Lucene search
K

10270 matches found

NVD
NVD
added 2025/12/24 11:16 a.m.5 views

CVE-2025-68724

In the Linux kernel, the following vulnerability has been resolved: crypto: asymmetrickeys - prevent overflow in asymmetrickeygenerateid Use checkaddoverflow to guard against potential integer overflows when adding the binary blob lengths and the size of an asymmetrickeyid structure and return...

0.00154EPSS
Exploits0References8
Cvelist
Cvelist
added 2025/12/24 10:33 a.m.26 views

CVE-2025-68724 crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id

In the Linux kernel, the following vulnerability has been resolved: crypto: asymmetrickeys - prevent overflow in asymmetrickeygenerateid Use checkaddoverflow to guard against potential integer overflows when adding the binary blob lengths and the size of an asymmetrickeyid structure and return...

0.00154EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2025/12/24 10:33 a.m.3 views

CVE-2025-68724

In the Linux kernel, the following vulnerability has been resolved: crypto: asymmetrickeys - prevent overflow in asymmetrickeygenerateid Use checkaddoverflow to guard against potential integer overflows when adding the binary blob lengths and the size of an asymmetrickeyid structure and return...

5.5AI score0.00154EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2025/12/24 10:33 a.m.17 views

CVE-2025-68724

CVE-2025-68724 is confirmed to affect the Linux kernel and has been fixed. The vulnerability stemmed from a potential arithmetic overflow when constructing an asymmetric_key_id, which could lead to a buffer overflow when copying data from large X.509 certificate fields. The fix uses check_add_ove...

6.6AI score0.00154EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.5 views

PT-2025-53355

Anviz AIM CrossChex Standard 4.3.6.0 contains a CSV injection vulnerability that allows attackers to execute commands by inserting malicious formulas in user import fields. Attackers can craft payloads in fields like 'Name', 'Gender', or 'Position' to trigger Excel macro execution when importing...

9.8CVSS7.8AI score0.00591EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.4 views

PT-2025-53010

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to BPF percpu hash maps. Missing calls to bpf obj free fields in pcpu copy value could lead to memory referenced by BPF KPTR REF,PERCPU fields...

6.2AI score0.00171EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/12/24 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-68744

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf: Free special fields when update lru,percpuhash maps As lru,percpuhash maps support BPFKPTRREF,PERCPU, missing calls to 'bpfobjfreefields' in 'pcpucopyvalue...

6AI score0.00171EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/24 12:0 a.m.3 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from unset memory allocation related fields that could lead to a null pointer dereference...

7AI score0.00173EPSS
Exploits0References8
NVD
NVD
added 2025/12/22 10:15 p.m.7 views

CVE-2021-47713

Hasura GraphQL 1.3.3 contains a denial of service vulnerability that allows attackers to overwhelm the service by crafting malicious GraphQL queries with excessive nested fields. Attackers can send repeated requests with extremely long query strings and multiple threads to consume server resource...

8.7CVSS0.00405EPSS
Exploits1References3
OSV
OSV
added 2025/12/22 10:15 p.m.5 views

CVE-2021-47713

Hasura GraphQL 1.3.3 contains a denial of service vulnerability that allows attackers to overwhelm the service by crafting malicious GraphQL queries with excessive nested fields. Attackers can send repeated requests with extremely long query strings and multiple threads to consume server resource...

8.7CVSS6.7AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/22 9:35 p.m.3 views

CVE-2021-47713 Hasura GraphQL 1.3.3 Denial of Service via Malicious GraphQL Query

Hasura GraphQL 1.3.3 contains a denial of service vulnerability that allows attackers to overwhelm the service by crafting malicious GraphQL queries with excessive nested fields. Attackers can send repeated requests with extremely long query strings and multiple threads to consume server resource...

8.7CVSS6.4AI score0.00405EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/12/22 9:35 p.m.23 views

CVE-2021-47713 Hasura GraphQL 1.3.3 Denial of Service via Malicious GraphQL Query

Hasura GraphQL 1.3.3 contains a denial of service vulnerability that allows attackers to overwhelm the service by crafting malicious GraphQL queries with excessive nested fields. Attackers can send repeated requests with extremely long query strings and multiple threads to consume server resource...

8.7CVSS0.00405EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/12/22 8:17 a.m.10 views

CVE-2025-14855

The SureForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form field parameters in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...

7.2CVSS5.2AI score0.00312EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/12/22 3:23 a.m.5 views

CVE-2025-13361

The Web to SugarCRM Lead plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation on the custom field deletion functionality. This makes it possible for unauthenticated attackers to delete custom fields v...

4.3CVSS5.4AI score0.00129EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/22 12:0 a.m.6 views

PT-2025-52689

Name of the Vulnerable Software and Affected Versions Hasura GraphQL version 1.3.3 Description The software is susceptible to a denial of service condition. Attackers can exploit this by sending specially crafted GraphQL queries containing deeply nested fields. These queries are designed to consu...

8.7CVSS6.7AI score0.00405EPSS
Exploits1References7
EUVD
EUVD
added 2025/12/21 9:30 a.m.8 views

EUVD-2025-204669

The SureForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form field parameters in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...

7.2CVSS4.8AI score0.00312EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2025/12/21 7:31 a.m.7 views

CVE-2025-14855 SureForms <= 2.2.0 - Unauthenticated Stored Cross-Site Scripting

The SureForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form field parameters in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...

7.2CVSS4.9AI score0.00312EPSS
Exploits2References3
CVE
CVE
added 2025/12/21 3:20 a.m.15 views

CVE-2025-13361

CVE-2025-13361 : The Web to SugarCRM Lead plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) up to version 1.0.0 due to missing nonce validation on the custom field deletion function. This enables unauthenticated attackers to delete custom fields by tricking a site administra...

4.3CVSS5AI score0.00129EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/21 12:0 a.m.8 views

PT-2025-52581

Name of the Vulnerable Software and Affected Versions Web to SugarCRM Lead plugin for WordPress versions up to and including 1.0.0 Description The Web to SugarCRM Lead plugin for WordPress is susceptible to Cross-Site Request Forgery CSRF. This is caused by a lack of nonce validation when deletin...

4.3CVSS6.1AI score0.00129EPSS
Exploits0References9
MongoDB
MongoDB
added 2025/12/19 11:0 a.m.20 views

Zlib compressed protocol header length confusion may allow memory read

Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3,...

8.7CVSS7AI score0.83007EPSS
Exploits39References1Affected Software1
Rows per page
Query Builder