Lucene search
K

262 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-2777

Malicious code in bioql PyPI...

9.1CVSS9AI score0.00446EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-23404

Malicious code in bioql PyPI...

4.8CVSS6.4AI score0.00442EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-27231

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00593EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-49970

Malicious code in bioql PyPI...

9CVSS7.4AI score0.00682EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/09/03 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2020-11035

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens are generated using an insecure algorithm. The implementation uses rand and uniqid and MD...

9.3CVSS8.1AI score0.00782EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.4 views

Malicious code in joddoc (npm)

The package joddoc was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.2 views

MAL-2025-22748 Malicious code in hsreport (npm)

The package hsreport was found to contain malicious code...

7.2AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2025/08/06 12:0 a.m.8 views

(0Day) Vacron Camera ping Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Vacron Camera devices. Authentication is required to exploit this vulnerability. The specific flaw exists within the webs.cgi endpoint. The issue results from the lack of proper validation of a...

7.2CVSS7.1AI score0.01251EPSS
Exploits0
Debian CVE
Debian CVE
added 2025/07/17 1:33 p.m.4 views

CVE-2025-40924

Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely. The session id is generated from a usually SHA-1 hash of a simple counter, the epoch time, the built-in rand function, the PID and the current Catalyst context. This information is of low entropy. The PID wil...

6.5CVSS5.3AI score0.00252EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/05/28 5:3 p.m.5 views

CVE-2025-32801

Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through...

7.8CVSS7.7AI score0.00233EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:7 a.m.4 views

CVE-2023-38351

MiniTool Partition Wizard 12.8 contains an insecure installation mechanism that allows attackers to achieve remote code execution through a man in the middle attack...

8.1CVSS7.8AI score0.0063EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:28 p.m.6 views

CVE-2020-20067

File upload vulnerability in ebCMS v.1.1.0 allows a remote attacker to execute arbitrary code via the upload type parameter...

8.8CVSS7.9AI score0.01263EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 4:17 p.m.9 views

CVE-2020-27635

In PicoTCP 1.7.0, TCP ISNs are improperly random...

9.1CVSS6.9AI score0.00871EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 5:43 a.m.8 views

CVE-2013-3637

ProjectPier 0.8.8 does not use the Secure flag for cookies...

5.4CVSS7.2AI score0.0059EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/09 11:12 a.m.23 views

CVE-2025-33093

IBM Sterling Partner Engagement Manager 6.1.0, 6.2.0, 6.2.2 JWT secret is stored in public Helm Charts and is not stored as a Kubernetes secret...

7.5CVSS6.4AI score0.00301EPSS
Exploits0References1
OSV
OSV
added 2025/05/01 6:15 p.m.4 views

CVE-2025-32882

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app uses a custom implementation of encryption without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message...

6.5CVSS5.8AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/04/11 1:42 p.m.11 views

CVE-2025-32426 Formie has a XSS vulnerability for email notification content for preview

Formie is a Craft CMS plugin for creating forms. Prior to version 2.1.44, it is possible to inject malicious code into the HTML content of an email notification, which is then rendered on the preview. There is no issue when rendering the email via normal means a delivered email. This would requir...

4.6CVSS6.8AI score0.00198EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/07 4:52 p.m.18 views

CVE-2024-52322

WebService::Xero 0.11 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically WebService::Xero uses the Data::Random library which specifically states that it is "Useful mostly for test programs...

5.5CVSS7AI score0.00274EPSS
Exploits0References1
CVE
CVE
added 2025/04/05 3:35 p.m.93 views

CVE-2024-57868

CVE-2024-57868 affects Web::API 2.8 and earlier for Perl. The root cause is use of rand() as the default entropy source via Data::Random, which is not cryptographically secure, for cryptographic functions. This is stated in the CVE description and supported by references to Data::Random and rand(...

5.5CVSS6.7AI score0.00279EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/04/04 4:6 p.m.11 views

GHSA-2FRX-2596-X5R6 gitoxide does not detect SHA-1 collision attacks

Summary gitoxide uses SHA-1 hash implementations without any collision detection, leaving it vulnerable to hash collision attacks. Details gitoxide uses the sha1smol or sha1 crate, both of which implement standard SHA-1 without any mitigations for collision attacks. This means that two distinct G...

6.8CVSS6.6AI score0.00239EPSS
Exploits0References5
Rows per page
Query Builder