CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Packet Storm News•added 2025/04/23 12:0 a.m.•2 views

CAIBA: Multicast Source Authentication for CAN through Reactive Bit Flipping

Controller Area Networks CANs are the backbone for reliable intra-vehicular communication. Recent cyberattacks have, however, exposed the weaknesses of CAN, which was designed without any security considerations in the 1980s. Current efforts to retrofit security via intrusion detection or message...

7.1AI score

Microsoft KB•added 2025/04/08 7:0 a.m.•11 views

Update 24.12 for Microsoft Dynamics 365 Business Central 2024 Release Wave 1 (Application Build 24.12.32447, Platform Build 24.0.32305)

Update 24.12 for Microsoft Dynamics 365 Business Central 2024 Release Wave 1 Application Build 24.12.32447, Platform Build 24.0.32305 Overview This update replaces previously released updates. You should always install the latest update. This update also fixes a vulnerability. For more informatio...

5.5CVSS8.7AI score0.00738EPSS

OSV•added 2025/02/25 3:15 p.m.•1 views

PYSEC-2025-120

jupyterhub-ltiauthenticator is a JupyterHub authenticator for learning tools interoperability LTI. LTI13Authenticator that was introduced in jupyterhub-ltiauthenticator 1.3.0 wasn't validating JWT signatures. This is believed to allow the LTI13Authenticator to authorize a forged request. Only use...

9.8CVSS5.8AI score0.0037EPSS

PyPA•added 2025/02/25 3:15 p.m.•8 views

PYSEC-2025-120

10CVSS5.8AI score0.0037EPSS

Exploits0References3Affected Software1

OSV•added 2025/02/25 2:42 p.m.•1 views

CVE-2023-25574 JupyterHub's LTI13Authenticator: JWT signature not validated

10CVSS6.5AI score0.0037EPSS

Exploits0References5

NVD•added 2025/01/28 4:15 p.m.•6 views

CVE-2025-24800

Hyperbridge is a hyper-scalable coprocessor for verifiable, cross-chain interoperability. A critical vulnerability was discovered in the ismp-grandpa crate, that allowed a malicious prover easily convince the verifier of the finality of arbitrary headers. This could be used to steal funds or...

9.3CVSS0.00078EPSS

Cvelist•added 2025/01/28 3:41 p.m.•17 views

CVE-2025-24800 Critical vulnerability in `ismp-grandpa` <v15.0.1

9.3CVSS0.00078EPSS

Vulnrichment•added 2025/01/28 3:41 p.m.•3 views

CVE-2025-24800 Critical vulnerability in `ismp-grandpa` <v15.0.1

9.3CVSS6.3AI score0.00078EPSS

OSV•added 2025/01/28 3:41 p.m.•1 views

CVE-2025-24800 Critical vulnerability in `ismp-grandpa` <v15.0.1

9.3CVSS7AI score0.00078EPSS

Exploits0References5

Positive Technologies•added 2025/01/24 12:0 a.m.•8 views

PT-2025-2936

Name of the Vulnerable Software and Affected Versions HL7 FHIR IG publisher versions prior to 1.7.4 Description The HL7 FHIR IG publisher is vulnerable to XML external entity injections due to XSLT transforms performed by various components. This issue can be exploited by submitting a malicious X...

8.6CVSS5.9AI score0.00033EPSS

Exploits0References14

NVD•added 2024/11/08 11:15 p.m.•12 views

CVE-2024-52007

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. XSLT parsing performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host...

8.6CVSS0.00325EPSS

Vulnrichment•added 2024/11/08 10:28 p.m.•11 views

CVE-2024-52007 XXE vulnerability in XSLT parsing in `org.hl7.fhir.core`

8.6CVSS7AI score0.00325EPSS

CVE•added 2024/11/08 10:28 p.m.•54 views

CVE-2024-52007

CVE-2024-52007 is an XXE vulnerability in XSLT parsing within the HAPI FHIR org.hl7.fhir.core components. The issue arises from XML external entity injections when processing XML with a malicious DTD, potentially allowing host data to be exposed. The Red Hat advisory notes this is fixed by upgrad...

8.6CVSS8.4AI score0.00325EPSS

Spring Engineering•added 2024/10/28 12:0 a.m.•10 views

Let’s use OpenTelemetry with Spring

Introduction In the dynamic realm of observability, OpenTelemetry is a new set of tools that emerged from the now-deprecated OpenCensus and OpenTracing projects. When it comes to Spring Framework, Spring Boot, Spring Data, and Spring Cloud observability, mature solutions like Micrometer, the de...

7.3AI score

Fedora•added 2024/10/19 1:20 a.m.•14 views

[SECURITY] Fedora 39 Update: rust-tonic-0.12.3-1.fc39

A gRPC over HTTP/2 implementation focused on high performance, interoperability, and flexibility...

6.9CVSS7.3AI score0.0036EPSS

The Hacker News•added 2024/10/16 1:23 p.m.•20 views

FIDO Alliance Drafts New Protocol to Simplify Passkey Transfers Across Different Platforms

The FIDO Alliance said it's working to make passkeys and other credentials more easier to export across different providers and improve credential provider interoperability, as more than 12 billion online accounts become accessible with the passwordless sign-in method. To that end, the alliance...

7.5AI score

Fedora•added 2024/10/15 12:19 a.m.•9 views

[SECURITY] Fedora 41 Update: rust-tonic-0.12.3-1.fc41

A gRPC over HTTP/2 implementation focused on high performance, interoperability, and flexibility...

6.9CVSS3.7AI score0.0036EPSS

Cvelist•added 2024/09/19 10:38 p.m.•16 views

CVE-2024-46984 XML External Entity Reference (XXE) vulnerability can lead to a Server Side Request Forgery attack in gematik app-referencevalidator

The reference validator is a tool to perform advanced validation of FHIR resources for TI applications and interoperability standards. The profile location routine in the referencevalidator commons package is vulnerable to XML External Entities attack due to insecure defaults of the used Woodstox...

8.6CVSS0.00357EPSS

Vulnrichment•added 2024/09/19 10:38 p.m.•11 views

CVE-2024-46984 XML External Entity Reference (XXE) vulnerability can lead to a Server Side Request Forgery attack in gematik app-referencevalidator

8.6CVSS6.8AI score0.00357EPSS