Lucene search
+L

98 matches found

ptsecurity
ptsecurity
added 2025/05/21 12:0 a.m.2 views

PT-2025-53579

Name of the Vulnerable Software and Affected Versions Moodle affected versions not specified Description The issue resides in insufficient protection of the web page structure within Moodle. Exploitation of this can allow a remote attacker to conduct a Cross-Site Scripting XSS attack. The flaw is...

7.3CVSS5.9AI score0.00266EPSS
Exploits0References12
cvelist
cvelist
added 2025/04/16 2:12 p.m.18 views

CVE-2025-22044 acpi: nfit: fix narrowing conversion in acpi_nfit_ctl

In the Linux kernel, the following vulnerability has been resolved: acpi: nfit: fix narrowing conversion in acpinfitctl Syzkaller has reported a warning in tonfitbusuuid: "only secondary bus families can be translated". This warning is emited if the argument is equal to NVDIMMBUSFAMILYNFIT == 0...

0.00185EPSS
Exploits0References8
vulncheck_kev
vulncheck_kev
added 2025/03/25 12:0 a.m.3 views

VulnCheck KEV: CVE-2021-35402

A vulnerability is present in Prolink PRC2402M that could allow unauthenticated remote adversaries to inject commands due to improper checks on input supplied to 'liveapi.cgi'...

10CVSS5.9AI score0.00955EPSS
Exploits0References1
bdu_fstec
bdu_fstec
added 2025/03/13 12:0 a.m.10 views

The vulnerability of the System Management Mode (SMM) mode of AMD microprogramming software allows a hacker to execute arbitrary code.

The vulnerability of the System Management Mode SMM mode of AMD microprogramming processor software is related to insufficient checking of input data. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

7.5CVSS5.8AI score0.0018EPSS
Exploits0References5Affected Software1
osv
osv
added 2025/02/18 4:1 p.m.7 views

USN-7272-1 symfony vulnerabilities

Soner Sayakci discovered that Symfony incorrectly handled cookie storage in the web cache. An attacker could possibly use this issue to obtain sensitive information and access unauthorized resources. CVE-2022-24894 Marco Squarcina discovered that Symfony incorrectly handled the storage of user...

8.8CVSS6.6AI score0.63422EPSS
Exploits1References10
cnnvd
cnnvd
added 2025/02/18 12:0 a.m.2 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the pfifotailenqueue function not properly validating input when processing queues. An attacker exploiting...

7CVSS6.6AI score0.00256EPSS
Exploits0References3
redhatcve
redhatcve
added 2025/02/05 9:43 p.m.12 views

CVE-2022-24707

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. UNION SQL injection and time-based blind injection vulnerabilities existed in Time Tracker Puncher plugin in versions of anuko timetracker prior to 1.20.0.5642. This was happening because the Puncher plugin...

8.8CVSS8AI score0.07159EPSS
Exploits5References1
redhatcve
redhatcve
added 2025/02/05 5:42 a.m.4 views

CVE-2024-49353

IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data 4.0.0 through 5.0.2 does not properly check inputs to resources that are used concurrently, which might lead to unexpected states, possibly resulting in a crash...

7.5CVSS6.7AI score0.00335EPSS
Exploits0References1
cnnvd
cnnvd
added 2024/12/04 12:0 a.m.7 views

Tenda AC6 安全漏洞

Tenda AC6V2 is a wireless router from Tenda China. A stack buffer overflow vulnerability exists in the Tenda AC6V2. The vulnerability stems from insufficient checking of the length or boundaries of input data to overwrite adjacent memory areas. An attacker could use this vulnerability to execute...

9.8CVSS8AI score0.00575EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2024/11/12 12:0 a.m.7 views

PT-2024-40524 · Unknown · Fast-Float

Name of the Vulnerable Software and Affected Versions: fast-float affected versions not specified Description: The fast-float library contains soundness issues, including undefined behavior when checking input length and functions marked as safe with non-local safety guarantees. The library is al...

6.9CVSS7.1AI score
Exploits0References6
rustsec
rustsec
added 2024/10/31 12:0 p.m.6 views

Multiple soundness issues

fast-float contains multiple soundness issues: 1. Undefined behavior when checking input length, which has been merged but no package pubished. 1. Many functions marked as safe with non-local safety guarantees The library is also unmaintained. Alternatives For quickly parsing floating-point numbe...

7.2AI score
Exploits0
susecve
susecve
added 2024/06/04 1:11 p.m.5 views

SUSE CVE-2020-14315

A memory corruption vulnerability is present in bspatch as shipped in Colin Percival's bsdiff tools version 4.3. Insufficient checks when handling external inputs allows an attacker to bypass the sanity checks in place and write out of a dynamically allocated buffer boundaries...

9.8CVSS9.5AI score0.02554EPSS
Exploits1References3
cnnvd
cnnvd
added 2024/05/30 12:0 a.m.5 views

Fuji Electric Monitouch V-SFT 缓冲区错误漏洞

Fuji Electric Monitouch V-SFT is a human-machine interface HMI configuration software developed by Fuji Electric, which is mainly used in industrial automation, providing touch screen interface design, PDF document viewing, video playback, alarm messages and other functions. Fuji Electric Monitou...

9.8CVSS7.4AI score0.0056EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2024/05/09 12:0 a.m.5 views

PT-2024-28717 · WordPress · Ht Mega – Absolute Addons For Elementor

Name of the Vulnerable Software and Affected Versions: HT Mega – Absolute Addons For Elementor plugin for WordPress versions up to, and including, 2.5.0 Description: The issue is related to Stored Cross-Site Scripting via the Tooltip & Popover Widget due to insufficient input sanitization and...

6.4CVSS6.2AI score0.00428EPSS
Exploits0References6
bdu_fstec
bdu_fstec
added 2024/03/20 12:0 a.m.6 views

The vulnerability of the WDAC OLE DB driver for SQL Server on the Windows operating system allows a hacker to execute arbitrary code.

The vulnerability of the WDAC OLE DB driver for SQL Server on the Windows operating system is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS8.3AI score0.02026EPSS
Exploits0References2
bdu_fstec
bdu_fstec
added 2024/02/09 12:0 a.m.5 views

The vulnerability of the PayDroid operating system arises from insufficient validation of input data, allowing a hacker to execute arbitrary code.

The vulnerability of the PayDroid operating system exists due to insufficient checks on input data. Exploiting this vulnerability could allow a hacker to execute arbitrary code...

7.6CVSS7.6AI score0.00663EPSS
Exploits1References5Affected Software1
veracode
veracode
added 2024/02/06 8:42 a.m.24 views

Denial Of Service (DoS)

graphql-go is vulnerable to Uncontrolled Recursion. The vulnerability is caused due to improper malformed input checks within parser.go, which results in Denial Of ServiceDoS...

7.5CVSS7AI score0.00783EPSS
Exploits1References4Affected Software1
bdu_fstec
bdu_fstec
added 2023/12/26 12:0 a.m.7 views

The vulnerability of the django.utils.encoding.uri_to_iri() component in the Django web application framework allows a attacker to cause a denial-of-service attack.

The vulnerability of the django.utils.encoding.irToIri component in the Django web application framework is related to an improper check on the number of data inputs. Exploiting this vulnerability could allow a remote attacker to cause a service failure. source-iocs-preserved...

7.8CVSS6.7AI score0.01273EPSS
Exploits0References14Affected Software4
bdu_fstec
bdu_fstec
added 2023/09/13 12:0 a.m.8 views

The vulnerability of the CMPapp component in CODESYS software products allows a hacker to trigger a service failure.

The vulnerability of the CMPapp component in CODESYS software products is related to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

6.8CVSS6.5AI score0.00519EPSS
Exploits0References4Affected Software16
redhat
redhat
added 2023/07/18 3:43 p.m.5 views

webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution

A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient input validation, which attackers could exploit to execute malicious code on affected systems...

8.8CVSS6.4AI score0.00819EPSS
Exploits0References5
Rows per page
Query Builder