Lucene search
K

262 matches found

Github Security Blog
Github Security Blog
added 2025/04/04 4:6 p.m.27 views

gitoxide does not detect SHA-1 collision attacks

Summary gitoxide uses SHA-1 hash implementations without any collision detection, leaving it vulnerable to hash collision attacks. Details gitoxide uses the sha1smol or sha1 crate, both of which implement standard SHA-1 without any mitigations for collision attacks. This means that two distinct G...

6.8CVSS7AI score0.00239EPSS
Exploits0References5Affected Software27
OSV
OSV
added 2025/04/01 12:30 a.m.8 views

GHSA-RHXM-R44M-4325 Drupal Ignition Cross-Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Ignition Error Pages allows Cross-Site Scripting XSS. This issue affects Ignition Error Pages: from 0.0.0 before 1.0.4...

6.1CVSS6.5AI score0.00242EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2021-47349

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: mwifiex: bring down link before deleting interface We can deadlock when rmmod'ing the drive...

5.5CVSS4.9AI score0.00178EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2012-1719

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and...

5CVSS8.1AI score0.03388EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2013-4280

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insecure temporary file vulnerability in RedHat vsdm 4.9.6. CVE-2013-4280 Note that Nessus relies on the presence of the package as reported by the vendor...

5.5CVSS7.1AI score0.00422EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 10:38 p.m.11 views

CVE-2022-36045

NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. It utilizes web sockets for instant interactions and real-time notifications. utils.generateUUID, a helper function available in essentially all versions of NodeBB as far back as v1.0.1 and...

9.8CVSS6.9AI score0.01052EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2025/01/27 8:50 p.m.16 views

vllm: Malicious model to RCE by torch.load in hf_model_weights_iterator

Description The vllm/modelexecutor/weightutils.py implements hfmodelweightsiterator to load the model checkpoint, which is downloaded from huggingface. It use torch.load function and weightsonly parameter is default value False. There is a security warning on...

8.8CVSS7.9AI score0.00694EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2025/01/23 5:15 p.m.20 views

CVE-2024-52328

ECOVACS robot lawnmowers and vacuums insecurely store audio files used to indicate that the camera is on. An attacker with access to the /data filesystem can delete or modify warning files such that users may not be aware that the camera is on...

2.3CVSS0.00209EPSS
Exploits1References2
Huntr
Huntr
added 2024/11/07 1:10 p.m.5 views

IDOR Vulnerability in PATCH `/v1/runs/:id/score` Endpoint Allows Unauthorized Score Updates for Other Users’ Runs

Description An Insecure Direct Object Reference IDOR vulnerability exists in the PATCH /v1/runs/:id/score endpoint. This endpoint allows an attacker to update the score data of any run by manipulating the id parameter in the request URL, which corresponds to the runIdscore in the database. The...

7.5CVSS7.6AI score0.00525EPSS
Exploits1
Cvelist
Cvelist
added 2024/10/30 12:0 a.m.16 views

CVE-2024-48272

D-Link DSL6740C v6.TR069.20211230 was discovered to use an insecure default Wifi password, possibly allowing attackers to connect to the device via a bruteforce attack...

0.00627EPSS
Exploits1References2
Veracode
Veracode
added 2024/10/22 8:4 a.m.12 views

Remote Code Execution (RCE)

jsonpath-plus is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper input sanitization, allowing an attacker to execute arbitrary code on the system by exploiting the unsafe default usage of vm in Node...

9.8CVSS8AI score0.09076EPSS
Exploits4References6Affected Software1
Debian CVE
Debian CVE
added 2024/10/16 12:3 p.m.14 views

CVE-2023-32190

mlocate's %post script allows RUNUPDATEDBAS user to make arbitrary files world readable by abusing insecure file operations that run with root privileges...

8.5CVSS7.6AI score0.00202EPSS
Exploits0
OSV
OSV
added 2024/06/25 1:47 p.m.7 views

MAL-2024-6501 Malicious code in acts-as_publishable (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/14 3:52 a.m.33 views

CVE-2024-27167 Insecure permissions

Toshiba printers use Sendmail to send emails to recipients. Sendmail is used with several insecure directories. A local attacker can inject a malicious Sendmail configuration file. As for the affected products/models/versions, see the reference URL...

7.4CVSS6.7AI score0.00246EPSS
Exploits1References4
CVE
CVE
added 2024/05/03 4:55 p.m.80 views

CVE-2021-20450

CVE-2021-20450 affects IBM Cognos Controller 10.4.1–11.0.0 where authorization tokens and session cookies are missing the secure attribute, enabling a cookie exposure risk if a user visits an http link or a site with such a link. The vulnerability is described in IBM’s advisories and NVD entries,...

4.3CVSS5.9AI score0.00366EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2024/05/02 9:30 a.m.57 views

Apache ActiveMQ's default configuration doesn't secure the API web context

In Apache ActiveMQ 6.x, the default configuration doesn't secure the API web context where the Jolokia JMX REST API and the Message REST API are located. It means that anyone can use these layers without any required authentication. Potentially, anyone can interact with the broker using Jolokia J...

8.8CVSS7.3AI score0.0692EPSS
Exploits1References6Affected Software1
Wired Threat Level
Wired Threat Level
added 2024/03/02 2:0 p.m.14 views

The Privacy Danger Lurking in Push Notifications

Plus: Apple warns about sideloading apps, a court orders NSO group to turn over the code of its Pegasus spyware, and an investigation finds widely available security cams are wildly insecure...

7.2AI score
Exploits0
UbuntuCve
UbuntuCve
added 2023/12/14 12:0 a.m.40 views

CVE-2023-49346

Temporary data passed between application components by Budgie Extras WeatherShow applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false...

7.8CVSS7AI score0.00303EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2023/11/06 12:0 a.m.34 views

Asgaros Forum < 2.7.1 - Unauthenticated Arbitrary File Upload

Description The plugin allows forum administrators, who may not be WordPress super-administrators, to set insecure configuration that allows unauthenticated users to upload dangerous files e.g. .php, .phtml, potentially leading to remote code execution. PoC Any user who has the rights to modify t...

9.8CVSS9.8AI score0.01964EPSS
Exploits2Affected Software1
Vulnrichment
Vulnrichment
added 2023/11/01 9:4 a.m.19 views

CVE-2023-1719 Bitrix24 Insecure Global Variable Extraction

Global variable extraction in bitrix/modules/main/tools.php in Bitrix24 22.0.300 allows unauthenticated remote attackers to 1 enumerate attachments on the server and 2 execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim ha...

7.5CVSS7.8AI score0.04973EPSS
Exploits1References1
Rows per page
Query Builder