Lucene search
K

17049 matches found

Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.3 views

PT-2025-49798

Name of the Vulnerable Software and Affected Versions Static Web Server versions 2.40.0 and below Description Static Web Server SWS is a web server designed for static web files. Versions 2.40.0 and below do not adequately prevent symbolic links symlinks from being used to access files and...

8.6CVSS6.6AI score0.00349EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/12/09 12:0 a.m.4 views

Mozilla Firefox ESR < 140.6

The version of Firefox ESR installed on the remote Windows host is prior to 140.6. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-94 advisory. - Privilege escalation in the Netmonitor component. This vulnerability affects Firefox 146 and Firefox ESR 140.6...

9.8CVSS8.7AI score0.00498EPSS
Exploits2References11
FreeBSD
FreeBSD
added 2025/12/09 12:0 a.m.11 views

Mozilla -- Sandbox escape

https://bugzilla.mozilla.org/showbug.cgi?id=1996473 reports: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component...

8CVSS7AI score0.00276EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/12/09 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2025-14322

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31,...

8CVSS7.3AI score0.00276EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/12/08 10:51 p.m.5 views

CVE-2025-65082

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through...

6.5CVSS6.5AI score0.00758EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/12/08 10:18 p.m.5 views

Static Web Server vulnerable to a symbolic link path traversal

Summary Symbolic links symlinks could be used to access files or directories outside the intended web root folder. Details SWS generally does not prevent symlinks from escaping the web server’s root directory. Therefore, if a malicious actor gains access to the web server’s root directory, they...

8.6CVSS6.9AI score0.00349EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/08 3:0 p.m.3 views

CVE-2025-13632

Inappropriate implementation in DevTools in Google Chrome prior to 143.0.7499.41 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. Chromium security severity: High...

8.8CVSS6.4AI score0.00198EPSS
Exploits0References5
CNVD
CNVD
added 2025/12/08 12:0 a.m.5 views

Google Chrome Improperly Implemented Vulnerability

Google Chrome is a web browser developed by Google Inc. Google Chrome suffers from a mal-implementation vulnerability that stems from a DevTools mal-implementation, which can be exploited by an attacker to sandbox escape by convincing a user to install a malicious extension, possibly using a...

5.4CVSS5.9AI score0.00198EPSS
Exploits0References1
Amazon
Amazon
added 2025/12/08 12:0 a.m.8 views

Medium: python-ldap

Issue Overview: python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method ldap.filter.escapefilterchars can be tricked to skip escaping of special characters when a crafted list or dict is supplied as the assertionvalue...

6.9CVSS6.7AI score0.00294EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/12/08 12:0 a.m.6 views

Amazon Linux 2 : glib2, --advisory ALAS2-2025-3094 (ALAS-2025-3094)

The version of glib2 installed on the remote host is prior to 2.56.1-9. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3094 advisory. A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the gescapeuristring...

7.7CVSS6.3AI score0.00306EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/12/08 12:0 a.m.10 views

Amazon Linux 2 : python-ldap, --advisory ALAS2-2025-3083 (ALAS-2025-3083)

The version of python-ldap installed on the remote host is prior to 2.4.15-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3083 advisory. python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitizatio...

6.9CVSS6.5AI score0.00294EPSS
Exploits1References4
GithubExploit
GithubExploit
added 2025/12/06 4:48 p.m.167 views

Exploit for CVE-2024-28397

CVE-2024-28397 Exploit Automation A Python automation script...

5.3CVSS7.3AI score0.04548EPSS
Exploits22
SUSE CVE
SUSE CVE
added 2025/12/06 12:23 a.m.5 views

SUSE CVE-2025-65082

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through...

5.5CVSS6.7AI score0.00758EPSS
Exploits0References12
EUVD
EUVD
added 2025/12/05 12:30 p.m.2 views

EUVD-2025-201404

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through...

6.5CVSS6.4AI score0.00758EPSS
Exploits0References3
OSV
OSV
added 2025/12/05 11:15 a.m.2 views

ALPINE-CVE-2025-65082

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through...

6.5CVSS6.9AI score0.00758EPSS
Exploits0References1
NVD
NVD
added 2025/12/05 11:15 a.m.6 views

CVE-2025-65082

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through...

6.5CVSS0.00758EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/12/05 10:46 a.m.5 views

CVE-2025-65082

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through...

6.5CVSS7AI score0.00758EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/12/05 12:0 a.m.7 views

AlmaLinux 10 : buildah (ALSA-2025:22012)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:22012 advisory. runc: container escape and denial of service due to arbitrary write gadgets and procfs write redirects CVE-2025-52881 golang: archive/tar: Unbounded...

7.5CVSS7.4AI score0.00526EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/12/05 12:0 a.m.2 views

Microsoft Edge (Chromium) < 143.0.3650.66 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 143.0.3650.66. It is, therefore, affected by multiple vulnerabilities as referenced in the December 4, 2025 advisory. - Inappropriate implementation in WebRTC in Google Chrome prior to 143.0.7499.41 allowed a remote...

8.8CVSS6.7AI score0.00386EPSS
Exploits0References27
Packet Storm
Packet Storm
added 2025/12/05 12:0 a.m.172 views

📄 Visual Studio 1.39.0 Remote Debugger

Visual Studio versions 1.30.0 through 1.39.0 had a remote debugger enabled by default that could cause multiple security issues. Code included to scan for any listeners...

7.8CVSS7.1AI score0.01045EPSS
Exploits1
Rows per page
Query Builder