Lucene search
K

225 matches found

OSV
OSV
added 2025/07/22 12:0 a.m.7 views

CVE-2025-51480

Path Traversal vulnerability in onnx.externaldatahelper.saveexternaldata in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted externaldata.location paths containing traversal sequences, bypassing intended directory restrictions...

8.8CVSS7AI score0.01168EPSS
Exploits2References7
BDU FSTEC
BDU FSTEC
added 2025/07/11 12:0 a.m.7 views

The vulnerability of BitLocker’s data protection function in the Microsoft Windows operating system allows attackers to circumvent existing security restrictions.

The vulnerability of BitLocker’s data protection function in the Microsoft Windows operating system relates to the loading of unreliable external data alongside reliable data. Exploiting this vulnerability could allow an attacker to circumvent existing security restrictions...

7.2CVSS5.9AI score0.00548EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2025/06/13 12:0 a.m.8 views

The vulnerability of the software client service for Cisco WebEx Meetings allows a perpetrator to compromise the integrity of the protected information.

The vulnerability of Cisco Webex Meetings software client services relates to the loading of unreliable external data alongside reliable data. Exploiting this vulnerability allows a malicious actor to compromise the integrity of protected information...

5CVSS5.5AI score0.00167EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/05/15 12:0 a.m.8 views

The vulnerability of the UrlMon component in Windows operating systems allows attackers to circumvent existing security restrictions.

The vulnerability of the UrlMon component in Windows operating systems relates to the loading of unreliable external data alongside reliable data. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions remotely...

7.6CVSS7.7AI score0.00371EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2025/05/08 12:0 a.m.6 views

Defending against Indirect Prompt Injection by Instruction Detection

The integration of Large Language Models LLMs with external sources is becoming increasingly common, with Retrieval-Augmented Generation RAG being a prominent example. However, this integration introduces vulnerabilities of Indirect Prompt Injection IPI attacks, where hidden instructions embedded...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/04/29 12:0 a.m.4 views

Enhancing Vulnerability Reports with Automated and Augmented Description Summarization

Public vulnerability databases, such as the National Vulnerability Database NVD, document vulnerabilities and facilitate threat information sharing. However, they often suffer from short descriptions and outdated or insufficient information. In this paper, we introduce Zad, a system designed to...

7AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2025/04/28 12:0 a.m.9 views

The vulnerability of Microsoft Office, Word, and 365 Apps for Enterprise packages lies in the fact that they allow the loading of unreliable external data alongside reliable data. This allows attackers to circumvent existing security restrictions.

The vulnerability of Microsoft Office, Word, and 365 Apps for Enterprise packages lies in the loading of unreliable external data alongside reliable data. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions remotely...

7.6CVSS7.5AI score0.00425EPSS
Exploits0References2
Snyk
Snyk
added 2025/04/15 9:19 p.m.1 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via Service Call functionality. A user with sufficient privileges to create Kyverno policies can expose all data from a Kubernetes cluster using a malicious Kyverno policy that makes external service cal...

7.1CVSS6.9AI score
Exploits0References2
Snyk
Snyk
added 2025/04/15 9:19 p.m.1 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via Service Call functionality. A user with sufficient privileges to create Kyverno policies can expose all data from a Kubernetes cluster using a malicious Kyverno policy that makes external service cal...

7.1CVSS6.9AI score
Exploits0References2
Snyk
Snyk
added 2025/04/15 9:19 p.m.1 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via Service Call functionality. A user with sufficient privileges to create Kyverno policies can expose all data from a Kubernetes cluster using a malicious Kyverno policy that makes external service cal...

7.1CVSS6.9AI score
Exploits0References2
Snyk
Snyk
added 2025/04/15 9:19 p.m.2 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via Service Call functionality. A user with sufficient privileges to create Kyverno policies can expose all data from a Kubernetes cluster using a malicious Kyverno policy that makes external service cal...

7.1CVSS6.9AI score
Exploits0References2
Snyk
Snyk
added 2025/04/12 3:41 a.m.1 views

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling when processing queries. An attacker can smuggle another query packet into the connection stream by using a large, uncompressed malicious external data. Note: This is only exploitable if the attacker controls the...

5.9CVSS7AI score0.00342EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/04/12 3:31 a.m.4 views

SUSE CVE-2025-1386

When using the ch-go library, under a specific condition when the query includes a large, uncompressed malicious external data, it is possible for an attacker in control of such data to smuggle another query packet into the connection stream...

5.3CVSS6.8AI score0.00342EPSS
Exploits0References4
NVD
NVD
added 2025/04/11 5:15 a.m.27 views

CVE-2025-1386

When using the ch-go library, under a specific condition when the query includes a large, uncompressed malicious external data, it is possible for an attacker in control of such data to smuggle another query packet into the connection stream...

5.9CVSS0.00342EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/11 4:27 a.m.26 views

CVE-2025-1386 Query smuggling in ch-go library

When using the ch-go library, under a specific condition when the query includes a large, uncompressed malicious external data, it is possible for an attacker in control of such data to smuggle another query packet into the connection stream...

5.9CVSS0.00342EPSS
Exploits0References1
OSV
OSV
added 2025/04/11 4:27 a.m.6 views

CVE-2025-1386 Query smuggling in ch-go library

When using the ch-go library, under a specific condition when the query includes a large, uncompressed malicious external data, it is possible for an attacker in control of such data to smuggle another query packet into the connection stream...

5.9CVSS5.9AI score0.00342EPSS
Exploits0References4
CVE
CVE
added 2025/04/11 4:27 a.m.1894 views

CVE-2025-1386

CVE-2025-1386 concerns the ch-go library from github.com/ClickHouse/ch-go. The issue is a vulnerability in which, under a specific condition where a query includes large, uncompressed external data, an attacker who controls that data can smuggle another query packet into the same connection strea...

5.9CVSS6.6AI score0.00342EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/04/11 12:0 a.m.5 views

ClickHouse 环境问题漏洞

ClickHouse is a ClickHouse open source one of the fastest and most resource efficient open source databases for real-time applications and analytics. A security vulnerability exists in ClickHouse that originates when a query contains large uncompressed malicious external data, which allows an...

5.9CVSS3.9AI score0.00342EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2024/12/04 12:0 a.m.6 views

The vulnerability of the Untrusted Project Mode feature in the JetBrains WebStorm integrated development environment allows a hacker to execute arbitrary code.

The vulnerability of the Untrusted Project Mode feature in the JetBrains WebStorm integrated development environment involves loading unreliable external data alongside reliable data. Exploiting this vulnerability allows an attacker to execute arbitrary code...

6.3CVSS5.8AI score0.00113EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/07/05 3:30 a.m.34 views

GHSA-R4V4-W9PV-6FPH OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access

An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to...

7.1CVSS5.8AI score0.00835EPSS
Exploits0References15
Rows per page
Query Builder