Lucene search
K

81 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-27778

Malicious code in bioql PyPI...

7.1CVSS6.6AI score0.00419EPSS
Exploits0References2
OSV
OSV
added 2025/10/03 7:15 p.m.3 views

CVE-2025-44014

An out-of-bounds write vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify or corrupt memory. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 2025/07/09 and la...

8.8CVSS5.8AI score0.00476EPSS
Exploits0References1
CVE
CVE
added 2025/10/03 6:14 p.m.14 views

CVE-2025-54153

CVE-2025-54153 describes an SQL injection vulnerability in QNAP Qsync Central . According to multiple sources, a remote attacker who already has a user account can exploit this to execute unauthorized code or commands. The issue is rated high priority with a CVSS of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C...

8.8CVSS8AI score0.00394EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/10/03 6:9 p.m.11 views

CVE-2025-44014

CVE-2025-44014 affects QNAP Qsync Central prior to 5.0.0.1. The root cause is an out-of-bounds write that can allow a remote attacker with a user account to modify or corrupt memory. Public docs describe the impact as memory modification/corruption with high severity, and the issue is mitigated b...

8.8CVSS6.8AI score0.00476EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/10/03 12:0 a.m.3 views

QNAP Qsync Central 代码问题漏洞

QNAP Qsync Central is a cloud-based file synchronization service on a NAS from Taiwan, China-based QNAP Technology QNAP. A code issue vulnerability exists in QNAP Qsync Central versions prior to 5.0.0.1 that stems from a null pointer dereference and could lead to a denial of service attack...

6.5CVSS6.7AI score0.00419EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/30 12:0 a.m.4 views

PT-2025-40050

Impact send hooks can spend more gas than what's remained in tx, combined with recursive calls in the wasm contract, can amplify the gas consumption exponentially. Patches It's patched in v4.0.2 and v5.0.0 Workarounds Is there a way for users to fix or remediate the vulnerability without upgradin...

8.8CVSS6.8AI score0.00312EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/09/12 12:0 a.m.1 views

SUSE SLES12 Security Update : regionServiceClientConfigEC2 (SUSE-SU-2025:03170-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:03170-1 advisory. - Update to version 5.0.0. bsc1246995 - SLE 16 python-requests requires SSL v3 certificates. Update 2 region server certs to support SLE 16...

5.9AI score
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/27 2:39 a.m.3 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in axios-1.6.1.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of axios-1.6.1.tgz Vulnerability Details CVEID:CVE-2025-27152 DESCRIPTION: axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to...

8.7CVSS9.2AI score0.00759EPSS
Exploits1Affected Software1
RedhatCVE
RedhatCVE
added 2025/08/22 8:31 a.m.7 views

CVE-2025-54052

Cross-Site Request Forgery CSRF vulnerability in Realtyna Realtyna Organic IDX plugin real-estate-listing-realtyna-wpl allows PHP Local File Inclusion.This issue affects Realtyna Organic IDX plugin: from n/a through = 5.0.0...

7.5CVSS5.9AI score0.00159EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/08/20 12:0 a.m.3 views

WordPress plugin Realtyna Organic IDX plugin 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

7.5CVSS6.7AI score0.00159EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/08/14 3:30 p.m.10 views

Apache Superset allows authenticated users to discover metadata about datasources they don't have permission to access

Apache Superset contains an improper access control vulnerability in its /explore endpoint. A missing authorization check allows an authenticated user to discover metadata about datasources they do not have permission to access. By iterating through the datasourceid in the URL, an attacker can...

6.5CVSS6.5AI score0.00479EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/08/14 10:34 a.m.6 views

CVE-2025-54698 WordPress Classified Listing Plugin plugin <= 5.0.0 - Content Injection Vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in RadiusTheme Classified Listing allows Code Injection. This issue affects Classified Listing: from n/a through 5.0.0...

5.4CVSS7.2AI score0.0017EPSS
Exploits0References1
CNVD
CNVD
added 2025/08/01 12:0 a.m.7 views

IBM Aspera Faspex Code Issue Vulnerability

IBM Aspera Faspex is IBM's high-performance file transfer solution designed to transfer large files quickly and reliably. A security vulnerability exists in IBM Aspera Faspex versions 5.0.0 through 5.0.12.1, which stems from insufficient client-side enforcement of server-side security mechanisms...

6.5CVSS6.7AI score0.00209EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/07/31 12:0 a.m.5 views

IBM Aspera Faspex 安全漏洞

IBM Aspera Faspex is IBM's high-performance file transfer solution designed for fast, secure transfer of large-volume data. A security vulnerability exists in IBM Aspera Faspex versions 5.0.0 through 5.0.12.1, which originates from a client not properly implementing server-side security mechanism...

6.5CVSS6.5AI score0.00257EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/06 12:0 a.m.5 views

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS version 5.0.0 suffers from a security vulnerability, no details of the vulnerability are provided at this time...

6.2CVSS6.8AI score0.00093EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/05/07 12:0 a.m.5 views

Drupal Enterprise MFA - TFA for Drupal module < 4.7.0,5.0.0-5.1.0 - Unauthenticated Cross Site Request Forgery (CSRF) vulnerability

Drupal Enterprise MFA - TFA for Drupal module 4.7.0,5.0.0-5.1.0 - Unauthenticated Cross Site Request Forgery CSRF vulnerability discovered by Juraj Nemec poker10 in WordPress Module Enterprise MFA - TFA for Drupal versions 4.7.0,5.0.0-5.1.0...

8.8CVSS7AI score0.00171EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/05/07 12:0 a.m.5 views

Drupal Enterprise MFA - TFA for Drupal module < 4.7.0,5.0.0-5.1.0 - Unauthenticated Broken Access Control vulnerability

Drupal Enterprise MFA - TFA for Drupal module 4.7.0,5.0.0-5.1.0 - Unauthenticated Broken Access Control vulnerability discovered by Conrad Lara cmlara in WordPress Module Enterprise MFA - TFA for Drupal versions 4.7.0,5.0.0-5.1.0...

4.8CVSS7AI score0.00235EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/03/27 12:0 a.m.5 views

UPX 安全漏洞

UPX is a free, secure, portable, scalable, high-performance executable shelling program for a wide range of executable formats. A security vulnerability exists in UPX 5.0.0 and earlier versions, which stems from an incorrect operation of the PackLinuxElf64::unDTINIT function that can cause a heap...

5.5CVSS4.7AI score0.00274EPSS
Exploits1References1
OSV
OSV
added 2025/03/06 12:31 a.m.4 views

GHSA-P34J-R3CH-C985 Jenkins reveals encrypted values of secrets stored in agent configuration to users with Agent/Extended Read permission

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of agents via REST API or CLI. This allows attackers with Agent/Extended Read permission to view encrypted values of secrets. Jenkins 2.500, LTS 2.492.2 redacts the encrypted...

4.3CVSS6.9AI score0.00684EPSS
Exploits0References4
OSV
OSV
added 2025/02/26 2:15 p.m.2 views

CVE-2025-0719

IBM Cloud Pak for Data 4.0.0 through 4.8.5 and 5.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a truste...

6.1CVSS5.5AI score0.00302EPSS
Exploits0References1
Rows per page
Query Builder