Lucene search
K

17055 matches found

Veracode
Veracode
added 2025/11/28 5:6 a.m.6 views

Sanitization Bypass

python-ldap is vulnerable to Sanitization Bypass. The vulnerability is due to improper escaping in escapefilterchars when escapemode=1 is used, where crafted list or dict inputs bypass character escaping due to missing type validation, and attackers can exploit this to inject malicious LDAP filte...

6.9CVSS6.9AI score0.00294EPSS
Exploits1References5Affected Software2
SUSE CVE
SUSE CVE
added 2025/11/28 12:27 a.m.4 views

SUSE CVE-2025-13601

A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the gescapeuristring function. If the string to escape contains a very large number of unacceptable characters which would need escaping, the calculation of the length of the escaped string...

7.7CVSS7.3AI score0.00306EPSS
Exploits1References18
OSV
OSV
added 2025/11/27 3:43 p.m.4 views

OPENSUSE-SU-2025:20106-1 Security update for tomcat11

This update for tomcat11 fixes the following issues: Update to Tomcat 11.0.13: - CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT is enabled bsc1252753. - CVE-2025-55754: Fixed Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomc...

9.6CVSS6.8AI score0.66535EPSS
Exploits4References6
RedHat Linux
RedHat Linux
added 2025/11/27 11:8 a.m.9 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.16.53 bug fix and security update

Red Hat OpenShift Container Platform release 4.16.53 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.16. Red Hat Product Security has rated this update as having a...

8.4CVSS7.1AI score0.00673EPSS
Exploits4References4
Veracode
Veracode
added 2025/11/27 8:23 a.m.5 views

Remote Code Execution (RCE)

Happy DOM is vulnerable to Remote Code Execution RCE. The vulnerability is due to the use of a non-isolated Node.js VM context with JavaScript evaluation enabled by default, which allows an attacker to run untrusted code that can escape the sandbox—potentially gaining access to process-level...

7.2CVSS7.3AI score0.00599EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2025/11/26 3:15 p.m.3 views

CVE-2025-13601

A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the gescapeuristring function. If the string to escape contains a very large number of unacceptable characters which would need escaping, the calculation of the length of the escaped string...

7.7CVSS5.5AI score0.00306EPSS
Exploits1References29
OSV
OSV
added 2025/11/26 3:15 p.m.4 views

UBUNTU-CVE-2025-13601

A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the gescapeuristring function. If the string to escape contains a very large number of unacceptable characters which would need escaping, the calculation of the length of the escaped string...

7.7CVSS6.9AI score0.00306EPSS
Exploits1References6
Debian CVE
Debian CVE
added 2025/11/26 2:44 p.m.4 views

CVE-2025-13601

A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the gescapeuristring function. If the string to escape contains a very large number of unacceptable characters which would need escaping, the calculation of the length of the escaped string...

7.7CVSS6.8AI score0.00306EPSS
Exploits1
OSV
OSV
added 2025/11/26 8:12 a.m.5 views

OPENSUSE-SU-2025:20089-1 Security update for mysql-connector-java

This update for mysql-connector-java fixes the following issues: - Upgrade to Version 9.3.0 - CVE-2025-30706: Fixed Connector/J vulnerability bsc1241693 - Updatable ResultSet fails with 'Parameter index out of range'. - Fixed Resultset UPDATE methods not checking validity of ResultSet. -...

7.5CVSS7.2AI score0.0052EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/11/26 12:0 a.m.3 views

Oracle Linux 9 : podman (ELSA-2025-21702)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-21702 advisory. - fixes 'Minor Incident CVE-2025-52881 podman: container escape and denial of service due to arbitrary write gadgets and procfs write redirects rhel-9.7.z' -...

8.1CVSS6.9AI score0.01008EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2025/11/25 8:2 a.m.9 views

Important: Red Hat Security Advisory: podman security update

An update for podman is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

7.5CVSS7.1AI score0.00526EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2025/11/25 8:2 a.m.4 views

runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects

A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process...

7.5CVSS6.6AI score0.00526EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2025/11/25 5:23 a.m.6 views

runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects

A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process...

7.5CVSS6.6AI score0.00526EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2025/11/25 5:3 a.m.5 views

runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects

A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process...

7.5CVSS6.6AI score0.00526EPSS
Exploits1References6
Oracle linux
Oracle linux
added 2025/11/25 12:0 a.m.6 views

podman security update

5.6.0-7.0.1 - Add devices on container startup, not on creation - overlay: Put should ignore ENINVAL for Unmount Orabug: 36234694 - Drop nmap-ncat requirement and skip ignore-socket test case Orabug: 34117404 6:5.6.0-7 - update to the latest content of...

7.3CVSS7.3AI score0.01008EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/11/25 12:0 a.m.4 views

AlmaLinux 10 : podman (ALSA-2025:21220)

The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:21220 advisory. runc: container escape and denial of service due to arbitrary write gadgets and procfs write redirects CVE-2025-52881 Tenable has extracted the preceding...

7.5CVSS7AI score0.00526EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/11/25 12:0 a.m.3 views

Fedora 42 : python-mkdocs-include-markdown-plugin (2025-cb26113de5)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-cb26113de5 advisory. v7.2.0 New features - Add new argument order to sort multiple inclusions. v7.1.8 Bug fixes - Escape substitution placeholders to prevent malformed...

6.5CVSS5.6AI score0.00318EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/11/25 12:0 a.m.6 views

RHEL 9 : buildah (RHSA-2025:22011)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:22011 advisory. The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a...

7.5CVSS7AI score0.00526EPSS
Exploits1References6
OSV
OSV
added 2025/11/25 12:0 a.m.5 views

ALSA-2025:22011 Important: buildah security update

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...

7.5CVSS6.9AI score0.00526EPSS
Exploits1References6
AlmaLinux
AlmaLinux
added 2025/11/25 12:0 a.m.3 views

Important: buildah security update

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...

7.5CVSS7AI score0.00526EPSS
Exploits1References6
Rows per page
Query Builder