Lucene search
K

3039 matches found

OSV
OSV
added 2025/05/01 6:15 p.m.4 views

CVE-2025-32886

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. All packets sent over RF are also sent over UART with USB Shell, allowing someone with local access to gain information about the protocol and intercept sensitive data...

5.5CVSS5.8AI score0.00126EPSS
Exploits0References2
Circl
Circl
added 2025/05/01 7:14 a.m.14 views

CVE-2025-4154

creationtimestamp| type| source ---|---|--- 2025-05-01 07:14:12+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/14244 2025-05-01 09:55:33+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lo426c7bc72j 2025-05-01 10:39:02+00:00| seen|...

8.8CVSS6.2AI score0.00356EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/05/01 12:0 a.m.6 views

goTenna V1 安全漏洞

goTenna V1 is a portable offline communication device from goTenna, Inc. that enables long-distance peer-to-peer communication between smartphones via mesh network technology. A security vulnerability exists in goTenna V1, which originates from hard-coded authentication tokens, which could lead t...

8.8CVSS6.9AI score0.0016EPSS
Exploits0References2
Amazon
Amazon
added 2025/04/29 12:0 a.m.5 views

Medium: python3.12-pip

Issue Overview: Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to th...

5.6CVSS8AI score0.0034EPSS
Exploits0
Schneier on Security
Schneier on Security
added 2025/04/28 6:17 p.m.16 views

Windscribe Acquitted on Charges of Not Collecting Users’ Data

The company doesn't keep logs, so couldn't turn over data: Windscribe, a globally used privacy-first VPN service, announced today that its founder, Yegor Sak, has been fully acquitted by a court in Athens, Greece, following a two-year legal battle in which Sak was personally charged in connection...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/04/26 12:0 a.m.10 views

The Dark Side of the Web: Towards Understanding Various Data Sources in Cyber Threat Intelligence

Cyber threats have become increasingly prevalent and sophisticated. Prior work has extracted actionable cyber threat intelligence CTI, such as indicators of compromise, tactics, techniques, and procedures TTPs, or threat feeds from various sources: open source data e.g., social networks, internal...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/04/23 12:0 a.m.4 views

Security Science (SecSci), Basic Concepts and Mathematical Foundations

This textbook compiles the lecture notes from security courses taught at Oxford in the 2000s, at Royal Holloway in the 2010s, and currently in Hawaii. The early chapters are suitable for a first course in security. The middle chapters have been used in advanced courses. Towards the end there are...

7AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2025/04/21 3:0 p.m.10 views

Securing our future: April 2025 progress report on Microsoft’s Secure Future Initiative

The Microsoft Secure Future Initiative SFI stands as the largest cybersecurity engineering project in history and most extensive effort of its kind at Microsoft. Since inception, we've dedicated the equivalent of 34,000 engineers working full-time for 11 months to mitigate risks and address the...

7.6AI score
Exploits0
Circl
Circl
added 2025/04/21 1:2 a.m.7 views

CVE-2025-43971

creationtimestamp| type| source ---|---|--- 2025-04-21 01:02:23+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/12629 2025-04-21 01:23:04+00:00| seen| https://infosec.exchange/users/vuldb/statuses/114373334403320705 2025-04-21 01:51:05+00:00| seen|...

8.6CVSS3.8AI score0.00458EPSS
Exploits0References9
OSV
OSV
added 2025/04/16 3:16 p.m.0 views

DEBIAN-CVE-2025-22080

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Prevent integer overflow in hdrfirstde The "deoff" and "used" variables come from the disk so they both need to check. The problem is that on 32bit systems if they're both greater than UINTMAX - 16 then the check does...

5.5CVSS5.8AI score0.00165EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/16 2:12 p.m.1 views

CVE-2025-22080 fs/ntfs3: Prevent integer overflow in hdr_first_de()

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Prevent integer overflow in hdrfirstde The "deoff" and "used" variables come from the disk so they both need to check. The problem is that on 32bit systems if they're both greater than UINTMAX - 16 then the check does...

7.8AI score0.00165EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/04/16 12:0 a.m.2 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an integer overflow risk in hdrfirstde in ntfs3 that could lead to out-of-bounds access...

5.5CVSS6.7AI score0.00165EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/04/16 12:0 a.m.5 views

PT-2025-38560

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue in the i40e driver where an invalid memory access could occur when the MAC list is empty. The list first entry function does not return NULL, potential...

7.1CVSS6.3AI score0.00152EPSS
Exploits0
Amazon
Amazon
added 2025/04/14 12:0 a.m.6 views

Medium: grub2

Issue Overview: A flaw was found in grub2. A specially crafted JPEG file can cause the JPEG parser of grub2 to incorrectly check the bounds of its internal buffers, resulting in an out-of-bounds write. The possibility of overwriting sensitive information to bypass secure boot protections is not...

7.8CVSS9.2AI score0.01373EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2025/04/11 11:15 a.m.2 views

CVE-2025-23389

A Improper Access Control vulnerability in SUSE rancher allows a local user to impersonate other identities through SAML Authentication on first login. This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3...

8.4CVSS7.3AI score0.00444EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2025/04/11 12:0 a.m.3 views

Rancher 访问控制错误漏洞

Rancher is an open source container management platform from the US-based Rancher Open Source, built for organizations that deploy containers in production environments. An access control error vulnerability exists in Rancher versions prior to 2.8.0 to 2.8.13, 2.9.0 to 2.9.7, and 2.10.0 to 2.10.3...

8.4CVSS6.2AI score0.00444EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/04/10 8:19 a.m.20 views

CVE-2025-26654

SAP Commerce Cloud Public Cloud does not allow to disable unencrypted HTTP port 80 entirely, but instead allows a redirect from port 80 to 443 HTTPS. As a result, Commerce normally communicates securely over HTTPS. However, the confidentiality and integrity of data sent on the first request befor...

6.8CVSS6.8AI score0.00154EPSS
Exploits0References1
NVD
NVD
added 2025/04/08 8:15 a.m.6 views

CVE-2025-26654

SAP Commerce Cloud Public Cloud does not allow to disable unencrypted HTTP port 80 entirely, but instead allows a redirect from port 80 to 443 HTTPS. As a result, Commerce normally communicates securely over HTTPS. However, the confidentiality and integrity of data sent on the first request befor...

6.8CVSS0.00154EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/04/08 12:0 a.m.5 views

PT-2025-15365 · Sap · Sap Commerce Cloud

Name of the Vulnerable Software and Affected Versions: SAP Commerce Cloud affected versions not specified Description: The issue affects the confidentiality and integrity of data sent in the first request before a redirect from HTTP to HTTPS. Normally, Commerce communicates securely over HTTPS, b...

6.8CVSS6.5AI score0.00154EPSS
Exploits0References8
OSV
OSV
added 2025/04/03 11:15 p.m.3 views

CVE-2025-3184

A vulnerability was found in projectworlds Online Doctor Appointment Booking System 1.0 and classified as critical. This issue affects some unknown processing of the file /patient/profile.php?patientId=1. The manipulation of the argument patientFirstName leads to sql injection. The attack may be...

9.8CVSS5.8AI score0.00513EPSS
Exploits1References4
Rows per page
Query Builder