Lucene search
K

356 matches found

Positive Technologies
Positive Technologies
added 2025/08/01 12:0 a.m.4 views

PT-2025-32188

Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: The Android Framework component contains a flaw in access control. Exploitation of this issue may allow an attacker to escalate privileges. A race condition in multiple locations may allow...

7.2CVSS6.5AI score0.00083EPSS
Exploits0References9
BDU FSTEC
BDU FSTEC
added 2025/07/28 12:0 a.m.7 views

The vulnerability of the framework for working with large language models (LLMs) like LlamaIndex lies in the improper restriction on recursive references to entities in the DTD. This allows attackers to trigger a service failure.

The vulnerability of the LlamaIndex framework for working with large language models is related to an improper limitation on recursive references to entities in the DTD. Exploiting this vulnerability could allow a malicious actor to cause service failures...

7.8CVSS7.2AI score0.00415EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/07/28 12:0 a.m.10 views

The vulnerability of the framework for creating applications based on the combination of language models (LLMs) like LangChain arises from insufficient validation of requests at the server-side level. This allows attackers to execute an SSRF attack.

The vulnerability of the framework for creating applications based on the combination of language models LLMs like LangChain is related to insufficient validation of requests at the server-side. Exploiting this vulnerability could allow a malicious actor to perform an SSRF attack...

9CVSS7.5AI score0.14059EPSS
Exploits1References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/07/16 12:0 a.m.7 views

The vulnerability of the cross-platform software development framework Qt, related to a predictable initial number in the pseudorandom number generator, allows a hacker to bypass authentication.

The vulnerability of the cross-platform software development framework Qt is related to a predictable initial number in the pseudorandom number generator. Exploiting this vulnerability can allow an attacker to bypass authentication...

10CVSS5.5AI score0.0097EPSS
Exploits0References7Affected Software5
CNVD
CNVD
added 2025/07/11 12:0 a.m.4 views

Unspecified vulnerability in Huawei HarmonyOS and EMUI (CNVD-2025-16592)

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. A security vulnerability exists in Huawei HarmonyOS an...

6.2CVSS6.9AI score0.00093EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/07/09 3:26 a.m.10 views

CVE-2025-53186

Vulnerability that allows third-party call apps to send broadcasts without verification in the audio framework module Impact: Successful exploitation of this vulnerability may affect availability...

6.2CVSS7AI score0.00093EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/07/05 12:0 a.m.6 views

PT-2025-28121 · Huawei +1 · Emui +1

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A vulnerability exists in the audio framework module, allowing third-party call apps to send broadcasts without verification. Successful exploitation of this issue may affect availability...

6.2CVSS6.1AI score0.00093EPSS
Exploits0References3
Redos
Redos
added 2025/07/03 12:0 a.m.5 views

ROS-20250703-05

A vulnerability in the cross-platform software development framework Qt is related to the fact that QAbstractOAuth in Qt Network Authorization uses only time to run PRNG Exploitation of this vulnerability could allow an attacker acting remotely to bypass authentication. of the vulnerability could...

9.8CVSS7.4AI score0.0097EPSS
Exploits0
NVD
NVD
added 2025/07/01 3:15 a.m.6 views

CVE-2024-46993

Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions prior to 28.3.2, 29.3.3, and 30.0.3, the nativeImage.createFromPath and nativeImage.createFromBuffer functions call a function downstream that is vulnerable to a heap...

7.3CVSS0.00126EPSS
Exploits0References1
NVD
NVD
added 2025/06/09 1:15 p.m.31 views

CVE-2025-49006

Wasp Web Application Specification is a Rails-like framework for React, Node.js, and Prisma. Prior to version 0.16.6, Wasp authentication has a vulnerability in the OAuth authentication implementation affecting only Keycloak with a specific config. Wasp currently lowercases OAuth user IDs before...

8.2CVSS0.00388EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2025/06/09 12:0 a.m.25 views

The vulnerability of the Framework component of the Android operating system, which allows a hacker to increase their privileges

The vulnerability of the Framework component in the Android operating system relates to the copying of buffers without checking the size of the input data. Exploiting this vulnerability can allow an attacker to increase their privileges...

7.4CVSS5.4AI score0.00106EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/06/09 12:0 a.m.7 views

The vulnerability of the Framework component of the Android operating system, which allows a hacker to increase their privileges

The vulnerability of the Framework component in the Android operating system relates to the copying of buffers without checking the size of the input data. Exploiting this vulnerability can allow an attacker to increase their privileges...

7.4CVSS5.4AI score0.00086EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/06/02 7:32 a.m.18 views

CVE-2025-0324

The VAPIX Device Configuration framework allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges...

9.4CVSS0.00338EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:52 a.m.4 views

CVE-2023-46131

Grails is a framework used to build web applications with the Groovy programming language. A specially crafted web request can lead to a JVM crash or denial of service. Any Grails framework application using Grails data binding is vulnerable. This issue has been patched in version 3.3.17, 4.1.3,...

7.5CVSS6.7AI score0.00722EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 1:58 a.m.10 views

CVE-2023-47130

Yii is an open source PHP web framework. yiisoft/yii before version 1.1.29 are vulnerable to Remote Code Execution RCE if the application calls unserialize on arbitrary user input. An attacker may leverage this vulnerability to compromise the host system. A fix has been developed for the 1.1.29...

9.8CVSS7.5AI score0.03147EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:24 a.m.7 views

CVE-2022-43484

TERASOLUNA Global Framework 1.0.0 Public review version and TERASOLUNA Server Framework for Java Rich 2.0.0.2 to 2.0.5.1 are vulnerable to a ClassLoader manipulation vulnerability due to using the old version of Spring Framework which contains the vulnerability.The vulnerability is caused by an...

7.8CVSS7.4AI score0.00407EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:13 p.m.5 views

CVE-2021-39770

In Framework, there is a possible disclosure of the device owner package due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid...

5.5CVSS6.3AI score0.00098EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:41 p.m.7 views

CVE-2021-38241

Deserialization issue discovered in Ruoyi before 4.6.1 allows remote attackers to run arbitrary code via weak cipher in Shiro framework...

9.8CVSS7.5AI score0.01029EPSS
Exploits0
CVE
CVE
added 2025/05/22 5:25 p.m.191 views

CVE-2025-48075

Summary: The CVE-2025-48075 entry concerns the GoFiber (fiber) web framework. Starting in versions 2.52.6 and earlier than 2.52.7, fiber.Ctx.BodyParser can map flat data to nested slices using key[idx]value syntax; if idx is negative, it panics instead of returning an error, potentially causing d...

8.7CVSS6.5AI score0.0044EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 4:20 p.m.10 views

CVE-2020-14531

Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM component: SWSE Server. Supported versions that are affected are 20.6 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful...

5.9CVSS6.5AI score0.0112EPSS
Exploits0
Rows per page
Query Builder