Lucene search
K

268 matches found

CVE
CVE
added 2025/03/31 9:34 p.m.139 views

CVE-2025-31674

The CVE-2025-31674 entry concerns Drupal core vulnerability: Improperly Controlled Modification of Dynamically-Determined Object Attributes, enabling Object Injection. Affected Drupal core versions are 8.0.0–before 10.3.13, 10.4.0–before 10.4.3, 11.0.0–before 11.0.12, and 11.1.0–before 11.1.3. Th...

7.5CVSS6.6AI score0.005EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/03/19 1:37 a.m.7 views

GHSA-RRH3-CGMX-W62F Additional TCA Allows Cross-Site Scripting (XSS)

A cross-site scripting XSS vulnerability has been discovered in the Additional TCA extension. This vulnerabily is exploitable by a logged in backend user utilizing the TYPO3 backend user interface. This user can create output in the HTML context by exploiting improperly encoded user input. Update...

5.5CVSS5.7AI score0.0036EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/03/06 7:0 p.m.7 views

CVE-2025-27509 SAML authentication vulnerability due to improper SAML response validation

fleetdm/fleet is an open source device management, built on osquery. In vulnerable versions of Fleet, an attacker could craft a specially-formed SAML response to forge authentication assertions, provision a new administrative user account if Just-In-Time JIT provisioning is enabled, or create new...

9.3CVSS7.1AI score0.00623EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/28 9:6 p.m.10 views

CVE-2025-27414 MinIO SFTP authentication bypass due to improperly trusted SSH key

MinIO is a high performance object storage. Starting in RELEASE.2024-06-06T09-36-42Z and prior to RELEASE.2025-02-28T09-55-16Z, a bug in evaluating the trust of the SSH key used in an SFTP connection to MinIO allows authentication bypass and unauthorized data access. On a MinIO server with SFTP...

8.2CVSS6.5AI score0.00512EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/05 7:29 a.m.6 views

CVE-2024-23363

Transient DOS while processing an improperly formatted Fine Time Measurement FTM management frame...

7.5CVSS7AI score0.00263EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/04 12:0 a.m.2 views

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices SMR Feb-2025 Release 1, which stems from an improperly exported Android application componen...

5.5CVSS6.5AI score0.00128EPSS
Exploits0References1
CVE
CVE
added 2024/12/18 7:56 p.m.84 views

CVE-2024-51470

CVE-2024-51470 affects IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS/CD, 9.4 LTS/CD, IBM MQ Appliance 9.3 LTS/CD/9.4 LTS, and IBM MQ for HPE NonStop 8.1.0–8.1.0.25, allowing an authenticated user to cause a denial-of-service via messages with improperly set values. The root cause is improper handling of unusu...

6.5CVSS6.3AI score0.00655EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2024/12/18 7:56 p.m.19 views

CVE-2024-51470 IBM MQ denial of service

IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25 could allow an authenticated user to cause a denial-of-service due to messages with improperly set values...

6.5CVSS0.00655EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/12/18 7:56 p.m.17 views

CVE-2024-51470 IBM MQ denial of service

IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25 could allow an authenticated user to cause a denial-of-service due to messages with improperly set values...

6.5CVSS6.7AI score0.00655EPSS
Exploits0References3
OSV
OSV
added 2024/12/12 2:4 a.m.2 views

CVE-2024-49128

Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network...

8.1CVSS5.9AI score0.01132EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/14 5:3 p.m.17 views

CVE-2024-45736 Improperly Formatted ‘INGEST_EVAL’ Parameter Crashes Splunk Daemon

In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204, and 9.1.2312.111, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a search query with an improperly formatted "INGESTEVAL"...

6.5CVSS6.9AI score0.00541EPSS
Exploits0References2
CVE
CVE
added 2024/10/14 5:3 p.m.69 views

CVE-2024-45736

CVE-2024-45736 affects Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204, and 9.1.2312.111. A low-privileged user without admin/power roles can craft a search query with an improperly formatted INGEST_EVAL parameter in a ...

6.5CVSS6.5AI score0.00541EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2024/10/14 8:20 a.m.45 views

CVE-2024-9139

CVE-2024-9139 relates to an OS command injection in MOXA devices (notably MOXA EDR-8010, EDR-G9004, EDR-G9010, EDF-G1002-BP, NAT-102, G4302-LTE4, TN-4900 among others). The root cause is failure to neutralize special elements in restricted commands, enabling a remote attacker to execute arbitrary...

8.6CVSS7.5AI score0.01385EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/09 8:3 p.m.12 views

CVE-2024-30118 HCL Connections is susceptible to a sensitive information disclosure vulnerability

HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to because of improperly handling the request data...

3.5CVSS6.2AI score0.00287EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/09/27 12:0 a.m.4 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an improperly initialized pointer...

7.8CVSS6.5AI score0.00256EPSS
Exploits0References11
OSV
OSV
added 2024/09/06 12:0 p.m.14 views

RUSTSEC-2024-0371 gix-path improperly resolves configuration path reported by Git

Summary gix-path runs git to find the path of a configuration file associated with the git installation, but improperly resolves paths containing unusual or non-ASCII characters, in rare cases enabling a local attacker to inject configuration leading to code execution. Details In gixpath::env, th...

6CVSS6.9AI score0.00257EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/09/04 12:0 a.m.2 views

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc. from Samsung South Korea. A security vulnerability exists in SAMSUNG Mobile devices SMR Sep-2024 Release 1 version and prior versions, which stems from an issue where the FeliCaTest component contai...

5.1CVSS6.6AI score0.00137EPSS
Exploits0References2
OSV
OSV
added 2024/08/21 4:3 p.m.9 views

GO-2022-0936 Improperly Implemented path matching for in-toto-golang in github.com/in-toto/in-toto-golang

Improperly Implemented path matching for in-toto-golang in github.com/in-toto/in-toto-golang...

6.5CVSS6.4AI score0.00416EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/08/14 1:49 p.m.11 views

CVE-2024-7790 DevikaAI Stored Cross-Site Scripting

A stored cross site scripting vulnerabilities exists in DevikaAI from commit 6acce21fb08c3d1123ef05df6a33912bf0ee77c2 onwards via improperly decoded user input...

6.5CVSS6.3AI score0.00318EPSS
Exploits1References1
CVE
CVE
added 2024/08/14 1:49 p.m.44 views

CVE-2024-7790

CVE-2024-7790 describes a stored cross-site scripting vulnerability in DevikaAI affecting input handling since commit 6acce21fb08c3d1123ef05df6a33912bf0ee77c2. The root cause cited is improperly decoded user input , enabling a stored XSS condition. The CVE entries and connected sources consistent...

6.5CVSS6.4AI score0.00318EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder