Lucene search
K

124 matches found

BDU FSTEC
BDU FSTEC
added 2025/03/25 12:0 a.m.4 views

The vulnerability of the kvm_set_cpuid() function in the arch/x86/kvm/cpuid.c module of the virtualization subsystem on the Linux kernel-based x86 platform allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the kvmsetcpuid function in the arch/x86/kvm/cpuid.c module of the virtualization subsystem on the Linux kernel-based x86 platform is related to code errors. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility ...

5.3CVSS6AI score0.00179EPSS
Exploits0References7Affected Software2
RedhatCVE
RedhatCVE
added 2025/02/05 1:26 a.m.6 views

CVE-2024-11015

The Sign In With Google plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.8.0. This is due to the 'authenticateuser' user function not implementing sufficient null value checks when setting the access token and user information. This makes it...

9.8CVSS7AI score0.00769EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/01/21 12:0 a.m.5 views

The vulnerability of the remember() function in the Laravel Pulse performance monitoring and application usage analysis tool allows a hacker to execute arbitrary code.

The vulnerability of the remember function in the Laravel Pulse performance monitoring and application usage analysis tool is related to improper code generation. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

10CVSS6AI score0.28571EPSS
Exploits3References3Affected Software1
OSV
OSV
added 2024/12/18 9:15 p.m.7 views

AZL-54467 CVE-2024-45338 affecting package cni for versions less than 1.1.2-4

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

5.3CVSS6.6AI score0.00856EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/09/24 12:0 a.m.6 views

The vulnerability of the eval function in software platforms for automating data exchange between MindsDB queues allows a hacker to execute arbitrary code.

The vulnerability of the eval function in software platforms for automating data exchange between MindsDB queues is related to improper code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by introducing a specially crafted “SELECT WHERE” query...

9CVSS6AI score0.02148EPSS
Exploits1References5Affected Software1
CNVD
CNVD
added 2024/09/20 12:0 a.m.6 views

Unspecified Vulnerability in D-Link DCS-960L

D-Link DCS-960L is a webcam product from China AUO D-Link. A security vulnerability exists in the D-Link DCS-960L version 1.09, which originates from a flaw in the handling of the login function of the HNAP service and can be exploited by an attacker to execute arbitrary code...

8.8CVSS7.5AI score0.00885EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/08/26 12:0 a.m.5 views

PT-2024-38849

Name of the Vulnerable Software and Affected Versions: Chengdu Everbrite Network Technology BeikeShop versions up to 1.5.5 Description: A critical issue has been found, affecting the rename function of the file /Admin/Http/Controllers/FileManagerController.php. The manipulation of the new name...

8.8CVSS6AI score0.00548EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2024/06/21 12:0 a.m.5 views

PT-2024-20203 · Alpine · Alpine Halo9

Name of the Vulnerable Software and Affected Versions: Alpine Halo9 affected versions not specified Description: This issue allows physically present attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this issue. The...

6.8CVSS6.7AI score0.00975EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2024/06/17 12:0 a.m.8 views

The vulnerability of the gfs2PutSuper() function in the gfs2 file system of Linux kernels allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the gfs2PutSuper function in the fs/gfs2/super.c file of the Linux kernel’s file system gfs2 is related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of th...

7.8CVSS7.2AI score0.00269EPSS
Exploits0References11Affected Software3
RedHat Linux
RedHat Linux
added 2024/06/05 12:36 a.m.3 views

kernel: uio: Fix use-after-free in uio_open

A flaw was found in the Linux kernel’s uio subsystem. A use-after-free memory flaw in the uioopen functionality allows a local user to crash or escalate their privileges on the system...

7.8CVSS6.6AI score0.00299EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/03/08 12:0 a.m.6 views

Django MarkdownX Cross-Site Scripting Vulnerability

Django MarkdownX is a comprehensive Markdown plugin built for Django with flexibility, extensibility and ease of use at its core. A cross-site scripting vulnerability exists in Django MarkdownX version 4.0.2 that stems from a lack of proper cleanup of JavaScript elements. An attacker can exploit...

6.1CVSS6.2AI score0.00386EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/03/04 12:0 a.m.6 views

The vulnerability of the run() function in the FreeIPA server’s script allows a perpetrator to gain unauthorized access to protected information or cause service failures.

The vulnerability of the run function in the ipautil.py script of the FreeIPA server is related to insufficient validation of input data during session establishment when processing the user parameter /sip/session/loginpassword. Exploiting this vulnerability can allow a malicious actor to gain...

5.3CVSS6.3AI score0.0111EPSS
Exploits1References26Affected Software4
CNNVD
CNNVD
added 2023/12/06 12:0 a.m.4 views

Artifex Software Ghostscript Security Vulnerability

Artifex Software Ghostscript is an open source parser for Postscript a page description language and programming language used in the electronics industry and desktop publishing from Artifex Software, Inc. The product can display Postscript files as well as print Postscript files on non-Postscrip...

7.5CVSS7.4AI score0.0153EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2023/11/18 12:0 a.m.5 views

The vulnerability of the __flush() function in the libc library of the FreeBSD operating system allows a hacker to execute arbitrary code.

The vulnerability of the flush function in the libc library of the FreeBSD operating system is related to writing data beyond the buffer in memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

10CVSS8.3AI score0.01073EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/11/04 12:0 a.m.9 views

The vulnerability of the exec() function in the execQuoted() method of the ilUtil class (/Services/Utilities/classes/class.ilUtil.php) of the ILIAS learning management and support system allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the exec function in the execQuoted method of the ilUtil class /Services/Utilities/classes/class.ilUtil.php of the ILIAS training and support management system is related to the lack of measures for cleaning input data. Exploiting this vulnerability could allow a remote...

9CVSS7.7AI score0.00765EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2023/08/28 10:15 p.m.1 views

DEBIAN-CVE-2023-40828

An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function...

7.5CVSS7.8AI score0.01293EPSS
Exploits0References1
Code423n4
Code423n4
added 2023/08/07 12:0 a.m.12 views

cleanup() does not properly handle debt repayment

Lines of code Vulnerability details Impact The cleanup... function in the PositionManager.sol contract is used to deposit remaining users assets back to ROE, repaying debt if any. However the users debt will not be repaid if the user has debt leading to loss of funds for the lenders and the proje...

6.7AI score
Exploits0
Hacker One
Hacker One
added 2023/05/15 10:10 p.m.101 views

U.S. Dept Of Defense: Reflected xss on https://█████████

The website was vulnerable to a reflected XSS attack due to a flaw in the check that verifies the validity of the redirect URL. Attackers could exploit this vulnerability to execute malicious scripts on the victim's browser, leading to potential account takeover, phishing, and other malicious...

6.2AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/03/27 12:0 a.m.8 views

The vulnerability of the stat() function in the OverlayFS subsystem of Linux kernels allows attackers to increase their privileges.

The vulnerability of the stat function in the OverlayFS subsystem of Linux operating systems is related to deficiencies in access control when processing setuid and setgid attributes. Exploiting this vulnerability can allow attackers to enhance their privileges...

7.8CVSS7AI score0.0788EPSS
Exploits14References11Affected Software7
BDU FSTEC
BDU FSTEC
added 2023/02/13 12:0 a.m.7 views

The vulnerability of the exec() function implementation in D-Link DIR-846 router software allows a hacker to execute arbitrary commands.

The vulnerability of the exec function implementation in D-Link DIR-846 router microprogramming software is related to the failure to take measures to neutralize special elements used in the operating system’s command when processing the lan0dhcpsstaticlist parameter. Exploiting this vulnerabilit...

9.1CVSS8.1AI score0.10503EPSS
Exploits4References8
Rows per page
Query Builder