Lucene search
K

93 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-48724

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.00882EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-7793

Malicious code in bioql PyPI...

6.9CVSS6.6AI score0.00254EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2021-9354

Malicious code in bioql PyPI...

4.3CVSS4.7AI score0.00756EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/07 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2025-47917

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mbed TLS before 3.6.4 allows a use-after-free in certain situations of applications that are developed in accordance with the documentation. The function...

9.8CVSS7.2AI score0.0199EPSS
Exploits2References3
CVE
CVE
added 2025/07/29 11:35 p.m.30 views

CVE-2025-43230

CVE-2025-43230 affects Apple platforms (iPadOS, iOS, macOS Sequoia, watchOS, visionOS, tvOS) with an issue that could allow an app to access user-sensitive data. The vulnerability is addressed by fixes in iPadOS 17.7.9, iPadOS 18.6, iOS 18.6, macOS Sequoia 15.6, tvOS 18.6, watchOS 11.6, and visio...

4CVSS5.8AI score0.00216EPSS
Exploits0References11Affected Software6
Hacker One
Hacker One
added 2025/07/17 6:40 p.m.19 views

curl: curl ASSERTs when accessing an LDAP URL

Summary: curl can crash when accessing an LDAP URL. curl ldap://localhost:1388 curl: result.c:930: tryread1msg: Assertion !BERBVISEMPTY &resoid ' failed. Aborted core dumped No AI was used in the production of this report. This was enabled by oss-fuzz, but initiated by me adding LDAP support to...

6.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/07/16 12:0 a.m.4 views

PT-2025-29755 · Westerndeal · Gsheetconnector

Name of the Vulnerable Software and Affected Versions: GSheetConnector versions n/a through 1.3.20 Description: A Cross-Site Request Forgery CSRF issue exists in GSheetConnector by WesternDeal WooCommerce Google Sheet Connector. This allows attackers to perform actions on behalf of authenticated...

4.3CVSS6.4AI score0.00128EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/14 4:54 p.m.4 views

Security Bulletin: PrismMatching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component which affects IBM watsonx.data

Summary PrismMatching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied. These can affect...

4.4CVSS6.9AI score0.00384EPSS
Exploits2Affected Software1
Circl
Circl
added 2025/07/08 9:56 a.m.9 views

CVE-2025-38236

creationtimestamp| type| source ---|---|--- 2025-07-08 09:56:56+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ltgzxk5ypa2w 2025-08-08 05:00:00+00:00| seen| https://projectzero.google/2025/08/from-chrome-renderer-code-exec-to-kernel.html 2025-08-08 08:43:00+00:00| seen|...

7.8CVSS6.9AI score0.00247EPSS
Exploits0References14
Vulnrichment
Vulnrichment
added 2025/06/27 11:31 a.m.4 views

CVE-2025-6763 Comet System H3531 Web-based Management setupA.cfg missing authentication

A vulnerability was found in Comet System T0510, T3510, T3511, T4511, T6640, T7511, T7611, P8510, P8552 and H3531 1.60. Affected by this issue is some unknown functionality of the file /setupA.cfg of the component Web-based Management Interface. Performing manipulation results in missing...

9.2CVSS7.2AI score0.01157EPSS
Exploits1References5
CVE
CVE
added 2025/06/25 2:45 p.m.29 views

CVE-2021-4457

CVE-2021-4457 concerns the ZoomSounds WordPress plugin prior to 6.05, where a vulnerable PHP file allows unauthenticated users to upload arbitrary files anywhere on the web server. This leads to a high-impact exposure (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N; base 9.1) affecting the plugin’...

9.1CVSS7.5AI score0.00382EPSS
In wildExploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/06/23 8:41 a.m.4 views

CVE-2022-50163

In the Linux kernel, the following vulnerability has been resolved: ax25: fix incorrect devtracker usage While investigating a separate rose issue 1, and enabling CONFIGNETDEVREFCNTTRACKER=y, Bernard reported an orthogonal ax25 issue 2 An ax25dev can be used by one or many struct ax25cb. We thus...

7CVSS7.2AI score0.00211EPSS
Exploits0References4
Amazon
Amazon
added 2025/06/10 12:0 a.m.4 views

Important: cni-plugins

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

9.1CVSS9.6AI score0.00778EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/31 9:35 a.m.16 views

CVE-2025-4687

In Teltonika Networks Remote Management System RMS, it is possible to perform account pre-hijacking by misusing the invite functionality. If a victim has a pending invite and registers to the platform directly, they are added to the attackers company without their knowledge. The victims account a...

7.2CVSS7AI score0.00387EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:57 a.m.7 views

CVE-2023-6564

An issue has been discovered in GitLab EE Premium and Ultimate affecting versions 16.4.3, 16.5.3, and 16.6.1. In projects using subgroups to define who can push and/or merge to protected branches, there may have been instances in which subgroup members with the Developer role were able to push or...

6.5CVSS6.6AI score0.0038EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/05/19 12:0 a.m.6 views

PT-2025-22049 · Checkbot · Checkbot

Name of the Vulnerable Software and Affected Versions: CheckBot versions 1.05 and earlier Description: A Cross-Site Request Forgery CSRF issue in Ref CheckBot allows for Stored XSS. This means an attacker can execute malicious scripts on the victim's browser, potentially leading to unauthorized...

7.1CVSS7.5AI score0.00116EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/05/12 12:0 a.m.3 views

Fedora 41 : golang-github-nats-io-nkeys (2025-e8a6a13553)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-e8a6a13553 advisory. updates dependencies to close security loophole Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

5.6AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/01 9:18 p.m.23 views

CVE-2025-46344

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions starting from 4.0.1 and prior to 4.5.1, do not invoke .setExpirationTime when generating a JWE token for the session. As a result, the JWE does not contain an internal expiration claim. While...

7.1CVSS7AI score0.00375EPSS
Exploits0References1
NVD
NVD
added 2025/03/31 11:15 p.m.12 views

CVE-2025-24178

This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, watchOS 11.4. An app may be able to break out of its sandbox...

9.8CVSS0.01482EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2025/03/06 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2025-21670

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: vsock/bpf: return early if transport is not assigned Some of the core functions can only be...

5.5CVSS6.2AI score0.00199EPSS
Exploits0References3
Rows per page
Query Builder