Lucene search
K

17051 matches found

Tenable Nessus
Tenable Nessus
added 2025/12/05 12:0 a.m.2 views

Microsoft Edge (Chromium) < 143.0.3650.66 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 143.0.3650.66. It is, therefore, affected by multiple vulnerabilities as referenced in the December 4, 2025 advisory. - Inappropriate implementation in WebRTC in Google Chrome prior to 143.0.7499.41 allowed a remote...

8.8CVSS6.7AI score0.00386EPSS
Exploits0References27
Tenable Nessus
Tenable Nessus
added 2025/12/05 12:0 a.m.7 views

AlmaLinux 10 : buildah (ALSA-2025:22012)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:22012 advisory. runc: container escape and denial of service due to arbitrary write gadgets and procfs write redirects CVE-2025-52881 golang: archive/tar: Unbounded...

7.5CVSS7.4AI score0.00526EPSS
Exploits1References4
OSV
OSV
added 2025/12/04 5:49 p.m.7 views

USN-7874-3 linux-iot vulnerabilities

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...

7.8CVSS7AI score0.01345EPSS
Exploits8References9
OpenVAS
OpenVAS
added 2025/12/04 12:0 a.m.1 views

Apache HTTP Server 2.4.x < 2.4.66 Improper Neutralization Vulnerability - Linux

Apache HTTP Server is prone to an improper neutralization vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

6.5CVSS6.8AI score0.00758EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/12/04 12:0 a.m.3 views

Oracle Linux 10 : podman (ELSA-2025-20983)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-20983 advisory. - fixes 'Minor Incident CVE-2025-52881 podman: container escape and denial of service due to arbitrary write gadgets and procfs write redirects...

8.1CVSS7AI score0.01008EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/12/04 12:0 a.m.16 views

Oracle Linux 10 : buildah (ELSA-2025-22012)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-22012 advisory. - fixes 'Minor Incident CVE-2025-52881 buildah: container escape and denial of service due to arbitrary write gadgets and procfs write redirects...

7.5CVSS7.2AI score0.00526EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/12/04 12:0 a.m.4 views

Oracle Linux 10 : podman (ELSA-2025-21220)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-21220 advisory. - fixes 'Minor Incident CVE-2025-52881 podman: container escape and denial of service due to arbitrary write gadgets and procfs write redirects rhel-10.1.z'...

7.5CVSS6.8AI score0.00526EPSS
Exploits1References2
OSV
OSV
added 2025/12/03 8:41 p.m.3 views

OPENSUSE-SU-2025-20135-1 Security update for mozjs128

This update for mozjs128 fixes the following issues: - Update to version 128.14.0 bsc1248162: + CVE-2025-9179: Sandbox escape due to invalid pointer in the Audio/Video: GMP component + CVE-2025-9180: Same-origin policy bypass in the Graphics: Canvas2D component + CVE-2025-9181: Uninitialized memo...

9.8CVSS7.6AI score0.03057EPSS
Exploits0References27
OSV
OSV
added 2025/12/03 8:38 p.m.3 views

SUSE-SU-2025:21170-1 Security update for mozjs128

This update for mozjs128 fixes the following issues: - Update to version 128.14.0 bsc1248162: + CVE-2025-9179: Sandbox escape due to invalid pointer in the Audio/Video: GMP component + CVE-2025-9180: Same-origin policy bypass in the Graphics: Canvas2D component + CVE-2025-9181: Uninitialized memo...

9.8CVSS6.4AI score0.03057EPSS
Exploits0References28
NVD
NVD
added 2025/12/03 5:15 p.m.3 views

CVE-2025-20384

In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4, 10.0.2503.6, and 9.3.2411.117.125, an unauthenticated attacker can inject American National Standards Institute ANSI escape codes into Splunk log files due to improper...

5.3CVSS0.00339EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/12/03 5:0 p.m.2 views

CVE-2025-20384 Unauthenticated Log Injection in Splunk Enterprise

In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4, 10.0.2503.6, and 9.3.2411.117.125, an unauthenticated attacker can inject American National Standards Institute ANSI escape codes into Splunk log files due to improper...

5.3CVSS6.6AI score0.00339EPSS
Exploits1References1
CVE
CVE
added 2025/12/03 5:0 p.m.18 views

CVE-2025-20384

CVE-2025-20384 affects Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, 9.2.10 and Splunk Cloud Platform below 10.1.2507.4, 10.0.2503.6, 9.3.2411.117.125. An unauthenticated attacker can inject ANSI escape codes into Splunk log files via improper validation at the /en-US/static/ endpoint, p...

5.3CVSS6.6AI score0.00339EPSS
Exploits1References1Affected Software2
Cvelist
Cvelist
added 2025/12/03 5:0 p.m.14 views

CVE-2025-20384 Unauthenticated Log Injection in Splunk Enterprise

In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4, 10.0.2503.6, and 9.3.2411.117.125, an unauthenticated attacker can inject American National Standards Institute ANSI escape codes into Splunk log files due to improper...

5.3CVSS0.00339EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2025/12/03 12:25 a.m.2 views

SUSE CVE-2025-13632

Inappropriate implementation in DevTools in Google Chrome prior to 143.0.7499.41 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. Chromium security severity: High...

5.4CVSS6.9AI score0.00198EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/03 12:0 a.m.2 views

PT-2025-50583

Name of the Vulnerable Software and Affected Versions glib affected versions not specified Description A flaw exists in glib that can lead to a denial-of-service DoS condition. The issue is a heap buffer overflow caused by an integer overflow within the escape byte string function, part of GLib's...

7.8CVSS6.9AI score0.00504EPSS
Exploits0References120
Tenable Nessus
Tenable Nessus
added 2025/12/03 12:0 a.m.5 views

RockyLinux 9 : podman (RLSA-2025:21702)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:21702 advisory. runc: container escape and denial of service due to arbitrary write gadgets and procfs write redirects CVE-2025-52881 Tenable has extracted the preceding...

7.5CVSS7AI score0.00526EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/12/03 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-13632

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in DevTools in Google Chrome prior to 143.0.7499.41 allowed an attacker who convinced a user to install a malicious extension to...

5.4CVSS5.5AI score0.00198EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/12/03 12:0 a.m.2 views

Splunk Enterprise 9.2.0 < 9.2.10, 9.3.0 < 9.3.8, 9.4.0 < 9.4.6, 10.0 < 10.0.1 (SVD-2025-1203)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2025-1203 advisory. - In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4,...

5.3CVSS6AI score0.00339EPSS
Exploits1References2
OSV
OSV
added 2025/12/02 11:7 p.m.5 views

CLSA-2025-1764716872 tomcat: Fix of CVE-2025-31651

CVE-2025-31651: fix improper neutralization of escape, meta, or control sequences...

9.8CVSS7.2AI score0.0418EPSS
Exploits1References1
Snyk
Snyk
added 2025/12/02 9:31 p.m.2 views

SQL Injection

Overview asyncmy is an A fast asyncio MySQL driver Affected versions of this package are vulnerable to SQL Injection through the escapedict function. An attacker can execute arbitrary SQL commands by using untrusted JSON input because keys are not properly escaped. Remediation A fix was pushed in...

9.8CVSS8.2AI score0.00359EPSS
Exploits0References2
Rows per page
Query Builder