Lucene search
K

3789 matches found

Vulnrichment
Vulnrichment
added 2025/12/16 6:7 p.m.3 views

CVE-2025-46296

An authorization bypass vulnerability in FileMaker Server Admin Console allowed administrator roles with minimal privileges to access administrative features such as viewing license details and downloading application logs. This vulnerability has been fully addressed in FileMaker Server 22.0.4...

6.5AI score0.00142EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/16 3:30 p.m.3 views

EUVD-2025-203725

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Ensure XFD state on signal delivery Sean reported 1 the following splat when running KVM tests: WARNING: CPU: 232 PID: 15391 at xfdvalidatestate+0x65/0x70 Call Trace: fpuclearuserstates+0x9c/0x100...

5.9AI score0.00168EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.8 views

PT-2025-51764

Name of the Vulnerable Software and Affected Versions Apache Commons Text versions prior to 1.10.0 FileMaker Server versions prior to 22.0.4 Description Apache Commons Text versions prior to 1.10.0 contain interpolation features that could be exploited when applications process untrusted input...

10CVSS7.9AI score0.00919EPSS
Exploits0References17
Packet Storm News
Packet Storm News
added 2025/12/15 12:0 a.m.4 views

Behavior-Aware and Generalizable Defense against Black-Box Adversarial Attacks for ML-Based IDS

Machine learning based intrusion detection systems are increasingly targeted by black box adversarial attacks, where attackers craft evasive inputs using indirect feedback such as binary outputs or behavioral signals like response time and resource usage. While several defenses have been proposed...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/12 12:0 a.m.5 views

PHANTOM: Progressive High-Fidelity Adversarial Network for Threat Object Modeling

The scarcity of cyberattack data hinders the development of robust intrusion detection systems. This paper introduces PHANTOM, a novel adversarial variational framework for generating high-fidelity synthetic attack data. Its innovations include progressive training, a dual-path VAE-GAN...

6.8AI score
Exploits0
EUVD
EUVD
added 2025/12/11 10:52 p.m.4 views

EUVD-2025-202928

LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, there is no handler for JSON parsing errors; SyntaxError from express.json includes user input in the error message, which gets reflected in responses. User input including HTML/JavaScript can be exposed in error...

5.3CVSS5.7AI score0.00181EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/10 2:32 a.m.12 views

CVE-2025-42875

The SAP Internet Communication Framework does not conduct any authentication checks for features that need user identification allowing an attacker to reuse authorization tokens, violating secure authentication practices causing low impact on Confidentiality, Integrity and Availability of the...

6.6CVSS7.1AI score0.00299EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/12/10 12:0 a.m.6 views

Oracle Linux 10 / 9 : Unbreakable Enterprise kernel (ELSA-2025-28040)

The remote Oracle Linux 10 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-28040 advisory. - netfilter: nftables: reject duplicate device on updates Pablo Neira Ayuso Orabug: 38712798 CVE-2025-38678 - ice: fix using untrusted value of...

5.5CVSS6.9AI score0.00338EPSS
Exploits2References42
EUVD
EUVD
added 2025/12/09 6:30 p.m.4 views

EUVD-2025-201958

Insertion of Sensitive Information Into Sent Data vulnerability in averta Shortcodes and extra features for Phlox theme auxin-elements allows Retrieve Embedded Sensitive Data.This issue affects Shortcodes and extra features for Phlox theme: from n/a through = 2.17.12...

5.3CVSS6.4AI score0.0024EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/09 6:30 p.m.7 views

EUVD-2025-201852

The SAP Internet Communication Framework does not conduct any authentication checks for features that need user identification allowing an attacker to reuse authorization tokens, violating secure authentication practices causing low impact on Confidentiality, Integrity and Availability of the...

6.6CVSS6.6AI score0.00299EPSS
Exploits0References3
NVD
NVD
added 2025/12/09 4:17 p.m.7 views

CVE-2025-42875

The SAP Internet Communication Framework does not conduct any authentication checks for features that need user identification allowing an attacker to reuse authorization tokens, violating secure authentication practices causing low impact on Confidentiality, Integrity and Availability of the...

6.6CVSS0.00299EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/09 2:52 p.m.18 views

CVE-2025-63071 WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.15 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in averta Shortcodes and extra features for Phlox theme auxin-elements allows Retrieve Embedded Sensitive Data.This issue affects Shortcodes and extra features for Phlox theme: from n/a through = 2.17.15...

5.3CVSS0.0024EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/12/09 12:0 a.m.3 views

Exposing Vulnerabilities in Counterfeit Prevention Systems Utilizing Physically Unclonable Surface Features

Counterfeit products pose significant risks to public health and safety through infiltrating untrusted supply chains. Among numerous anti-counterfeiting techniques, leveraging inherent, unclonable microscopic irregularities of paper surfaces is an accurate and cost-effective solution. Prior work ...

7.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/12/09 12:0 a.m.9 views

Amazon Linux 2023 : bpftool6.12, kernel6.12, kernel6.12-devel (ALAS2023-2025-1316)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1316 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: essiv - Check ssize for decryption and in-place encryption CVE-2025-40019 In the Linux kernel, the following...

5.5CVSS6.7AI score0.00338EPSS
Exploits2References76
CNNVD
CNNVD
added 2025/12/08 12:0 a.m.3 views

Memos 安全漏洞

Memos is a Memos open source open source hosted meme center with knowledge management and social features. A security vulnerability exists in Memos version v0.25.2, which stems from improper access control of the Identity Provider service and could lead to account takeover or denial of service...

6.5CVSS6.4AI score0.003EPSS
Exploits1References5
Gitee
Gitee
added 2025/12/07 6:54 p.m.158 views

awesome-burp-extensions

This is a curated list of Burp Extensions, a collection of user-submitted plugins for the Burp Suite web application security testing tool. The repository is maintained under a CC0 1.0 Universal license, allowing for the permanent relinquishment of copyright and related rights to the works...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/07 12:0 a.m.15 views

Deep Reinforcement Learning for Phishing Detection with Transformer-Based Semantic Features

Phishing is a cybercrime in which individuals are deceived into revealing personal information, often resulting in financial loss. These attacks commonly occur through fraudulent messages, misleading advertisements, and compromised legitimate websites. This study proposes a Quantile Regression De...

6.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/12/05 9:34 p.m.14 views

CVE-2025-66238

DCIM dcTrack allows an attacker to misuse certain remote access features. An authenticated user with access to the appliance's virtual console could exploit these features to redirect network traffic, potentially accessing restricted services or data on the host machine...

7.4CVSS6.8AI score0.00299EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/05 12:31 a.m.4 views

EUVD-2025-201312

DCIM dcTrack allows an attacker to misuse certain remote access features. An authenticated user with access to the appliance's virtual console could exploit these features to redirect network traffic, potentially accessing restricted services or data on the host machine...

7.4CVSS6.3AI score0.00299EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/12/04 12:0 a.m.6 views

Adobe Experience Manager (AEM) Sling Login Panel Detected

This plugin detects the presence of the Adobe Experience Manager AEM Sling Login panel on a web application. The Sling Login panel is part of the Apache Sling framework used by AEM for content delivery and management, providing authentication and access control features. No source data...

7.1AI score
Exploits0References1
Rows per page
Query Builder