Lucene search
+L

576 matches found

redos
redos
added 2025/05/06 12:0 a.m.21 views

ROS-20250505-04

The vulnerability of the Zabbix universal monitoring system is related to insufficient cleansing of user data passed via the "groupBy" parameter in include/classes/api/CApiService.php. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary SQL queries in the database...

8.8CVSS7.6AI score0.2926EPSS
Exploits0
osv
osv
added 2025/05/05 6:15 p.m.12 views

CVE-2025-4051

Insufficient data validation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. Chromium security severity: Medium...

6.3CVSS5.8AI score
Exploits0References2
debiancve
debiancve
added 2025/05/05 6:10 p.m.11 views

CVE-2025-4051

Insufficient data validation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. Chromium security severity: Medium...

6.3CVSS7AI score0.00296EPSS
Exploits0
vulnrichment
vulnrichment
added 2025/05/05 6:10 p.m.7 views

CVE-2025-4051

Insufficient data validation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. Chromium security severity: Medium...

5.7AI score0.00296EPSS
Exploits0References2
cve
cve
added 2025/05/05 6:10 p.m.229 views

CVE-2025-4051

CVE-2025-4051 involves insufficient data validation in DevTools of Google Chrome/Chromium, allowing a remote attacker to bypass discretionary access control when a user is persuaded to perform specific UI gestures on a crafted HTML page. The vulnerability affects Chrome before version 136.0.7103....

6.3CVSS5.9AI score0.00296EPSS
Exploits0References2Affected Software1
nessus
nessus
added 2025/05/04 12:0 a.m.12 views

Fedora 40 : chromium (2025-b1804b97fc)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-b1804b97fc advisory. Update to 136.0.7103.59 CVE-2025-4096: Heap buffer overflow in HTML CVE-2025-4050: Out of bounds memory access in DevTools CVE-2025-4051: Insufficie...

9.8CVSS7.6AI score0.0058EPSS
Exploits0References5
mscve
mscve
added 2025/05/01 10:16 p.m.42 views

Chromium: CVE-2025-4052 Inappropriate implementation in DevTools

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

9.8CVSS7.5AI score0.0058EPSS
Exploits0
bdu_fstec
bdu_fstec
added 2025/04/30 12:0 a.m.9 views

The vulnerability of the virtual learning environment Moodle, related to insufficient protection of operational data, allows a hacker to disclose protected information.

The vulnerability in the virtual learning environment Moodle is related to insufficient protection of operational data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose the protected information...

4.3CVSS5.5AI score0.00288EPSS
Exploits0References4Affected Software2
nessus
nessus
added 2025/04/29 12:0 a.m.45 views

Google Chrome < 136.0.7103.48 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 136.0.7103.48. It is, therefore, affected by multiple vulnerabilities as referenced in the 202504stable-channel-update-for-desktop29 advisory. - Inappropriate implementation in DevTools in Google Chrome prior to...

9.8CVSS7.7AI score0.0058EPSS
Exploits0References9
bdu_fstec
bdu_fstec
added 2025/04/28 12:0 a.m.10 views

The vulnerability of the Jenkins automation server, related to insufficient protection of service data, allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the Jenkins automation server is related to insufficient protection for service data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

4.3CVSS6.7AI score0.00727EPSS
Exploits0References4Affected Software2
cnnvd
cnnvd
added 2025/03/31 12:0 a.m.6 views

Apple iOS和Apple iPadOS 安全漏洞

Apple iOS and Apple iPadOS are both products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS and Apple iPadOS that stems from insufficient cleaning of sensitive...

5.5CVSS6.1AI score0.00262EPSS
Exploits0References1
nessus
nessus
added 2025/03/06 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2024-7977

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a...

7.8CVSS8AI score0.00342EPSS
Exploits0References2
nessus
nessus
added 2025/03/06 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2025-0443

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient data validation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI...

8.8CVSS8.1AI score0.00445EPSS
Exploits1References2
nessus
nessus
added 2025/03/04 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2020-16015

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient data validation in WASM in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML...

8.8CVSS7AI score0.0099EPSS
Exploits0References2
nessus
nessus
added 2025/03/04 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2020-16030

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient data validation in Blink in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HT...

6.1CVSS6.8AI score0.00652EPSS
Exploits0References2
nessus
nessus
added 2025/03/04 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2020-16032

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient data validation in sharing in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a...

4.3CVSS6.7AI score0.00656EPSS
Exploits0References2
bdu_fstec
bdu_fstec
added 2025/02/26 12:0 a.m.6 views

The vulnerability of Zoom’s video conferencing software lies in the insufficient protection of sensitive data, allowing attackers to gain unauthorized access to protected information.

The vulnerability of Zoom video conferencing software is related to insufficient protection of sensitive data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

6.8CVSS5.5AI score0.00487EPSS
Exploits0References2Affected Software15
astralinux
astralinux
added 2025/02/11 7:35 a.m.5 views

Astra Linux – Vulnerability in Chromium

Insufficient data validation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS7.7AI score0.00445EPSS
Exploits1References3
cvelist
cvelist
added 2025/02/07 1:40 p.m.38 views

CVE-2025-1108 Insufficient data authenticity vulnerability in Janto

Insufficient data authenticity verification vulnerability in Janto, versions prior to r12. This allows an unauthenticated attacker to modify the content of emails sent to reset the password. To exploit the vulnerability, the attacker must create a POST request by injecting malicious content into...

8.6CVSS0.00203EPSS
Exploits0References1
redos
redos
added 2025/02/03 12:0 a.m.13 views

ROS-20250203-06

A vulnerability in the LibreOffice office suite is related to insufficient protection of proprietary data. Exploitation of the vulnerability could allow an attacker to disclose confidential information LibreOffice office suite vulnerability is related to incorrect path name restriction to a...

6.7CVSS6.8AI score0.00538EPSS
Exploits0
Rows per page
Query Builder