9002 matches found
CVE-2025-11046
CVE-2025-11046 affects Tencent WeKnora 0.1.0. The vulnerability resides in the testEmbeddingModel function under /api/v1/initialization/embedding/test, where manipulating the baseUrl argument can trigger server-side request forgery (SSRF) and may be exploited remotely. The exploit has been releas...
GHSA-Q6HV-WCJR-WP8H kcp is missing update validation allows arbitrary LogicalCluster status patches through initializingworkspaces Virtual Workspace
Impact Because UPDATE validation is not being applied, it is possible for an actor with access to an instance of the initializingworkspaces virtual workspace to run arbitrary patches on the status field of LogicalCluster objects while the workspace is initializing. This allows to add or remove an...
kcp is missing update validation allows arbitrary LogicalCluster status patches through initializingworkspaces Virtual Workspace
Impact Because UPDATE validation is not being applied, it is possible for an actor with access to an instance of the initializingworkspaces virtual workspace to run arbitrary patches on the status field of LogicalCluster objects while the workspace is initializing. This allows to add or remove an...
CVE-2025-60250
Unitree Go2, G1, H1, and B2 devices through 2025-09-20 decrypt BLE packet data by using the df98b715d5c6ed2b25817b6f2554124a key and the 2841ae97419c2973296a0d4bdfe19a4f IV...
CVE-2025-60250
Unitree Go2, G1, H1, and B2 devices through 2025-09-20 decrypt BLE packet data by using the df98b715d5c6ed2b25817b6f2554124a key and the 2841ae97419c2973296a0d4bdfe19a4f IV...
WeKnora 代码问题漏洞
WeKnora is an LLM-based framework open-sourced by Tencent, with features such as deep document understanding, semantic retrieval and context-aware answers using the RAG paradigm. A code issue vulnerability exists in WeKnora version 0.1.0, which stems from incorrect manipulation of the parameter...
CVE-2025-60250
Unitree Go2, G1, H1, and B2 devices have a vulnerability (CVE-2025-60250) where BLE packet data can be decrypted using the specific key df98b715d5c6ed2b25817b6f2554124a and IV 2841ae97419c2973296a0d4bdfe19a4f. Connected sources confirm this cryptographic exposure through 2025-09-20; CVSS shows Ad...
CVE-2025-10824
A vulnerability was determined in axboe fio up to 3.41. This impacts the function parsejobsini of the file init.c. Executing manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized...
Ensure That the su Command Inherits the User Environment Variables Without Escalating Privileges
The su command enables a common user to have the permissions of the superuser or other users. It is often used for switching the user from a common user to the root user. The su command provides a convenient way for users to change their identities. However, if the su command is run without...
GHSA-8V65-5FW5-23WJ node-cube vulnerable to prototype pollution
The node-cube package prior to version 5.0.0 contains a vulnerability in its handling of prototype chain initialization, which could allow an attacker to inject properties into the prototype of built-in objects. This issue, categorized under CWE-1321, arises from improper validation of...
node-cube vulnerable to prototype pollution
The node-cube package prior to version 5.0.0 contains a vulnerability in its handling of prototype chain initialization, which could allow an attacker to inject properties into the prototype of built-in objects. This issue, categorized under CWE-1321, arises from improper validation of...
CVE-2025-57348
The node-cube package prior to version 5.0.0 contains a vulnerability in its handling of prototype chain initialization, which could allow an attacker to inject properties into the prototype of built-in objects. This issue, categorized under CWE-1321, arises from improper validation of...
CVE-2025-57348
The node-cube package prior to version 5.0.0 contains a vulnerability in its handling of prototype chain initialization, which could allow an attacker to inject properties into the prototype of built-in objects. This issue, categorized under CWE-1321, arises from improper validation of...
kernel: i2c/designware: Fix an initialization issue
This CVE has been marked as Rejected by the assigning CNA...
kernel: i2c/designware: Fix an initialization issue
This CVE has been marked as Rejected by the assigning CNA...
kernel: i2c/designware: Fix an initialization issue
This CVE has been marked as Rejected by the assigning CNA...
kernel: i2c/designware: Fix an initialization issue
This CVE has been marked as Rejected by the assigning CNA...
kernel: i2c/designware: Fix an initialization issue
This CVE has been marked as Rejected by the assigning CNA...
kernel: i2c/designware: Fix an initialization issue
This CVE has been marked as Rejected by the assigning CNA...
kernel: i2c/designware: Fix an initialization issue
This CVE has been marked as Rejected by the assigning CNA...