Lucene search
+L

187 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-51415

Malicious code in bioql PyPI...

5.3CVSS5.4AI score0.00436EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-49940

Malicious code in bioql PyPI...

5.3CVSS6.5AI score0.00364EPSS
Exploits0References1
Wiz blog
Wiz blog
added 2025/09/09 12:20 p.m.7 views

Widespread npm Supply Chain Attack: Breaking Down Impact & Scope Across Debug, Chalk, and Beyond

A deeper look at the npm debug/chalk supply-chain incident: deobfuscating the wallet-hijacking browser interceptor, quantifying the 2-hour exposure with Wiz telemetry 99% package prevalence, 10% malware presence, and unpacking what made it spread so fast...

7AI score
Exploits0
CNNVD
CNNVD
added 2025/06/25 12:0 a.m.3 views

TOTOLINK CA300-PoE 命令注入漏洞

TOTOLINK CA300-PoE is a wireless access point from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK CA300-PoE ap.so file, which originates from the parameter hour/minute in the file ap.so failing to correctly filter constructed command special characters...

9.8CVSS7.7AI score0.02695EPSS
Exploits1References6
BDU FSTEC
BDU FSTEC
added 2025/05/29 12:0 a.m.5 views

The vulnerability of the setApRebootScheCfg() function in TOTOLINK CP900 router microprogramming software allows a intruder to execute arbitrary commands.

The vulnerability of the setApRebootScheCfg function in TOTOLINK CP900 router microprogramming software is related to the lack of measures to clean input data during the processing of the hour and minute parameters. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

6.5CVSS6AI score0.00884EPSS
Exploits1References2Affected Software1
Packet Storm News
Packet Storm News
added 2025/05/27 12:0 a.m.8 views

Evaluating AI Cyber Capabilities with Crowdsourced Elicitation

As AI systems become increasingly capable, understanding their offensive cyber potential is critical for informed governance and responsible deployment. However, it's hard to accurately bound their capabilities, and some prior evaluations dramatically underestimated them. The art of extracting...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 3:20 a.m.7 views

CVE-2023-24144

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the hour parameter in the setRebootScheCfg function...

9.8CVSS8AI score0.01946EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:14 a.m.10 views

CVE-2023-45649

Missing Authorization vulnerability in codepeople Appointment Hour Booking appointment-hour-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Appointment Hour Booking: from n/a through = 1.4.23...

5.3CVSS5.8AI score0.00364EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:38 p.m.13 views

CVE-2022-4034

The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.3.72. This makes it possible for unauthenticated attackers to embed untrusted input into content during booking creation that may be exported as a CSV file when a site's...

7.8CVSS7.4AI score0.00614EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:23 p.m.8 views

CVE-2021-24673

The Appointment Hour Booking WordPress plugin before 1.3.16 does not escape some of the Calendar Form settings, allowing high privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.7AI score0.00598EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:19 a.m.14 views

CVE-2019-13505

The Appointment Hour Booking plugin 1.1.44 for WordPress allows XSS via the E-mail field, as demonstrated by email1...

6.1CVSS5.9AI score0.01376EPSS
Exploits2References1
OSV
OSV
added 2025/05/01 3:16 p.m.3 views

CVE-2025-44836

TOTOLINK CPE CP900 V6.3c.1144B20190715 was discovered to contain a command injection vulnerability in the setApRebootScheCfg function via the hour or minute parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

6.3CVSS6.1AI score0.00884EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2025/04/30 12:0 a.m.7 views

The vulnerability of the setScheduleCfg function in the microprogramming software for TOTOLINK X5000R allows a hacker to execute arbitrary commands.

The vulnerability of the setScheduleCfg function in TOTOLINK X5000R router microprogramming software exists due to the lack of measures to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by manipulating the hour parameter...

9CVSS8.4AI score0.01573EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2025/04/29 12:0 a.m.9 views

Bookgy SQL注入漏洞

Bookgy is an online reservation management and booking system for all types of small and medium-sized businesses from Bookgy, Inc. Bookgy has an SQL injection vulnerability that originates from SQL injection of the IDTIPO, IDPISTA, and IDSOCIO parameters in the /bkgseleccionarhoraajax.php file...

9.8CVSS8AI score0.00331EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/02/28 2:23 a.m.4 views

SUSE CVE-2024-57953

In the Linux kernel, the following vulnerability has been resolved: rtc: tps6594: Fix integer overflow on 32bit systems The problem is this multiply in tps6594rtcsetoffset tmp = offset TICKSPERHOUR; The "tmp" variable is an s64 but "offset" is a long in the -277774-277774 range. On 32bit systems ...

5.5CVSS7.7AI score0.0021EPSS
Exploits0References3
NVD
NVD
added 2025/02/27 2:15 a.m.10 views

CVE-2024-57953

In the Linux kernel, the following vulnerability has been resolved: rtc: tps6594: Fix integer overflow on 32bit systems The problem is this multiply in tps6594rtcsetoffset tmp = offset TICKSPERHOUR; The "tmp" variable is an s64 but "offset" is a long in the -277774-277774 range. On 32bit systems ...

5.5CVSS0.0021EPSS
Exploits0References3
OSV
OSV
added 2025/02/27 2:15 a.m.4 views

UBUNTU-CVE-2024-57953

In the Linux kernel, the following vulnerability has been resolved: rtc: tps6594: Fix integer overflow on 32bit systems The problem is this multiply in tps6594rtcsetoffset tmp = offset TICKSPERHOUR; The "tmp" variable is an s64 but "offset" is a long in the -277774-277774 range. On 32bit systems ...

5.5CVSS6.2AI score0.0021EPSS
Exploits0References18
Debian CVE
Debian CVE
added 2025/02/27 2:7 a.m.8 views

CVE-2024-57953

In the Linux kernel, the following vulnerability has been resolved: rtc: tps6594: Fix integer overflow on 32bit systems The problem is this multiply in tps6594rtcsetoffset tmp = offset TICKSPERHOUR; The "tmp" variable is an s64 but "offset" is a long in the -277774-277774 range. On 32bit systems ...

5.5CVSS5.7AI score0.0021EPSS
Exploits0
Cvelist
Cvelist
added 2025/02/27 2:7 a.m.20 views

CVE-2024-57953 rtc: tps6594: Fix integer overflow on 32bit systems

In the Linux kernel, the following vulnerability has been resolved: rtc: tps6594: Fix integer overflow on 32bit systems The problem is this multiply in tps6594rtcsetoffset tmp = offset TICKSPERHOUR; The "tmp" variable is an s64 but "offset" is a long in the -277774-277774 range. On 32bit systems ...

0.0021EPSS
Exploits0References3
CVE
CVE
added 2025/02/27 2:7 a.m.92 views

CVE-2024-57953

CVE-2024-57953 affects the Linux kernel RTC driver (rtc: tps6594). On 32-bit systems a 64-bit tmp variable overflows when calculating tmp = offset * TICKS_PER_HOUR, because offset is a long and TICKS_PER_HOUR is very large (32768*3600). The description states the overflow occurs in tps6594_rtc_se...

5.5CVSS5.5AI score0.0021EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder