CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2874 matches found

CVE•added 2024/10/29 12:50 a.m.•154 views

CVE-2024-50077

CVE-2024-50077: The Miracle/Linux kernel advisory and linked sources confirm a fix in the Linux kernel Bluetooth ISO path. The bug was caused by an early return in iso_init() when bt_debugfs failed to initialize (CONFIG_DEBUG_FS or CONFIG_DEBUG_FS_ALLOW_ALL unset). This could lead to iso_inited r...

5.5CVSS5.1AI score0.00206EPSS

Exploits0References5Affected Software1

NVD•added 2024/10/21 8:15 p.m.•18 views

CVE-2024-46326

Public Knowledge Project pkp-lib 3.4.0-7 and earlier is vulnerable to Open redirect due to a lack of input sanitization in the logout function...

6.1CVSS0.00446EPSS

Exploits0References3

CVE•added 2024/10/21 12:0 a.m.•44 views

CVE-2024-46326

CVE-2024-46326 affects Public Knowledge Project pkp-lib up to version 3.4.0-7. The issue is an open redirect caused by a lack of input sanitization in the logout function (vulnerability in the logout flow). Connected documents confirm the affected family and versions; explicit exploitation detail...

6.1CVSS6.9AI score0.00446EPSS

Exploits0References3

OSSF Malicious Packages•added 2024/10/16 1:1 p.m.•4 views

Malicious code in lib-storage (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score

Exploits0

OSV•added 2024/10/16 1:1 p.m.•5 views

MAL-2024-9687 Malicious code in lib-storage (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score

Exploits0

OSSF Malicious Packages•added 2024/10/16 1:1 p.m.•2 views

Malicious code in lib-dynamodb (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score

Exploits0

OSV•added 2024/10/16 1:1 p.m.•2 views

MAL-2024-9686 Malicious code in lib-dynamodb (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score

Exploits0

Redos•added 2024/10/15 12:0 a.m.•37 views

ROS-20241015-13

A vulnerability in the libceph component of the Linux kernel is related to incorrect input validation of the in the getreply and prepnextsparseread functions in net/ceph/osdclient.c, in the decrypttail and preparereadtailplain in net/ceph/messengerv2.c, in sizeoffooter, readpartialsparsemsgdata,...

7.8CVSS7.2AI score0.00301EPSS

Exploits0

RedHat Linux•added 2024/10/14 6:1 p.m.•1 views

braces: fails to limit the number of characters it can handle

A flaw was found in the NPM package braces. It fails to limit the number of characters it can handle, which could lead to memory exhaustion. In lib/parse.js, if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, causing the program to start allocating heap memory...

7.5CVSS7.2AI score0.01471EPSS

Exploits1References7

OSV•added 2024/10/09 2:14 p.m.•18 views

CVE-2024-47668 lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()

In the Linux kernel, the following vulnerability has been resolved: lib/generic-radix-tree.c: Fix rare race in genradixptralloc If we need to increase the tree depth, allocate a new node, and then race with another thread that increased the tree depth before us, we'll still have a preallocated no...

4.7CVSS6AI score0.00162EPSS

Exploits0References11

Veracode•added 2024/10/09 5:9 a.m.•9 views

Denial Of Service (DoS)

JSON-lib is vulnerable to Denial Of Service DoS. The vulnerability is due to improper input validation and handling in the util/JSONTokener.java class, where the code fails to correctly process unbalanced comment strings in JSON data, allowing attackers to craft malicious JSON inputs that trigger...

5.3CVSS6.7AI score0.15413EPSS

Exploits0References3Affected Software2

OpenVAS•added 2024/10/09 12:0 a.m.•13 views

openSUSE Security Advisory (SUSE-SU-2024:3543-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS6.5AI score0.15413EPSS

Exploits0References4

Tenable Nessus•added 2024/10/09 12:0 a.m.•16 views

openSUSE 15 Security Update : json-lib (SUSE-SU-2024:3543-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2024:3543-1 advisory. - CVE-2024-47855: Fixed mishandled unbalanced comment string bsc1231295 Tenable has extracted the preceding description block directly from the SUSE security...

5.3CVSS5.4AI score0.15413EPSS

Exploits0References4

vulnersOsv•added 2024/10/08 6:33 p.m.•2 views

bittytax (=0.5.2), creme-crm (>=2.3.1 <=2.6.20) +22 more potentially affected by CVE-2024-25885 via xhtml2pdf (>=0.0.6 <=0.2.16)

xhtml2pdf PYPI version =0.0.6, =2.3.1, =0.3.0, =1.0.0, =1.0.3, =1.0.2, =1.0.3, =0.1.132, =1.6.0, =3.0.0, =0.1.11, =0.1.10, =0.1.11 and more Source cves: CVE-2024-25885 Source advisory: OSV:GHSA-JJ5C-HHRG-VV5H...

7.5CVSS5.5AI score0.00807EPSS

Exploits0

OSV•added 2024/10/08 1:33 p.m.•11 views

SUSE-SU-2024:3543-1 Security update for json-lib

This update for json-lib fixes the following issues: - CVE-2024-47855: Fixed mishandled unbalanced comment string bsc1231295...

5.3CVSS5.5AI score0.15413EPSS

Exploits0References3

vulnersOsv•added 2024/10/04 6:30 a.m.•4 views

ar.com.jmfsg:api-doc (>=0.0.20 <=0.0.34), au.com.dius.pact:au.com.dius.pact.gradle.plugin (>=2.1.1 <=2.1.12) +2259 more potentially affected by CVE-2024-47855 via net.sf.json-lib:json-lib (>=0.7.1 <=2.4)

net.sf.json-lib:json-lib MAVEN version =0.7.1, =0.0.20, =2.1.1, =2.4.2, =2.4.2, =3.5.4-rc.1, =2.4.2, =2.4.2, =3.5.4-rc.1, =2.4.2, =2.4.2, =3.5.4-rc.1, =2.4.2, =2.4.2, =3.5.4-rc.1, =2.4.2, =2.4.20 and more Source cves: CVE-2024-47855 Source advisory: OSV:GHSA-WWCP-26WC-3FXM...

5.3CVSS5.8AI score0.15413EPSS

Exploits0

OSV•added 2024/10/04 6:30 a.m.•15 views

GHSA-WWCP-26WC-3FXM JSON-lib mishandles an unbalanced comment string

util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string...

6.9CVSS5.4AI score0.15413EPSS

Exploits0References6