Lucene search
+L

39 matches found

RubySec
RubySec
added 2026/06/26 12:0 a.m.6 views

Fluentd is Vulnerable to Server-Side Request Forgery (SSRF) via Placeholder Expansion in `out_http`

The outhttp output plugin allows the use of placeholders such as $tag in the endpoint configuration parameter. It was discovered that if the placeholder value is derived from untrusted user input, an attacker can maliciously control the destination hostname of the outbound HTTP requests made by...

7.2CVSS5.9AI score0.00442EPSS
Exploits0References1Affected Software1
Drupal
Drupal
added 2026/06/24 12:0 a.m.7 views

OpenAI Provider - Moderately critical - Server-side Request Forgery - SA-CONTRIB-2026-053

This module enables you to use OpenAI as a provider for the AI module. The module doesn't sufficiently sanitize user-supplied URLs, leading to a Server-side request forgery SSRF vulnerability. This vulnerability is mitigated by the fact that an attacker must have the access to change the host url...

3.3CVSS5.9AI score0.00161EPSS
Exploits0References3
NVD
NVD
added 2026/06/12 3:16 p.m.12 views

CVE-2026-47135

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, Symbol.for override in setup-sandbox.js only intercepts 2 of 9 dangerous Node.js cross-realm symbols. Combined with the bridge's set/defineProperty/deleteProperty traps having no isDangerousCrossRealmSymbol key check, sandbox...

8.7CVSS0.00266EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/27 12:56 p.m.15 views

EUVD-2026-32413

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Triple fault if restore host CR3 fails on nested VMEXIT If loading L1's CR3 fails on a nested VMEXIT, nestedsvmvmexit returns an error code that is ignored by most callers, and continues to run L1 with corrupted state....

6AI score0.00116EPSS
Exploits0References2
CVE
CVE
added 2026/05/27 12:56 p.m.37 views

CVE-2026-46032

Summary: CVE-2026-46032 relates to Linux kernel KVM nSVM, where a failed restore of L1 host CR3 during a nested VMEXIT could leave L1 with corrupted state and trigger a triple fault instead of a clean recovery. The fix removes the nested_svm_vmexit return value and ensures proper cleanup, resulti...

5.5CVSS6AI score0.00116EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.12 views

LXD 安全漏洞

LXD is a Canonical open-source container-based system for managing applications on Linux systems. Prior to LXD 6.8, there was a security vulnerability. This vulnerability stemmed from the backup import path only verifying the backup/index.yaml file in the backup archive, without performing projec...

9.1CVSS5.8AI score0.00424EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/26 7:49 p.m.10 views

Contrast BadAML injection allows arbitrary code execution

BadAML BadAML is an AML injection attack that exploits the ACPI interface and allows arbitrary code execution in a confidential VM. The attack was first published in 2024: - - Impact An attacker with control over the host which is assumed in the attacker model of Contrast can execute malicious AM...

6.5AI score
Exploits0References4Affected Software1
SUSE Linux
SUSE Linux
added 2025/11/20 3:41 p.m.22 views

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues The following security issues were fixed: CVE-2022-50327: ACPI: processor: idle: Check acpifetchacpidev return value bsc1249859. CVE-2022-50334: hugetlbfs: fix null-ptr-deref in hugetlbfsparseparam bsc1249857...

8.8CVSS7.9AI score0.21314EPSS
Exploits0References856
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2013-0249

Malware in sbrugna...

4.3CVSS6AI score0.0059EPSS
Exploits0References7
Microsoft CVE
Microsoft CVE
added 2025/07/11 7:0 a.m.13 views

KVM: x86: Reset IRTE to host control if *new* route isn't postable

...

7.8CVSS7AI score0.00259EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2025/05/10 2:52 a.m.12 views

SUSE CVE-2025-37885

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Reset IRTE to host control if new route isn't postable Restore an IRTE back to host control remapped or posted MSI mode if the new GSI route prevents posting the IRQ directly to a vCPU, regardless of the GSI routing typ...

5.5CVSS6.4AI score0.00259EPSS
Exploits0References28
OSV
OSV
added 2025/05/09 7:16 a.m.8 views

DEBIAN-CVE-2025-37885

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Reset IRTE to host control if new route isn't postable Restore an IRTE back to host control remapped or posted MSI mode if the new GSI route prevents posting the IRQ directly to a vCPU, regardless of the GSI routing typ...

7.8CVSS5.6AI score0.00259EPSS
Exploits0References1
OSV
OSV
added 2025/05/09 7:16 a.m.10 views

UBUNTU-CVE-2025-37885

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Reset IRTE to host control if new route isn't postable Restore an IRTE back to host control remapped or posted MSI mode if the new GSI route prevents posting the IRQ directly to a vCPU, regardless of the GSI routing typ...

7.8CVSS6.2AI score0.00259EPSS
Exploits0References39
Debian CVE
Debian CVE
added 2025/05/09 6:45 a.m.13 views

CVE-2025-37885

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Reset IRTE to host control if new route isn't postable Restore an IRTE back to host control remapped or posted MSI mode if the new GSI route prevents posting the IRQ directly to a vCPU, regardless of the GSI routing typ...

7.8CVSS5.6AI score0.00259EPSS
Exploits0
OSV
OSV
added 2025/04/15 7:14 p.m.6 views

CVE-2025-30206 Dpanel's hard-coded JWT secret leads to remote code execution

Dpanel is a Docker visualization panel system which provides complete Docker management functions. The Dpanel service contains a hardcoded JWT secret in its default configuration, allowing attackers to generate valid JWT tokens and compromise the host machine. This security flaw allows attackers ...

9.8CVSS7.3AI score0.00777EPSS
Exploits0References3
OSV
OSV
added 2023/12/19 3:15 p.m.5 views

CVE-2023-6711

Vulnerability exists in SCI IEC 60870-5-104 and HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below. Specially crafted messages sent to the mentioned components are not validated properly and can result in buffer overflow and as final consequence to a reboot of an...

7.5CVSS6.1AI score0.00669EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.20 views

Debian: Security Advisory (DLA-473-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.7AI score0.02858EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 6:0 a.m.5 views

SUSE CVE-2010-0297

Buffer overflow in the usbhosthandlecontrol function in the USB passthrough handling implementation in usb-linux.c in QEMU before 0.11.1 allows guest OS users to cause a denial of service guest OS crash or hang or possibly execute arbitrary code on the host OS via a crafted USB packet...

7.2CVSS8AI score0.00515EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/06/03 12:0 a.m.5 views

TOTOLINK EX1200T 操作系统命令注入漏洞

TOTOLINK EX1200T is a Wi-Fi range extender from China-based Gion Electronics TOTOLINK.TOTOLINK EX1200T has a command injection vulnerability, which originates from the NTPSyncWithHost function of the file system containing a remote command injection issue that can be exploited by an attacker to...

9.8CVSS5.7AI score0.01876EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/01/24 12:0 a.m.7 views

SonicWall SSL-VPN Security Vulnerabilities

sonicwall ssl-vpn sonicwall ssl-vpn,vpn is a Vpn connectivity solution from SonicWALL Sonicwall. This product is used for remote secure connections. SonicWallSSL-VPN 8.0.0.4 before the version of the security vulnerabilities, remote attackers use the CGI program to deal with logical...

6AI score
Exploits0References1
Rows per page
Query Builder