Lucene search
K

17263 matches found

OSV
OSV
added 2025/12/03 8:38 p.m.4 views

SUSE-SU-2025:21170-1 Security update for mozjs128

This update for mozjs128 fixes the following issues: - Update to version 128.14.0 bsc1248162: + CVE-2025-9179: Sandbox escape due to invalid pointer in the Audio/Video: GMP component + CVE-2025-9180: Same-origin policy bypass in the Graphics: Canvas2D component + CVE-2025-9181: Uninitialized memo...

9.8CVSS6.4AI score0.03057EPSS
Exploits0References28
NVD
NVD
added 2025/12/03 5:15 p.m.3 views

CVE-2025-20384

In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4, 10.0.2503.6, and 9.3.2411.117.125, an unauthenticated attacker can inject American National Standards Institute ANSI escape codes into Splunk log files due to improper...

5.3CVSS0.00339EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/12/03 5:0 p.m.2 views

CVE-2025-20384 Unauthenticated Log Injection in Splunk Enterprise

In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4, 10.0.2503.6, and 9.3.2411.117.125, an unauthenticated attacker can inject American National Standards Institute ANSI escape codes into Splunk log files due to improper...

5.3CVSS6.6AI score0.00339EPSS
Exploits1References1
CVE
CVE
added 2025/12/03 5:0 p.m.18 views

CVE-2025-20384

CVE-2025-20384 affects Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, 9.2.10 and Splunk Cloud Platform below 10.1.2507.4, 10.0.2503.6, 9.3.2411.117.125. An unauthenticated attacker can inject ANSI escape codes into Splunk log files via improper validation at the /en-US/static/ endpoint, p...

5.3CVSS6.6AI score0.00339EPSS
Exploits1References1Affected Software2
Cvelist
Cvelist
added 2025/12/03 5:0 p.m.14 views

CVE-2025-20384 Unauthenticated Log Injection in Splunk Enterprise

In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4, 10.0.2503.6, and 9.3.2411.117.125, an unauthenticated attacker can inject American National Standards Institute ANSI escape codes into Splunk log files due to improper...

5.3CVSS0.00339EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2025/12/03 12:25 a.m.2 views

SUSE CVE-2025-13632

Inappropriate implementation in DevTools in Google Chrome prior to 143.0.7499.41 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. Chromium security severity: High...

5.4CVSS6.9AI score0.00198EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/12/03 12:0 a.m.2 views

Splunk Enterprise 9.2.0 < 9.2.10, 9.3.0 < 9.3.8, 9.4.0 < 9.4.6, 10.0 < 10.0.1 (SVD-2025-1203)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2025-1203 advisory. - In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4,...

5.3CVSS6AI score0.00339EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/12/03 12:0 a.m.5 views

RockyLinux 9 : podman (RLSA-2025:21702)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:21702 advisory. runc: container escape and denial of service due to arbitrary write gadgets and procfs write redirects CVE-2025-52881 Tenable has extracted the preceding...

7.5CVSS7AI score0.00526EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/12/03 12:0 a.m.3 views

PT-2025-50583

Name of the Vulnerable Software and Affected Versions glib affected versions not specified Description A flaw exists in glib that can lead to a denial-of-service DoS condition. The issue is a heap buffer overflow caused by an integer overflow within the escape byte string function, part of GLib's...

7.8CVSS6.9AI score0.00504EPSS
Exploits0References120
Tenable Nessus
Tenable Nessus
added 2025/12/03 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-13632

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in DevTools in Google Chrome prior to 143.0.7499.41 allowed an attacker who convinced a user to install a malicious extension to...

5.4CVSS5.5AI score0.00198EPSS
Exploits0References2
OSV
OSV
added 2025/12/02 11:7 p.m.5 views

CLSA-2025-1764716872 tomcat: Fix of CVE-2025-31651

CVE-2025-31651: fix improper neutralization of escape, meta, or control sequences...

9.8CVSS7.2AI score0.0418EPSS
Exploits1References1
Snyk
Snyk
added 2025/12/02 9:31 p.m.2 views

SQL Injection

Overview asyncmy is an A fast asyncio MySQL driver Affected versions of this package are vulnerable to SQL Injection through the escapedict function. An attacker can execute arbitrary SQL commands by using untrusted JSON input because keys are not properly escaped. Remediation A fix was pushed in...

9.8CVSS8.2AI score0.00359EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/02 9:31 p.m.4 views

EUVD-2025-200317

Inappropriate implementation in DevTools in Google Chrome prior to 143.0.7499.41 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. Chromium security severity: High...

5.4CVSS6.4AI score0.00198EPSS
Exploits0References3
NVD
NVD
added 2025/12/02 7:15 p.m.1 views

CVE-2025-13632

Inappropriate implementation in DevTools in Google Chrome prior to 143.0.7499.41 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. Chromium security severity: High...

5.4CVSS0.00198EPSS
Exploits0References2
OSV
OSV
added 2025/12/02 7:15 p.m.2 views

CVE-2025-13632

Inappropriate implementation in DevTools in Google Chrome prior to 143.0.7499.41 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. Chromium security severity: High...

5.4CVSS5.8AI score
Exploits0References2
Cvelist
Cvelist
added 2025/12/02 7:0 p.m.7 views

CVE-2025-13632

Inappropriate implementation in DevTools in Google Chrome prior to 143.0.7499.41 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. Chromium security severity: High...

0.00198EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/02 7:0 p.m.1 views

CVE-2025-13632

Inappropriate implementation in DevTools in Google Chrome prior to 143.0.7499.41 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. Chromium security severity: High...

6.5AI score0.00198EPSS
Exploits0References2
CVE
CVE
added 2025/12/02 7:0 p.m.44 views

CVE-2025-13632

CVE-2025-13632 affects Google Chrome/Chromium DevTools, where an inappropriate DevTools implementation allowed sandbox escape when a user installed a crafted malicious extension. The vulnerable component is DevTools in Chrome, with exploitation tied to extension installation. The issue stems from...

5.4CVSS6.5AI score0.00198EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2025/12/02 6:45 a.m.2 views

SQL Injection

Overview smoosense is a Smoothly make sense of your large multi-modal datasets Affected versions of this package are vulnerable to SQL Injection via improper handling of user-supplied filter values. The parseFilters.ts and helpers.ts utility functions fail to escape single quotes before...

8.3CVSS7.9AI score
Exploits0References3
Veracode
Veracode
added 2025/12/02 6:35 a.m.7 views

Improper Null Termination

python-ldap is vulnerable to an Improper Null Termination. The vulnerability is due to incorrect handling of the NUL byte in escapednchars, where it emits a backslash plus a literal NUL instead of the RFC-4514 \00, allowing attackers to supply crafted input that consistently breaks DN constructio...

6.9CVSS6.9AI score0.00418EPSS
Exploits1References5Affected Software2
Rows per page
Query Builder