Lucene search
K

412 matches found

OSV
OSV
added 2025/08/14 6:52 p.m.2 views

MAL-2025-20688 Malicious code in flat-glob (npm)

The package flat-glob was found to contain malicious code...

7.2AI score
Exploits0
AstraLinux
AstraLinux
added 2025/06/16 11:28 a.m.1 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: binfmtflat: Fixed an integer overflow bug on 32-bit systems. Most of these sizes and counts are capped at 256MB, so the calculations do not result in integer overflows. The “relocs” count also needs to be checked. Otherwise, o...

5.5CVSS6.4AI score0.00211EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 10:47 a.m.6 views

CVE-2024-10014

The Flat UI Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's flatbtn shortcode in version 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level...

6.4CVSS5.9AI score0.0028EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:32 a.m.10 views

CVE-2024-40111

A persistent stored cross-site scripting XSS vulnerability has been identified in Automad 2.0.0-alpha.4. This vulnerability enables an attacker to inject malicious JavaScript code into the template body. The injected code is stored within the flat file CMS and is executed in the browser of any us...

4.8CVSS5.4AI score0.00769EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:21 a.m.19 views

CVE-2023-34015

Cross-Site Request Forgery CSRF vulnerability in PI Websolution Conditional shipping & Advanced Flat rate shipping rates / Flexible shipping for WooCommerce shipping plugin = 1.6.4.4 versions...

8.8CVSS7AI score0.00246EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:23 a.m.7 views

CVE-2023-34452

Grav is a flat-file content management system. In versions 1.7.42 and prior, the "/forgotpassword" page has a self-reflected cross-site scripting vulnerability that can be exploited by injecting a script into the "email" parameter of the request. While this vulnerability can potentially allow an...

6.1CVSS6.9AI score0.00592EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:10 p.m.9 views

CVE-2021-38621

The remove API in v1/controller/cloudStorage/alibabaCloud/remove/index.ts in netless Agora Flat Server before 2021-07-30 mishandles file ownership...

9.1CVSS7AI score0.00986EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:27 p.m.9 views

CVE-2021-25927

Prototype pollution vulnerability in 'safe-flat' versions 2.0.0 through 2.0.1 allows an attacker to cause a denial of service and may lead to remote code execution...

9.8CVSS7.3AI score0.03337EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 7:23 p.m.4 views

CVE-2021-24789

The Flat Preloader WordPress plugin before 1.5.5 does not escape some of its settings when outputting them in attribute in the frontend, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...

4.8CVSS6AI score0.00622EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:23 p.m.15 views

CVE-2021-24685

The Flat Preloader WordPress plugin before 1.5.4 does not enforce nonce checks when saving its settings, as well as does not sanitise and escape them, which could allow attackers to a make logged in admin change them with a Cross-Site Scripting payload triggered either in the frontend or backend...

5.4CVSS6.2AI score0.00491EPSS
Exploits2References1
Cvelist
Cvelist
added 2025/05/16 3:0 a.m.17 views

CVE-2025-4742 XU-YIJIE grpo-flat grpo_vanilla.py main deserialization

A vulnerability classified as problematic has been found in XU-YIJIE grpo-flat up to 9024b43f091e2eb9bac65802b120c0b35f9ba856. Affected is the function main of the file grpovanilla.py. The manipulation leads to deserialization. Local access is required to approach this attack. Continious delivery...

5.3CVSS0.00162EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/05/16 3:0 a.m.6 views

CVE-2025-4742 XU-YIJIE grpo-flat grpo_vanilla.py main deserialization

A vulnerability classified as problematic has been found in XU-YIJIE grpo-flat up to 9024b43f091e2eb9bac65802b120c0b35f9ba856. Affected is the function main of the file grpovanilla.py. The manipulation leads to deserialization. Local access is required to approach this attack. Continious delivery...

5.3CVSS5.6AI score0.00162EPSS
Exploits0References4
CVE
CVE
added 2025/05/16 3:0 a.m.33 views

CVE-2025-4742

CVE-2025-4742 affects XU-YIJIE grpo-flat up to 9024b43f091e2eb9bac65802b120c0b35f9ba856. The vulnerable component is the function main in the file grpo_vanilla.py , where input manipulation leads to a deserialization issue. Local access is required to exploit. The product uses continuous delivery...

5.3CVSS5.4AI score0.00162EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/05/16 12:0 a.m.2 views

grpo-flat 代码问题漏洞

grpo-flat is a tool for training grpo using zero dataset and low resources by XU-YIJIE personal developer. A code issue vulnerability exists in grpo-flat that stems from improper handling of the function main in the file grpovanilla.py, which could lead to a deserialization attack...

5.3CVSS5.6AI score0.00162EPSS
Exploits0References5
Packet Storm News
Packet Storm News
added 2025/04/23 12:0 a.m.3 views

Seeking Flat Minima over Diverse Surrogates for Improved Adversarial Transferability: a Theoretical Framework and Algorithmic Instantiation

Whitepaper called Seeking Flat Minima Over Diverse Surrogates For Improved Adversarial Transferability: A Theoretical Framework And Algorithmic Instantiation...

7AI score
Exploits0
CNNVD
CNNVD
added 2025/03/28 12:0 a.m.2 views

unflatto 安全漏洞

unflatto is a tiny and fast flat extender by Ali Zeaiter Personal Developer. A security vulnerability exists in unflatto 1.0.2 and earlier versions, which stems from prototype contamination and could lead to arbitrary code execution or denial of service...

9.8CVSS7.3AI score0.00799EPSS
Exploits1References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/03/17 5:57 a.m.2 views

Malicious code in eslint8_flat_config_mjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ea965fc719f78ae7eb9148cb5a4cd65ee8a06887968868fee8558dbff3faff00 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
vulnersOsv
vulnersOsv
added 2025/03/14 5:16 p.m.7 views

@boxyhq/saml-jackson (>=1.3.2 <=1.11.1), @boxyhq/saml20 (>=1.0.11 <=1.2.3) +4 more potentially affected by CVE-2025-29775 via xml-crypto (>=3.0.0 <=3.2.0)

xml-crypto NPM version =3.0.0, =1.3.2, =1.0.11, =1.13.3, =1.13.5, =2.1.0, =1.0.0, =1.0.1 Source cves: CVE-2025-29775 Source advisory: OSV:GHSA-X3M8-899R-F7C3...

9.3CVSS7.2AI score0.09378EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2025/02/28 2:23 a.m.6 views

SUSE CVE-2024-58010

In the Linux kernel, the following vulnerability has been resolved: binfmtflat: Fix integer overflow bug on 32 bit systems Most of these sizes and counts are capped at 256MB so the math doesn't result in an integer overflow. The "relocs" count needs to be checked as well. Otherwise on 32bit syste...

5.5CVSS7.9AI score0.00211EPSS
Exploits0References3
OSV
OSV
added 2025/02/27 3:15 a.m.6 views

AZL-57785 CVE-2024-58010 affecting package kernel for versions less than 5.15.179.1-1

In the Linux kernel, the following vulnerability has been resolved: binfmtflat: Fix integer overflow bug on 32 bit systems Most of these sizes and counts are capped at 256MB so the math doesn't result in an integer overflow. The "relocs" count needs to be checked as well. Otherwise on 32bit syste...

5.5CVSS6.8AI score0.00211EPSS
Exploits0References1
Rows per page
Query Builder