Lucene search
K

73 matches found

RedHat Linux
RedHat Linux
added 2026/06/08 3:14 a.m.10 views

jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication

A flaw was found in pgjdbc, an open-source PostgreSQL JDBC Driver. A malicious server can exploit this vulnerability by instructing the driver to perform SCRAM-SHA-256 Salted Challenge Response Authentication Mechanism Secure Hash Algorithm 256 authentication with an excessively large iteration...

7.5CVSS5.4AI score0.0077EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/20 9:31 p.m.5 views

EUVD-2026-23954

A local attacker who can execute privileged CSR operations or can induce firmware to do so performs carefully crafted reads/writes to menvcfg e.g., csrrs in M-mode. On affected XiangShan versions commit aecf601e803bfd2371667a3fb60bfcd83c333027, 2024-11-19, these menvcfg accesses can unexpectedly...

5.8AI score0.00112EPSS
Exploits0References5
NVD
NVD
added 2026/04/02 8:16 p.m.3 views

CVE-2026-34761

Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, Ella Core panics when processing a NGAP handover failure message. An attacker able to cause a gNodeB to send NGAP handover failure messages to Ella Core can crash the process, causing service disruption for all connecte...

6.5CVSS0.00317EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/01 12:0 a.m.2 views

Covert Timing Channel

Overview Affected versions of this package are vulnerable to Covert Timing Channel via timing differences in RSA and CBC/ECB decryption operations when the LLVM compiler's select-optimize feature is enabled. An attacker can infer sensitive information, such as cryptographic keys, by analyzing the...

5.9CVSS5.8AI score0.0027EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.6 views

IBM DataPower Gateway 跨站请求伪造漏洞

IBM DataPower Gateway is an enterprise-grade application security gateway that provides API management and traffic control capabilities. A cross-site request forgery vulnerability exists in IBM DataPower Gateway. The vulnerability arises because the system fails to effectively validate the source...

8.8CVSS5.7AI score0.00167EPSS
Exploits0References1
CVE
CVE
added 2026/02/10 7:15 p.m.11 views

CVE-2025-0029

CVE-2025-0029 describes an AMD SEV-SNP-related vulnerability where improper handling of an error condition during host-induced faults can allow a local, high-privileged attacker to selectively drop guest DMA writes, potentially compromising SEV-SNP guest memory integrity. The issue is rooted in t...

1.8CVSS5.5AI score0.00115EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/10 7:15 p.m.26 views

CVE-2025-0029

Improper handling of error condition during host-induced faults can allow a local high-privileged attack to selectively drop guest DMA writes, potentially resulting in a loss of SEV-SNP guest memory integrity...

1.8CVSS0.00115EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/01/21 10:17 p.m.168 views

Exploit for Cross-site Scripting in Exponentcms Exponent_Cms

Synthetic Test Case: CVE-2017-8085 CWE: CWE-79 Origin...

6.1CVSS5.6AI score0.01147EPSS
Exploits1
Packet Storm News
Packet Storm News
added 2025/12/20 12:0 a.m.27 views

AI Code in the Wild: Measuring Security Risks and Ecosystem Shifts of AI-Generated Code in Modern Software

Large language models LLMs for code generation are becoming integral to modern software development, but their real-world prevalence and security impact remain poorly understood. We present the first large-scale empirical study of AI-generated code AIGCode in the wild. We build a high-precision...

7.1AI score
Exploits0
OSV
OSV
added 2025/11/12 4:47 p.m.2 views

MAL-2025-160142 Malicious code in masako-be-lisa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 398fe1098bde6f56dc07c7540c143ec5e544478a184bd8e068c6cbabf1eb461b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/10/08 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2023-53517

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tipc: do not update mtu if msgmax is too small in mtu negotiation When doing link mtu negotiation, a malicious peer may send Activate msg with a very small mtu,...

5.5CVSS6.1AI score0.00135EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-42704

Malicious code in bioql PyPI...

9.3CVSS6.6AI score0.00553EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-29160

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00346EPSS
Exploits0References3
CNVD
CNVD
added 2025/09/16 12:0 a.m.4 views

Unspecified vulnerability in curl (CNVD-2025-21413)

curl is cURL open source a tool for transferring data from or to the server . There is a security vulnerability in curl that can be exploited by attackers that may cause malicious server-induced traffic to be mistaken for real HTTP traffic by proxy servers, thereby polluting their caches...

5.3CVSS6.5AI score0.00466EPSS
Exploits0References1
NVD
NVD
added 2025/09/15 8:15 a.m.2 views

CVE-2025-41713

During a short time frame while the device is booting an unauthenticated remote attacker can send traffic to unauthorized networks due to the switch operating in an undefined state until a CPU-induced reset allows proper configuration...

6.5CVSS0.00346EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/15 8:0 a.m.8 views

CVE-2025-41713 WAGO: Vulnerability in hardware switch circuit

During a short time frame while the device is booting an unauthenticated remote attacker can send traffic to unauthorized networks due to the switch operating in an undefined state until a CPU-induced reset allows proper configuration...

6.5CVSS0.00346EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/15 8:0 a.m.2 views

CVE-2025-41713 WAGO: Vulnerability in hardware switch circuit

During a short time frame while the device is booting an unauthenticated remote attacker can send traffic to unauthorized networks due to the switch operating in an undefined state until a CPU-induced reset allows proper configuration...

6.5CVSS6.6AI score0.00346EPSS
Exploits0References2
CVE
CVE
added 2025/09/15 8:0 a.m.14 views

CVE-2025-41713

CVE-2025-41713 refers to a vulnerability in WAGO hardware switches where, during boot, the switch may operate in an undefined state. This can allow an unauthenticated remote attacker to forward traffic to networks that should be unauthorized until a CPU-induced reset reconfigures the device. Affe...

6.5CVSS6.6AI score0.00346EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/09/12 12:0 a.m.5 views

curl 安全漏洞

curl is cURL open source a tool for transferring data from or to the server . There is a security vulnerability in curl that can be exploited by attackers that may cause malicious server-induced traffic to be mistaken for real HTTP traffic by proxy servers, thereby polluting their caches...

5.3CVSS6.7AI score0.00466EPSS
Exploits0References4
CVE
CVE
added 2025/08/12 5:14 a.m.22 views

CVE-2025-3892

CVE-2025-3892 concerns Axis devices running ACAP; the issue allows elevated privileges when an Axis device is configured to allow unsigned ACAP applications and a malicious ACAP app is installed after user trickery. The CVSS details indicate LOCAL exploitation with HIGH privileges required, high ...

6.7CVSS7.1AI score0.00136EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder