Lucene search
K

216 matches found

ATTACKERKB
ATTACKERKB
added 2025/05/06 9:15 a.m.3 views

CVE-2025-21469

Memory corruption while processing image encoding, when input buffer length is 0 in IOCTL call...

7.8CVSS6AI score0.00079EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/05/06 12:0 a.m.1 views

Qualcomm Chipsets 访问控制错误漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. An access control error vulnerability exists in Qualcomm Chipsets, which stems from a memory corruption caused by an input buffer length of zero in the IOCTL call when processing image encoding...

7.8CVSS7AI score0.00079EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/04/07 7:9 p.m.11 views

estree-util-value-to-estree allows prototype pollution in generated ESTree

Impact When generating an ESTree from a value with a property named proto, valueToEstree would generate an object that specifies a prototype instead. Example: js import generate from 'astring' import valueToEstree from 'estree-util-value-to-estree' const estree = valueToEstree 'proto': const code...

6.9CVSS7.2AI score0.00392EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2025/04/07 12:0 a.m.3 views

Qualcomm Chipsets 代码问题漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A code issue vulnerability exists in Qualcomm Chipsets that stems from a memory corruption that occurs when processing IOCTL calls...

7.8CVSS7.1AI score0.001EPSS
Exploits0References3
NVD
NVD
added 2025/01/24 5:15 p.m.12 views

CVE-2025-24359

ASTEVAL is an evaluator of Python expressions and statements. Prior to version 1.0.6, if an attacker can control the input to the asteval library, they can bypass asteval's restrictions and execute arbitrary Python code in the context of the application using the library. The vulnerability is...

8.4CVSS0.00229EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/01/24 12:0 a.m.2 views

ASTEVAL 安全漏洞

ASTEVAL is an open source library from lmfit that uses the ast module for parsimony evaluation of python expressions. A security vulnerability exists in ASTEVAL versions prior to 1.0.6, which stems from If an attacker has control over the inputs to the asteval library, it is possible to bypass...

8.4CVSS7.2AI score0.00229EPSS
Exploits0References4
OSV
OSV
added 2025/01/05 3:15 p.m.3 views

CVE-2025-0221

A vulnerability has been found in IOBit Protected Folder up to 1.3.0 and classified as problematic. This vulnerability affects the function 0x22200c in the library pffilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. The attack needs to be approached...

5.5CVSS4.4AI score
Exploits0References4
OSV
OSV
added 2024/12/27 2:15 p.m.4 views

DEBIAN-CVE-2024-53203

In the Linux kernel, the following vulnerability has been resolved: usb: typec: fix potential array underflow in ucsiccgsynccontrol The "command" variable can be controlled by the user via debugfs. The worry is that if conindex is zero then "&uc-ucsi-connectorconindex - 1" would be an array...

7.8CVSS5.9AI score0.0024EPSS
Exploits0References1
OSV
OSV
added 2024/12/16 2:3 p.m.11 views

BIT-NODE-MIN-2022-21824

Due to the formatting logic of the "console.table" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "proto". The prototype pollution has...

8.2CVSS8.4AI score0.21514EPSS
Exploits0References9
CVE
CVE
added 2024/10/24 4:20 p.m.43 views

CVE-2024-9692

CVE-2024-9692 affects VIMESA VHF/FM Transmitter Blue Plus (version 9.7.1). The vulnerability is an Improper Access Control (CWE-284) that allows an unauthenticated remote attacker to send an unauthorized HTTP GET request to the unprotected doreboot endpoint, causing a DoS by restarting transmitte...

6.9CVSS6.6AI score0.00377EPSS
Exploits1References1
OSV
OSV
added 2024/09/10 7:42 p.m.51 views

GHSA-M6FV-JMCG-4JFG send vulnerable to template injection that can lead to XSS

Impact passing untrusted user input - even after sanitizing it - to SendStream.redirect may execute untrusted code Patches this issue is patched in send 0.19.0 Workarounds users are encouraged to upgrade to the patched version of express, but otherwise can workaround this issue by making sure any...

5CVSS6.9AI score0.00511EPSS
Exploits0References5
NVD
NVD
added 2024/08/27 1:15 p.m.24 views

CVE-2024-3980

The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names that are used in filesystem operations. If exploited the vulnerability allows the attacker to access or modify system files or other files that are critical to the application...

9.9CVSS0.00611EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/08/27 12:42 p.m.13 views

CVE-2024-3980

The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names that are used in filesystem operations. If exploited the vulnerability allows the attacker to access or modify system files or other files that are critical to the application...

9.9CVSS8.7AI score0.00611EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/08/27 12:42 p.m.24 views

CVE-2024-3980

The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names that are used in filesystem operations. If exploited the vulnerability allows the attacker to access or modify system files or other files that are critical to the application...

9.9CVSS0.00611EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/03/13 12:0 a.m.5 views

PT-2025-2513 · Qualcomm · Qualcomm Embedded Platform Microcode

Name of the Vulnerable Software and Affected Versions: Qualcomm embedded platform microcode affected versions not specified Description: The issue is related to the hab ioctl function in Qualcomm's microcode, which is vulnerable to a buffer overflow in memory. This can lead to the disclosure of...

6.1CVSS7.3AI score0.00095EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/03/11 12:0 a.m.5 views

Google Pixel Security Breach

Google Pixel is a smartphone from Google, Inc. in the United States. Google Pixel suffers from a security vulnerability that stems from a type confusion in the aocunlockedioctl method of the aoc.c file could lead to memory corruption...

8.4CVSS6.7AI score0.0009EPSS
Exploits0References3
Veracode
Veracode
added 2023/08/31 7:23 a.m.16 views

Regular Expression Denial Of Service (ReDoS)

mathjax is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability exists due to inefficient regular expression complexity in the components and markdown patterns, which allows an attacker to slow down the application if they can control the input to the MathJax.Message.Set or...

7.5CVSS6.8AI score0.00703EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2023/03/28 12:0 a.m.3 views

Cmcm Drivergenius 缓冲区错误漏洞

Cmcm Drivergenius Driver Genius is a software for Windows system to solve the driver adaptation update and download from China Beijing Cheetah Mobile Technology Co Ltd Cmcm company. A security vulnerability exists in Cmcm Drivergenius version 9.70.0.346, which originates from a problem with the...

7.8CVSS6.1AI score0.00227EPSS
Exploits0References6
CNVD
CNVD
added 2023/03/16 12:0 a.m.19 views

SAP NetWeaver AS Input Validation Error Vulnerability (CNVD-2023-28124)

SAP NetWeaver AS is a SAP Web Application Server from SAP Germany. It not only provides network services, but also is the basic platform for SAP software. SAP NetWeaver AS suffers from an input validation error vulnerability, which stems from faulty input control and can be exploited by an attack...

7.7AI score0.0037EPSS
Exploits0
OSV
OSV
added 2023/03/14 7:15 p.m.2 views

UBUNTU-CVE-2023-28339

OpenDoas through 6.8.2, when TIOCSTI is available, allows privilege escalation because of sharing a terminal with the original session. NOTE: TIOCSTI is unavailable in OpenBSD 6.0 and later, and can be made unavailable in the Linux kernel 6.2 and later...

8.8CVSS5.8AI score0.00642EPSS
Exploits0References4
Rows per page
Query Builder