Lucene search
K

259 matches found

CNNVD
CNNVD
added 2025/03/10 12:0 a.m.4 views

Zhide Modern Farm Digital Integrated Management System 安全漏洞

Zhide Modern Farm Digital Integrated Management System is a modern farm digital integrated management system from Zhide, China. A security vulnerability exists in Zhide Modern Farm Digital Integrated Management System version 1.0, which originates from a vulnerability that could lead to the...

7.5CVSS5.5AI score0.00568EPSS
Exploits1References6
HackRead
HackRead
added 2025/03/07 9:15 p.m.10 views

EncryptHub’s OPSEC Failures Expose Its Malware Operation

Outpost24's KrakenLabs reveals EncryptHub's multi-stage malware campaign, exposing their infrastructure and tactics through critical OPSEC failures. Learn how…...

7.4AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/03/06 8:32 p.m.5 views

Malicious code in testnet-contracts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware edd3718e0e37096149d4d64985025d95be3edcd077f04cf23ed0165b2b8b8b8d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/06 12:0 a.m.7 views

PT-2025-5869 · Ibm · Ibm Entirex

Name of the Vulnerable Software and Affected Versions: IBM EntireX version 11.1 Description: The issue is related to an XML external entity injection XXE attack when processing XML data. An authenticated attacker could exploit this to expose sensitive information or consume memory resources...

7.5CVSS6.8AI score0.00362EPSS
Exploits0References5
NVD
NVD
added 2025/02/03 7:15 p.m.7 views

CVE-2024-12510

If LDAP settings are accessed, authentication could be redirected to another server, potentially exposing credentials. This requires admin access and an active LDAP setup...

6.7CVSS0.00923EPSS
Exploits0References1
CVE
CVE
added 2025/01/30 9:21 a.m.63 views

CVE-2025-0861

CVE-2025-0861 affects the VR-Frases (collect & share quotes) WordPress plugin. The vulnerability is a SQL Injection in multiple parameters for all versions up to and including 3.0.1, caused by insufficient escaping and lack of proper query preparation. Unauthenticated attackers could append addit...

7.2CVSS5.3AI score0.00473EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2025/01/09 12:0 a.m.5 views

Drupal 安全漏洞

Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal Swift Mailer, which stems from the inclusion of an Expose Danger method or feature vulnerability...

9.1CVSS6.8AI score0.00366EPSS
Exploits0References1
CVE
CVE
added 2024/12/31 2:19 a.m.145 views

CVE-2024-45497

The CVE-2024-45497 entry describes a flaw in the OpenShift build process where a docker-build container mounts the node’s /var/lib/kubelet/config.json via a hostPath volume into the build pod. The config.json contains credentials for pulling private images, and the mount is not read-only, enablin...

7.6CVSS7.3AI score0.00548EPSS
Exploits0References9
OSV
OSV
added 2024/12/20 8:36 p.m.11 views

GO-2024-3109 The Bare Metal Operator (BMO) can expose particularly named secrets from other namespaces via BMH CRD in github.com/metal3-io/baremetal-operator

The Bare Metal Operator BMO can expose particularly named secrets from other namespaces via BMH CRD in github.com/metal3-io/baremetal-operator...

4.9CVSS5.3AI score0.00574EPSS
Exploits0References8
CNNVD
CNNVD
added 2024/12/10 12:0 a.m.4 views

SAP NetWeaver Application Server 安全漏洞

SAP NetWeaver Application Server is an application server from SAP, Germany. A security vulnerability exists in SAP NetWeaver Application Server that originates from allowing an authenticated attacker to craft a Remote Function Call RFC request to a restricted destination, which could be used to...

8.5CVSS6.4AI score0.00606EPSS
Exploits0References2
OSV
OSV
added 2024/11/22 4:15 p.m.5 views

CVE-2024-37046

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read the contents of unexpected files and expose sensitive data. We have already fixed the...

4.9CVSS5.8AI score0.00676EPSS
Exploits0References1
CVE
CVE
added 2024/11/19 3:32 p.m.52 views

CVE-2024-52582

Cachi2 (open source CLI) is affected up to version 0.13.x; when an unhandled exception occurs, the tool logs function locals, potentially exposing secrets in CI/build logs. Version 0.14.0 includes a patch to fix this. No other exploit details are provided in the documents. Remediation: upgrade to...

4.7CVSS4.7AI score0.00179EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2024/11/14 12:0 a.m.7 views

The vulnerability of Adobe After Effects’ video and dynamic image editing software arises from operations that go beyond buffer boundaries in memory, allowing attackers to gain unauthorized access to protected information.

The vulnerability of Adobe After Effects video and dynamic image editing software relates to the execution of operations beyond buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information through a specially created file...

5.5CVSS5.8AI score0.00258EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2024/11/12 9:21 a.m.3 views

go-retryablehttp: url might write sensitive information to log file

A vulnerability was found in go-retryablehttp. The package may suffer from a lack of input sanitization by not cleaning up URL data when writing to the logs. This issue could expose sensitive authentication information...

6CVSS7.1AI score0.00358EPSS
Exploits0References4
OSV
OSV
added 2024/09/25 3:15 p.m.2 views

CVE-2024-30128

HCL Nomad server on Domino is affected by an open proxy vulnerability in which an unauthenticated attacker can mask their original source IP address. This may enable an attacker to trick the user into exposing sensitive information...

6.5CVSS5.8AI score0.00375EPSS
Exploits0References1
OSV
OSV
added 2024/09/11 8:42 p.m.16 views

MGASA-2024-0294 Updated expat packages fix security vulnerabilities

An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XMLParseBuffer. CVE-2024-45490 An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms where UINTMAX equals SIZEMAX...

9.8CVSS8.8AI score0.01686EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2024/09/11 12:0 a.m.8 views

The vulnerability of the software platforms for developing and managing Magento Open Source and Adobe Commerce online stores lies in the lack of authentication procedures. This allows attackers to bypass security restrictions and expose sensitive information.

The vulnerability of the Magento Open Source and Adobe Commerce software platforms for developing and managing online stores is related to deficiencies in authentication procedures. Exploiting this vulnerability can allow a malicious actor to bypass security restrictions and expose sensitive...

4.3CVSS5.5AI score0.00442EPSS
Exploits0References2Affected Software2
OSV
OSV
added 2024/09/07 8:15 a.m.15 views

PYSEC-2024-266

Example DAG: exampleinleteventextra.py shipped with Apache Airflow version 2.10.0 has a vulnerability that allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. If you used that example as the base of your DAGs - please review if you have not copied the...

8.8CVSS6.1AI score0.01237EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/08/01 9:18 p.m.28 views

CVE-2024-32931 exacqVison - Token Disclosed in URL

Under certain circumstances the exacqVision Web Service can expose authentication token details within communications...

5.7CVSS0.00376EPSS
Exploits0References2
OSV
OSV
added 2024/08/01 3:32 p.m.58 views

GHSA-Q22Q-2RRF-M27P Mattermost allows unsolicited invites to expose access to local channels

Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5 and 9.8.x = 9.8.1 fail to disallow unsolicited invites to expose access to local channels, when shared channels are enabled, which allows a malicious remote to send an invite with the ID of an existing local channel, and that local...

9.3CVSS8.7AI score0.00363EPSS
Exploits0References3
Rows per page
Query Builder