Lucene search
K

80 matches found

Debian CVE
Debian CVE
added 2025/04/21 12:0 a.m.6 views

CVE-2025-43970

An issue was discovered in GoBGP before 3.35.0. pkg/packet/mrt/mrt.go does not properly check the input length, e.g., by ensuring that there are 12 bytes or 36 bytes depending on the address family...

5.3CVSS4.3AI score0.00356EPSS
Exploits0
NVD
NVD
added 2025/04/10 7:15 a.m.13 views

CVE-2024-13896

The WP-GeSHi-Highlight — rock-solid syntax highlighting for 259 languages WordPress plugin through 1.4.3 processes user-supplied input as a regular expression via the wpgeshifilterreplacecode function, which could lead to Regular Expression Denial of Service ReDoS issue...

6.5CVSS0.00402EPSS
Exploits1References1
OSV
OSV
added 2025/04/07 2:37 p.m.122 views

CVE-2025-30373 Graylog Authenticated HTTP inputs do ingest message even if Authorization header is missing or has wrong value

Graylog is a free and open log management platform. Starting with 6.1, HTTP Inputs can be configured to check if a specified header is present and has a specified value to authenticate HTTP-based ingestion. Unfortunately, even though in cases of a missing header or a wrong value the correct HTTP...

6.5CVSS6.4AI score0.00289EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/04/01 12:0 a.m.6 views

PT-2025-14132 · Unknown · Dima Take Action

Name of the Vulnerable Software and Affected Versions: Dima Take Action versions 1.0.0 through 1.0.5 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Stored XSS. This enables potential attackers to injec...

5.9CVSS5.9AI score0.00347EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/03/06 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2024-52559

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/msm/gem: prevent integer overflow in msmioctlgemsubmit The submit-cmdi.size and submit-cmdi.offset variables are u32 values that come from the user via the...

5.5CVSS6.8AI score0.00212EPSS
Exploits0References3
Veracode
Veracode
added 2025/02/27 6:40 a.m.3 views

HTML Injection

leantime/leantime is vulnerable to HTML injection. The vulnerability is due to improper neutralization of HTML tags in users' first names, allowing arbitrary HTML to be injected into emails...

7.3AI score
Exploits0
Cvelist
Cvelist
added 2025/02/07 12:0 a.m.28 views

CVE-2024-52882

An issue was discovered in AudioCodes One Voice Operations Center OVOC before 8.4.582. Due to improper neutralization of input via the devices API, an attacker can inject malicious JavaScript code XSS to attack logged-in administrator sessions...

0.00217EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/05 12:15 a.m.8 views

CVE-2024-4322

A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically within the /listpersonalities endpoint. By manipulating the category parameter, an attacker can traverse the directory structure and list any directory on the system. This issue affects the latest version...

7.5CVSS7.5AI score0.30987EPSS
Exploits1
NVD
NVD
added 2025/01/06 4:15 p.m.13 views

CVE-2025-21612

TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Prior to 2.7.2, TabberTransclude.php doesn't escape the user-supplied page name when outputting, so an XSS payload as the page name can be used here. This vulnerability is fixed in 2.7.2...

8.6CVSS0.00489EPSS
Exploits0References3
CVE
CVE
added 2024/12/27 3:50 p.m.55 views

CVE-2024-56507

CVE-2024-56507 : A reflected Cross-Site Scripting (XSS) vulnerability exists in LinkAce prior to version 1.15.6, specifically in the Edit Link module’s URL field where input is reflected in the HTML response. The issue allows injection and execution of arbitrary JavaScript in a victim’s browser, ...

5.4CVSS4.7AI score0.00286EPSS
Exploits1References2Affected Software1
CNVD
CNVD
added 2024/11/15 12:0 a.m.6 views

IBM Maximo Asset Management Cross-Site Scripting Vulnerability (CNVD-2024-45434)

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from International Business Machines IBM. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for...

6.4CVSS6.2AI score0.00227EPSS
Exploits0References1
NVD
NVD
added 2024/10/03 5:15 p.m.16 views

CVE-2024-0123

NVIDIA CUDA toolkit for Windows and Linux contains a vulnerability in the nvdisasm command line tool where an attacker may cause an improper validation in input issue by tricking the user into running nvdisasm on a malicious ELF file. A successful exploit of this vulnerability may lead to denial ...

3.3CVSS0.00204EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2024/10/03 4:45 p.m.12 views

CVE-2024-0123

NVIDIA CUDA toolkit for Windows and Linux contains a vulnerability in the nvdisasm command line tool where an attacker may cause an improper validation in input issue by tricking the user into running nvdisasm on a malicious ELF file. A successful exploit of this vulnerability may lead to denial ...

3.3CVSS4.5AI score0.00204EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/10/03 5:14 a.m.14 views

USN-7052-1: GNOME Shell vulnerabilities

It was discovered that GNOME Shell mishandled extensions that fail to reload, possibly leading to extensions staying enabled on the lock screen. An attacker could possibly use this issue to launch applications, view sensitive information, or execute arbitrary commands. CVE-2017-8288 It was...

8.1CVSS6.3AI score0.0294EPSS
Exploits1
Debian
Debian
added 2024/09/02 8:14 p.m.13 views

[SECURITY] [DLA 3862-1] calibre security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3862-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk September 02, 2024 https://wiki.debian.org/LTS -...

7.5CVSS6.9AI score0.04986EPSS
Exploits2
OSV
OSV
added 2024/05/21 12:15 p.m.19 views

CVE-2024-4420

There exists a Denial of service vulnerability in Tink-cc in versions prior to 2.1.3. An adversary can crash binaries using the crypto::tink::JsonKeysetReader in tink-cc by providing an input that is not an encoded JSON object, but still a valid encoded JSON element, for example a number or an...

7.5CVSS7AI score
Exploits0References1
CNNVD
CNNVD
added 2024/04/10 12:0 a.m.7 views

MySQL2 安全漏洞

MySQL2 is a MySQL client for Node.js by the individual developer Andrey Sidorov. A security vulnerability exists in MySQL2 versions prior to 3.9.4 that stems from improper cleaning of user input...

6.5CVSS6.3AI score0.00962EPSS
Exploits1References8
SUSE CVE
SUSE CVE
added 2023/09/13 2:48 a.m.4 views

SUSE CVE-2023-40032

libvips is a demand-driven, horizontally threaded image processing library. A specially crafted SVG input can cause libvips versions 8.14.3 or earlier to segfault when attempting to parse a malformed UTF-8 character. Users should upgrade to libvips version 8.14.4 or later when processing untruste...

5.5CVSS6.9AI score0.00238EPSS
Exploits0References3
OSV
OSV
added 2023/09/11 7:15 p.m.4 views

UBUNTU-CVE-2023-40032

libvips is a demand-driven, horizontally threaded image processing library. A specially crafted SVG input can cause libvips versions 8.14.3 or earlier to segfault when attempting to parse a malformed UTF-8 character. Users should upgrade to libvips version 8.14.4 or later when processing untruste...

5.5CVSS6.8AI score0.00238EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/08/15 12:0 a.m.7 views

PT-2023-4480 · Google +3 · Google Chrome +3

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 116.0.5845.96 Description: The issue is related to insufficient validation of untrusted input in XML, allowing a remote attacker to bypass file access restrictions via a crafted HTML page. This can impact the...

9.8CVSS7.8AI score0.99694EPSS
Exploits131References1181
Rows per page
Query Builder