Lucene search
K

86 matches found

CNVD
CNVD
added 2025/11/10 12:0 a.m.4 views

Apple iOS and iPadOS Improvements for Underchecked Vulnerabilities

Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for the iPad tablet computer. Apple iOS and iPadOS contain an Improvement Check Insufficiency vulnerability that can be exploited by attackers to cause an application to monitor keystrokes without th...

5.4CVSS6.3AI score0.00215EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-6806

Malware in sbrugna...

5.3CVSS5.5AI score0.01241EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2025-19861

Malicious code in bioql PyPI...

6.4CVSS6.5AI score0.00225EPSS
Exploits0References5
CVE
CVE
added 2025/09/17 6:17 a.m.20 views

CVE-2025-9565

The CVE concerns the WordPress Blocksy Companion plugin. All versions up to 2.1.10 are affected via the blocksy_newsletter_subscribe shortcode due to insufficient input sanitization and output escaping, allowing authenticated users with contributor-level access or higher to inject arbitrary scrip...

6.4CVSS4.7AI score0.00231EPSS
Exploits0References5
OSV
OSV
added 2025/09/05 6:15 p.m.4 views

UBUNTU-CVE-2025-39703

In the Linux kernel, the following vulnerability has been resolved: net, hsr: reject HSR frame if skb can't hold tag Receiving HSR frame with insufficient space to hold HSR tag in the skb can result in a crash kernel BUG: 45.390915 skbuff: skbunderpanic: text:ffffffff86f32cac len:26 put:14...

5.5CVSS5.8AI score0.00148EPSS
Exploits0References35
Microsoft CVE
Microsoft CVE
added 2025/06/26 7:0 a.m.4 views

Chromium: CVE-2025-6556 Insufficient policy enforcement in Loader

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

5.4CVSS6.9AI score0.00157EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/05 12:0 a.m.14 views

Beyond the Protocol: Unveiling Attack Vectors in the Model Context Protocol Ecosystem

The Model Context Protocol MCP is an emerging standard designed to enable seamless interaction between Large Language Model LLM applications and external tools or resources. Within a short period, thousands of MCP services have already been developed and deployed. However, the client-server...

6.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 6:20 a.m.4 views

CVE-2024-9655

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Icon widget in all versions up to, and including, 6.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. Thi...

6.4CVSS4.9AI score0.00302EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2025/05/15 10:43 a.m.54 views

New Chrome Vulnerability Enables Cross-Origin Data Leak via Loader Referrer Policy

Google on Wednesday released updates to address four security issues in its Chrome web browser, including one for which it said there exists an exploit in the wild. The high-severity vulnerability, tracked as CVE-2025-4664 CVSS score: 4.3, has been characterized as a case of insufficient policy...

8.3CVSS4.2AI score0.08404EPSS
Exploits7
OSV
OSV
added 2025/05/13 9:16 p.m.2 views

ALPINE-CVE-2025-20103

Insufficient resource pool in the core management mechanism for some IntelR Processors may allow an authenticated user to potentially enable denial of service via local access...

5.7CVSS6.3AI score0.00142EPSS
Exploits0References1
Pen Test Partners Blog
Pen Test Partners Blog
added 2025/05/07 5:36 a.m.51 views

Exploiting Copilot AI for SharePoint

TL;DR AI Assistants are becoming far more common Copilot for SharePoint is Microsoft’s answer to generative AI assistance on SharePoint Attackers will look to exploit anything they can get their hands on Your current controls and logging may be insufficient Be careful what you keep on platforms...

6.5AI score
Exploits0
OSV
OSV
added 2025/02/13 2:15 a.m.2 views

CVE-2024-13644

The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's De Gallery widget in all versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

5.4CVSS7.4AI score0.00227EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/11/12 12:0 a.m.6 views

BlackBerry SecuSUITE 安全漏洞

BlackBerry SecuSUITE is a multi-platform solution for end-to-end encryption of voice calls and messages from BlackBerry Canada. A security vulnerability exists in BlackBerry SecuSUITE version 5.0.420 and earlier, which stems from the presence of an Entropy Insufficiency Vulnerability that could...

4.8CVSS6.6AI score0.0031EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/11/05 12:0 a.m.5 views

2N Access Commander 安全漏洞

2N Access Commander is an access control solution from 2N. A security vulnerability exists in 2N Access Commander version 3.1.1.2 and prior versions, which stems from the presence of a Data Authenticity Validation Insufficiency vulnerability that allows an attacker to elevate its privileges and...

7.2CVSS6.7AI score0.0034EPSS
Exploits0References1
CVE
CVE
added 2024/08/24 2:2 a.m.50 views

CVE-2023-6987

CVE-2023-6987 affects the WordPress plugin String locator. It is a reflected XSS vulnerability triggered by the sql-column parameter in all versions up to and including 2.6.5, due to insufficient input sanitization and output escaping. Exploitation requires WP_DEBUG to be enabled and allows an un...

6.1CVSS6AI score0.0029EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2024/08/22 12:0 a.m.4 views

Google Chrome Insufficient Data Validation Vulnerability

Google Chrome is a free web browser developed by Google. It is the world's largest browser in terms of market share due to its speed, security, simplicity, multi-platform support and built-in privacy protection. Google Chrome suffers from a Data Validation Insufficiency vulnerability, which can b...

8.8CVSS6.9AI score0.0046EPSS
Exploits0References1
CNVD
CNVD
added 2024/06/12 12:0 a.m.8 views

Siemens SINEC Traffic Analyzer Credential Protection Insufficiency Vulnerability

SINEC Traffic Analyzer is an on-premise application that monitors PNIO PROFINET IO communication between controllers and IO devices. The software detects PROFINET communication problems and reports them to the user via Web-UI. Siemens SINEC Traffic Analyzer suffers from a Credential Protection...

6.3CVSS7AI score0.00147EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/03/13 12:0 a.m.5 views

WordPress Plugin SiteOrigin Widgets Bundle Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

6.4CVSS5.9AI score0.00501EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2024/03/13 12:0 a.m.6 views

The vulnerability of the MELSEC iQ-F series of programmable logic controllers, related to insufficient resource capacity, allows a intruder to trigger a malfunction in maintenance operations.

The vulnerability of the MELSEC iQ-F series of programmable logic controllers is related to insufficient resources. Exploiting this vulnerability can allow a remote attacker to cause malfunctions in the system’s operation...

5.3CVSS5.9AI score0.00854EPSS
Exploits0References3
CNVD
CNVD
added 2024/03/06 12:0 a.m.22 views

Dell PowerScale OneFS Insufficient Logging Vulnerability (CNVD-2024-16222)

Dell PowerScale OneFS is an operating system from Dell USA. PowerScale OneFS operating system that provides horizontal scaling of NAS. A logging insufficiency vulnerability exists in Dell PowerScale OneFS, which can be exploited by an attacker to cause audit messages to be lost and unrecorded for...

3CVSS6.7AI score0.00143EPSS
Exploits0References1
Rows per page
Query Builder