Lucene search
+L

916 matches found

CVE
CVE
added 2025/05/08 3:10 p.m.61 views

CVE-2025-4132

CVE-2025-4132 entry is rejected/not used by the CVE Numbering Authority.

3.9AI score
Exploits0
CVE
CVE
added 2025/05/02 3:55 p.m.100 views

CVE-2023-53096

CVE-2023-53096 is a Linux kernel issue where the node interconnect link array is allocated when adding links to a node but not deallocated when nodes are destroyed, causing a memory leak. The vulnerability is resolved in the kernel code by fixing the leak during node destruction. Affected compone...

5.5CVSS6.5AI score0.00166EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2025/05/01 2:10 p.m.78 views

CVE-2022-49898

CVE-2022-49898 affects the Linux kernel’s Btrfs tree-mod-log path. The issue arises in tree_mod_log_rewind() when replaying log entries for a block that should not have been replayed, triggering BUG_ON(tm->slot

5.5CVSS6.6AI score0.00164EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2025/04/08 3:49 p.m.18 views

CVE-2025-32018 Arbitrary file write from Cursor Agent through a prompt injection from malicious @Docs

Cursor is a code editor built for programming with AI. In versions 0.45.0 through 0.48.6, the Cursor app introduced a regression affecting the set of file paths the Cursor Agent is permitted to modify automatically. Under specific conditions, the agent could be prompted, either directly by the us...

8CVSS0.00377EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/02 4:39 p.m.5 views

CVE-2025-31283

A broken access control vulnerability previously discovered in the Trend Vision One User Roles component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the...

4.6CVSS7.3AI score0.00257EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/02 12:0 a.m.7 views

PT-2025-14535 · Trend Micro · Trend Vision One Status

Name of the Vulnerable Software and Affected Versions: Trend Vision One Status component affected versions not specified Description: A broken access control issue was previously discovered in the Trend Vision One Status component. This could have allowed an administrator to create users who coul...

4.6CVSS6.2AI score0.00257EPSS
Exploits0References5
NVD
NVD
added 2025/03/27 5:15 p.m.14 views

CVE-2023-52975

In the Linux kernel, the following vulnerability has been resolved: scsi: iscsitcp: Fix UAF during logout when accessing the shost ipaddress Bug report and analysis from Ding Hui. During iSCSI session logout, if another task accesses the shost ipaddress attr, we can get a KASAN UAF report like...

7.8CVSS0.00252EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/03/23 12:20 a.m.19 views

CVE-2024-44305

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.6. An app may be able to gain root privileges...

7.8CVSS6.5AI score0.00147EPSS
Exploits0References1
OSV
OSV
added 2025/03/21 12:15 a.m.5 views

CVE-2024-44199

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.6. An app may be able to cause unexpected system termination or read kernel memory...

7.1CVSS5.8AI score0.00169EPSS
Exploits0References1
NVD
NVD
added 2025/02/26 7:1 a.m.9 views

CVE-2022-49658

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix insufficient bounds propagation from adjustscalarminmaxvals Kuee reported a corner case where the tnum becomes constant after the call to regboundoffset, but the register's bounds are not, that is, its min bounds are sti...

5.5CVSS0.00273EPSS
Exploits0References4
OSV
OSV
added 2024/12/24 12:15 p.m.5 views

UBUNTU-CVE-2024-53156

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: add range check for connrspepid in htcconnectservice I found the following bug in my fuzzer: UBSAN: array-index-out-of-bounds in drivers/net/wireless/ath/ath9k/htchst.c:26:51 index 255 is out of range for type...

7.8CVSS6.1AI score0.00232EPSS
Exploits0References53
Vulnrichment
Vulnrichment
added 2024/12/11 9:46 a.m.18 views

CVE-2024-11401 Rapid7 Insight Platform Privilege Escalation Vulnerability

Rapid7 Insight Platform versions prior to November 13th 2024, suffer from a privilege escalation vulnerability whereby, due to a lack of authorization checks, an attacker can successfully update the password policy in the platform settings as a standard user by crafting an API the functionality w...

5.3CVSS7.2AI score0.00323EPSS
Exploits0References1
OSV
OSV
added 2024/12/02 9:15 p.m.22 views

CVE-2024-53987 Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitiz...

2.3CVSS5.5AI score0.00435EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/12/02 4:8 p.m.45 views

CVE-2024-53862 Argo Workflows Allows Access to Archived Workflows with Fake Token in `client` mode

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. When using --auth-mode=client, Archived Workflows can be retrieved with a fake or spoofed token via the GET Workflow endpoint: /api/v1/workflows/namespace/name or when using...

6.3CVSS0.00656EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/11/29 12:0 a.m.9 views

CVE-2024-48406

Buffer Overflow vulnerability in SunBK201 umicat through v.0.3.2 and fixed in v.0.3.3 allows an attacker to execute arbitrary code via the poweructintt x, uctintt n in src/uctupstream.c...

8.1AI score0.00853EPSS
Exploits0References2
NVD
NVD
added 2024/11/22 4:15 p.m.18 views

CVE-2024-48861

An OS command injection vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow local network attackers to execute commands. We have already fixed the vulnerability in the following versions: QuRouter 2.4.4.106 and later...

7.8CVSS0.00759EPSS
Exploits0References1
NVD
NVD
added 2024/11/21 5:15 p.m.64 views

CVE-2024-52803

LLama Factory enables fine-tuning of large language models. A critical remote OS command injection vulnerability has been identified in the LLama Factory training process. This vulnerability arises from improper handling of user input, allowing malicious actors to execute arbitrary OS commands on...

9.8CVSS0.02273EPSS
Exploits1References3
OSV
OSV
added 2024/11/15 3:45 p.m.16 views

CVE-2024-51496 LibreNMS has a Reflected XSS ('Cross-site Scripting') in librenms/includes/html/pages/wireless.inc.php

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Reflected Cross-Site Scripting XSS vulnerability in the "metric" parameter of the "/wireless" and "/health" endpoints allows attackers to inject arbitrary JavaScript. This vulnerability results in the execution of...

4.8CVSS6AI score0.00403EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2024/11/14 9:6 a.m.28 views

CVE-2024-50161

In the Linux kernel, the following vulnerability has been resolved: bpf: Check the remaining infocnt before repeating btf fields When trying to repeat the btf fields for array of nested struct, it doesn't check the remaining infocnt. The following splat will be reported when the value of ret nele...

4.4CVSS6.7AI score0.00183EPSS
Exploits0References4
CVE
CVE
added 2024/11/13 3:49 p.m.100 views

CVE-2024-52295

What is affected: DataEase (open source data visualization/analysis tool). Vulnerability: Prior to version 2.10.2, DataEase allows forging of JWTs to take over services. The underlying issue is that the JWT secret is hardcoded, and the UID/OID are also hardcoded. Impact: High confidentiality, int...

9.8CVSS6.8AI score0.00833EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder