Lucene search
K

185 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 8:21 a.m.3 views

CVE-2024-1887

Mattermost fails to check if compliance export is enabled when fetching posts of public channels allowing a user that is not a member of the public channel to fetch the posts, which will not be audited in the compliance export...

4.3CVSS4.6AI score0.00331EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:32 a.m.8 views

CVE-2023-5654

The React Developer Tools extension registers a message listener with window.addEventListener'message', in a content script that is accessible to any webpage that is active in the browser. Within the listener is code that requests a URL derived from the received message via fetch. The URL is not...

6.5CVSS6.9AI score0.00467EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:5 a.m.6 views

CVE-2023-47122

Gitsign is software for keyless Git signing using Sigstore. In versions of gitsign starting with 0.6.0 and prior to 0.8.0, Rekor public keys were fetched via the Rekor API, instead of through the local TUF client. If the upstream Rekor server happened to be compromised, gitsign clients could...

5.3CVSS6.6AI score0.00369EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 6:36 p.m.11 views

CVE-2021-36393

In Moodle, an SQL injection risk was identified in the library fetching a user's recent courses...

9.8CVSS7.8AI score0.52299EPSS
Exploits6
RedhatCVE
RedhatCVE
added 2025/05/22 5:51 a.m.8 views

CVE-2017-18888

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows SQL injection during the fetching of multiple posts...

9.8CVSS8.1AI score0.01103EPSS
Exploits0References1
NVD
NVD
added 2025/05/09 3:15 p.m.20 views

CVE-2025-45887

Yifang CMS v2.0.2 is vulnerable to Server-Side Request Forgery SSRF in /api/file/getRemoteContent...

9.1CVSS0.0036EPSS
Exploits1References1
OSV
OSV
added 2025/05/01 2:9 p.m.9 views

CVE-2022-49790 Input: iforce - invert valid length check when fetching device IDs

In the Linux kernel, the following vulnerability has been resolved: Input: iforce - invert valid length check when fetching device IDs syzbot is reporting uninitialized value at iforceinitdevice 1, for commit 6ac0aec6b0a6 "Input: iforce - allow callers supply data buffer when fetching device IDs"...

5.5CVSS6AI score0.00165EPSS
Exploits0References8
Cvelist
Cvelist
added 2025/04/18 7:1 a.m.19 views

CVE-2025-39989 x86/mce: use is_copy_from_user() to determine copy-from-user context

In the Linux kernel, the following vulnerability has been resolved: x86/mce: use iscopyfromuser to determine copy-from-user context Patch series "mm/hwpoison: Fix regressions in memory failure handling", v4. 1. What am I trying to do: This patchset resolves two critical regressions related to...

0.00201EPSS
Exploits0References5
NVD
NVD
added 2025/04/16 3:16 p.m.8 views

CVE-2025-22086

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix mlx5pollone curqp update flow When curqp isn't NULL, in order to avoid fetching the QP from the radix tree again we check if the next cqe QP is identical to the one we already have. The bug however is that we are...

5.5CVSS0.00176EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2025/04/10 12:0 a.m.6 views

Moodle 4.3.x < 4.3.8 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is 4.1.x prior to 4.1.14, 4.2.x prior to 4.2.11, 4.3.x prior to 4.3.8, or 4.4.x prior to 4.4.4. It is, therefore, affected by multiple vulnerabilities. - An IDOR when fetching report schedules. - Some users can...

6.5CVSS7.3AI score0.00366EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2025/03/29 10:44 p.m.17 views

CVE-2025-2886

Missing validation of terminating delegation causes the client to continue searching the defined delegation list, even after searching a terminating delegation. This could cause the client to fetch a target from an incorrect source, altering the target contents. Users should upgrade to tough...

5.7CVSS7.3AI score0.00307EPSS
Exploits0References4
NVD
NVD
added 2025/03/27 11:15 p.m.19 views

CVE-2025-2886

Missing validation of terminating delegation causes the client to continue searching the defined delegation list, even after searching a terminating delegation. This could cause the client to fetch a target from an incorrect source, altering the target contents. Users should upgrade to tough...

5.7CVSS0.00307EPSS
Exploits0References3
NVD
NVD
added 2025/03/27 11:15 p.m.24 views

CVE-2025-2887

During a target rollback, the client fails to detect the rollback for delegated targets. This could cause the client to fetch a target from an incorrect source, altering the target contents. Users should upgrade to tough version 0.20.0 or later and ensure any forked or derivative code is patched ...

5.7CVSS0.00307EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/03/27 10:23 p.m.7 views

CVE-2025-2887 Failure to detect delegated target rollback in tough

During a target rollback, the client fails to detect the rollback for delegated targets. This could cause the client to fetch a target from an incorrect source, altering the target contents. Users should upgrade to tough version 0.20.0 or later and ensure any forked or derivative code is patched ...

5.7CVSS7.3AI score0.00307EPSS
Exploits0References3
CVE
CVE
added 2025/03/27 10:22 p.m.67 views

CVE-2025-2886

CVE-2025-2886 describes a flaw in the Amazon tough (TUF) client: missing validation of terminating delegations causes the client to continue searching the delegation list after a terminating delegation, potentially fetching a target from an incorrect source and altering contents. Affected softwar...

5.7CVSS6.7AI score0.00307EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2023-45285

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Using go get to fetch a module with the .git suffix may unexpectedly fallback to the insecure git:// protocol if the module is unavailable via the secure https:...

7.5CVSS7.2AI score0.01137EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/02/26 12:0 a.m.4 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the 9p protocol not properly handling fid reference counts when fetching links...

5.5CVSS5.5AI score0.00243EPSS
Exploits0References5
Mageia
Mageia
added 2025/02/04 6:56 p.m.24 views

Updated libreoffice packages fix security vulnerabilities

Path traversal leading to arbitrary .ttf file write. CVE-2024-12425 URL fetching can be used to exfiltrate arbitrary INI file values and environment variables. CVE-2024-12426...

6.7CVSS7AI score0.00528EPSS
Exploits0References5
OSV
OSV
added 2025/02/04 6:56 p.m.10 views

MGASA-2025-0035 Updated libreoffice packages fix security vulnerabilities

Path traversal leading to arbitrary .ttf file write. CVE-2024-12425 URL fetching can be used to exfiltrate arbitrary INI file values and environment variables. CVE-2024-12426...

6.7CVSS6.4AI score0.00528EPSS
Exploits0References6
CVE
CVE
added 2024/12/27 3:2 p.m.145 views

CVE-2024-56638

CVE-2024-56638 affects the Linux kernel’s netfilter nft_inner handling of percpu inner-header offsets under softirq. The vulnerability stems from a race where softirq can interrupt a process-context walk over a percpu area that contains inner header offsets, potentially leading to inconsistent pe...

7.8CVSS6.3AI score0.00222EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder