and in some, less common, uses o...

7.1CVSS7AI score0.04514EPSS
Exploits9References33
Snyk
Snyk
added 2025/09/29 5:53 p.m.5 views

XML Injection

Overview Affected versions of this package are vulnerable to XML Injection when processing XML data with tags containing references to system properties or environment variables. An attacker can access sensitive information, such as credentials, file paths, or system configuration details, by...

8.7CVSS7.2AI score0.00458EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/09/22 3:36 p.m.5 views

Moderate: Red Hat Security Advisory: Red Hat build of Keycloak 26.2.9 Security Update

New Red Hat build of Keycloak 26.2.9 packages are available from the Customer Portal Red Hat build of Keycloak 26.2.9 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Security fixes...

4.9CVSS5.8AI score0.00727EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/09/22 3:35 p.m.3 views

Moderate: Red Hat Security Advisory: Red Hat build of Keycloak 26.2.9 Images Security Update

New images are available for Red Hat build of Keycloak 26.2.9 and Red Hat build of Keycloak 26.2.9 Operator, running on OpenShift Container Platform Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat...

4.9CVSS5.8AI score0.00727EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/20 1:57 a.m.16 views

CVE-2025-10634

A weakness has been identified in D-Link DIR-823X 240126/240802/250416. The impacted element is the function sub412E7C of the file /usr/sbin/goahead of the component Environment Variable Handler. This manipulation of the argument terminaladdr/serverip/serverport causes command injection. The atta...

8.8CVSS6.5AI score0.07359EPSS
Exploits1References1
Rows per page
Query Builder