Lucene search
K

3793 matches found

CNNVD
CNNVD
added 2025/02/11 12:0 a.m.3 views

Microsoft Surface 输入验证错误漏洞

Microsoft Surface is a tablet computer from Microsoft Corporation USA. An input validation error vulnerability exists in Microsoft Surface. An attacker exploiting this vulnerability could bypass certain features. The following products and versions are affected:Surface Laptop 4 with Intel...

7.1CVSS8.2AI score0.00823EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/11 12:0 a.m.5 views

Microsoft Windows Kernel 访问控制错误漏洞

Microsoft Windows Kernel is the kernel of the Windows operating system from Microsoft Corporation USA. An access control error vulnerability exists in Microsoft Windows Kernel. An attacker exploiting this vulnerability could bypass certain features. The following products and editions are...

7.8CVSS8.7AI score0.00526EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/11 12:0 a.m.2 views

PT-2025-6357 · Adobe · Commerce

Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.7-beta1 through 2.4.4-p11 and earlier Description: The issue is related to an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this...

5.4CVSS6.8AI score0.00505EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/02/11 12:0 a.m.5 views

Adobe Commerce 授权问题漏洞

Adobe Commerce is the United States of America Odobie Adobe company's a kind of merchants and brands for the world's leading digital commerce solutions. A security bypass vulnerability exists in Adobe Commerce, which can be exploited by an attacker to cause a security feature bypass...

8.2CVSS6.7AI score0.00627EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/05 1:10 a.m.13 views

CVE-2024-20895

Improper access control in Dar service prior to SMR Jul-2024 Release 1 allows local attackers to bypass restriction for calling SDP features...

7.7CVSS6.7AI score0.00143EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 12:50 a.m.11 views

CVE-2024-37287

A flaw allowing arbitrary code execution was discovered in Kibana. An attacker with access to ML and Alerting connector features, as well as write access to internal ML indices can trigger a prototype pollution vulnerability, ultimately leading to arbitrary code execution...

9.1CVSS7.6AI score0.01648EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2025/02/04 11:0 a.m.17 views

Watch Out For These 8 Cloud Security Shifts in 2025

As cloud security evolves in 2025 and beyond, organizations must adapt to both new and evolving realities, including the increasing reliance on cloud infrastructure for AI-driven workflows and the vast quantities of data being migrated to the cloud. But there are other developments that could...

7.3AI score
Exploits0
SUSE Linux
SUSE Linux
added 2025/02/03 8:54 a.m.4 views

Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 kernel was updated to receive various security bugfixes. This release includes the first live patch. The following security bugs were fixed: CVE-2023-52489: mm/sparsemem: fix race in accessing memorysection-usage bsc1221326. CVE-2023-52581: netfilter: nftables:...

8.7CVSS8.4AI score0.00793EPSS
Exploits11References1722
CNNVD
CNNVD
added 2025/02/03 12:0 a.m.3 views

WordPress plugin Shortcodes and extra features for Phlox theme 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

9.8CVSS8.5AI score0.00412EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/31 11:25 a.m.4 views

CVE-2025-21682 eth: bnxt: always recalculate features after XDP clearing, fix null-deref

In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: always recalculate features after XDP clearing, fix null-deref Recalculate features when XDP is detached. Before: ip li set dev eth0 xdp obj xdpdummy.bpf.o sec xdp ip li set dev eth0 xdp off ethtool -k eth0 | grep gro...

7.6AI score0.00208EPSS
Exploits0References4
OSV
OSV
added 2025/01/30 9:10 a.m.10 views

CGA-W672-GW3G-GFGQ

Bulletin has no description...

5CVSS9.3AI score0.03195EPSS
Exploits0
Rosalinux
Rosalinux
added 2025/01/28 7:59 p.m.21 views

Advisory ROSA-SA-2025-2675

software: libssh2 1.10.0 OS: ROSA-CHROME packageevrstring: libssh2-1.10.0-3 CVE-ID: CVE-2023-48795 BDU-ID: 2023-08853 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the SSH protocol implementation is related to the ability to adjust packet sequence numbers during the connection negotiation process...

5.9CVSS7.4AI score0.9378EPSS
Exploits4
ATTACKERKB
ATTACKERKB
added 2025/01/27 6:15 p.m.8 views

CVE-2025-24367

Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. This vulnerability is fixed...

8.8CVSS6.6AI score0.54024EPSS
Exploits10References4Affected Software1
OSV
OSV
added 2025/01/27 6:15 p.m.2 views

UBUNTU-CVE-2025-24367

Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. This vulnerability is fixed...

8.8CVSS7.9AI score0.54024EPSS
Exploits10References4
Virtuozzo
Virtuozzo
added 2025/01/27 12:0 a.m.37 views

Virtuozzo Hybrid Infrastructure 6.3 Update 1 (6.3.1-91)

In this release, Virtuozzo Hybrid Infrastructure provides a range of new features that cover improvements in the compute service, core and object storage, as well as monitoring and alerting. Additionally, this release delivers stability and security improvements, and addresses issues found in...

7.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/01/25 12:0 a.m.6 views

PT-2025-3845 · WordPress · Divi Carousel Maker

Name of the Vulnerable Software and Affected Versions: Divi Carousel Maker plugin for WordPress versions up to, and including, 2.0.4 Description: The Divi Carousel Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Carousel and Logo Carousel in all...

6.4CVSS5.9AI score0.00338EPSS
Exploits0References12
Vulnrichment
Vulnrichment
added 2025/01/23 6:11 a.m.15 views

CVE-2024-52972 Kibana allocation of resources without limits or throttling leads to crash

An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted request to /api/metrics/snapshot. This can be carried out by users with read access to the Observability Metrics or Logs features in Kibana...

6.5CVSS6.9AI score0.00368EPSS
Exploits0References1
CNVD
CNVD
added 2025/01/23 12:0 a.m.10 views

Unspecified Vulnerability in Fortinet FortiOS (CNVD-2025-02529)

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. Fortinet FortiOS has a security...

5.3CVSS9.4AI score0.00668EPSS
Exploits0References1
NVD
NVD
added 2025/01/22 6:15 a.m.10 views

CVE-2025-22450

Inclusion of undocumented features issue exists in UD-LT2 firmware Ver.1.00.008SE and earlier. A remote attacker may disable the LAN-side firewall function of the affected products, and open specific ports...

7.5CVSS0.0037EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/01/22 12:0 a.m.8 views

JVN#15293958: Multiple vulnerabilities in I-O DATA router UD-LT2

UD-LT2 provided by I-O DATA DEVICE, INC. contains multiple vulnerabilities listed below. OS Command Injection CWE-78 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 7.2 CVE-2025-20617, CVE-2025-26856 Inclusion of Undocumented Features CWE-1242 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N...

7.5CVSS7.6AI score0.01171EPSS
Exploits0
Rows per page
Query Builder