Lucene search
+L

149 matches found

Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.9 views

PT-2026-22019

Name of the Vulnerable Software and Affected Versions LORIS versions prior to 26.0.5 LORIS versions prior to 27.0.2 LORIS versions prior to 28.0.0 Description LORIS is a self-hosted web application used for data and project management in neuroimaging research. An authenticated user with sufficien...

8.7CVSS9AI score0.00677EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.9 views

LORIS Neuroimaging Platform 路径遍历漏洞

LORIS Neuroimaging Platform is a neuroimaging platform open source developed by ACElab. Versions 24.0.0 to 26.0.5, 27.0.2, and 28.0.0 of the LORIS Neuroimaging Platform had path traversal vulnerabilities. These vulnerabilities stem from path traversal attacks, which could lead to the reading of...

8.1CVSS5.8AI score0.00334EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.11 views

LORIS Neuroimaging Platform 代码问题漏洞

LORIS Neuroimaging Platform is a neuroimaging platform open sourced by ACElab. Versions of LORIS Neuroimaging Platform prior to 26.0.5, 27.0.2, and 28.0.0 contained code vulnerabilities. These vulnerabilities were caused by path traversal exploits, which could lead to arbitrary file uploads and...

8.8CVSS7.7AI score0.00677EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.9 views

PT-2026-22025

Name of the Vulnerable Software and Affected Versions LORIS versions prior to 26.0.5 LORIS versions prior to 27.0.2 LORIS versions prior to 28.0.0 Description LORIS is a self-hosted web application used for data and project management in neuroimaging research. An authenticated user with appropria...

8.1CVSS5.4AI score0.00334EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2008-0784

Malware in sbrugna...

4.3CVSS6.4AI score0.00845EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-0790

Malicious code in bioql PyPI...

7.5CVSS6.3AI score0.00964EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-21052

Malicious code in bioql PyPI...

8.7CVSS6.3AI score0.00444EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.2 views

Malicious code in test-mlw2-tolas-loris (npm)

The package test-mlw2-tolas-loris was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.3 views

MAL-2025-36470 Malicious code in test-mlw2-tolas-loris (npm)

The package test-mlw2-tolas-loris was found to contain malicious code...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/07/12 8:28 p.m.16 views

CVE-2025-53634

Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. The HTTP Gateway processes headers, but with no timeout set. With a slow loris attack, an attacker could cause Denial of Service DoS. Exploitation does not require authentication nor authorization, so anyo...

8.7CVSS7.2AI score0.00444EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/10 7:39 p.m.3 views

CVE-2025-53634 Chall-Manager's HTTP Gateway have no header check timeout leading to potential slow loris attacks

Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. The HTTP Gateway processes headers, but with no timeout set. With a slow loris attack, an attacker could cause Denial of Service DoS. Exploitation does not require authentication nor authorization, so anyo...

8.7CVSS7.2AI score0.00444EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/07/10 7:39 p.m.9 views

CVE-2025-53634 Chall-Manager's HTTP Gateway have no header check timeout leading to potential slow loris attacks

Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. The HTTP Gateway processes headers, but with no timeout set. With a slow loris attack, an attacker could cause Denial of Service DoS. Exploitation does not require authentication nor authorization, so anyo...

8.7CVSS0.00444EPSS
Exploits0References3
CVE
CVE
added 2025/07/10 7:39 p.m.33 views

CVE-2025-53634

CVE-2025-53634 affects Chall-Manager's HTTP Gateway. The vulnerability arises from no timeout on HTTP header processing, enabling a slowloris-style DoS that does not require authentication. A patch was implemented (commit 1385bd8) and shipped in v0.1.4, with remediation guidance to upgrade to tha...

8.7CVSS6.6AI score0.00444EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/07/10 7:39 p.m.6 views

CVE-2025-53634 Chall-Manager's HTTP Gateway have no header check timeout leading to potential slow loris attacks

Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. The HTTP Gateway processes headers, but with no timeout set. With a slow loris attack, an attacker could cause Denial of Service DoS. Exploitation does not require authentication nor authorization, so anyo...

8.7CVSS6.6AI score0.00444EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/07/10 12:0 a.m.5 views

Chall-Manager 安全漏洞

Chall-Manager is an open source project from CTFer.io open source. A security vulnerability exists in Chall-Manager versions prior to 0.1.4, which stems from an unset timeout on the HTTP gateway, which could lead to a denial of service triggered by a slow loris attack...

8.7CVSS6.2AI score0.00444EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/07/10 12:0 a.m.5 views

PT-2025-29155 · Unknown · Callmanager

Name of the Vulnerable Software and Affected Versions: Chall-Manager versions prior to 0.1.4 Description: Chall-Manager, a platform-agnostic system for starting Challenges on Demand, is susceptible to a Denial of Service DoS attack via a slow loris attack against its HTTP Gateway. The gateway lac...

8.7CVSS6.4AI score0.00444EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2025/05/21 7:10 p.m.8 views

CVE-2008-0774

Cross-site scripting XSS vulnerability in search.cgi in Loris Hotel Reservation System 3.01 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the hotelname parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from...

4.3CVSS5.9AI score0.00845EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/12/18 7:51 a.m.2 views

Malicious code in baby-loris (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 9155edd098ee3fed04541b192087704f5a42b1f149bdd0f4f487d7e0ae941870 The OpenSSF Package Analysis project identified 'baby-loris' @ 1.0.2 npm as malicious. It is considered malicious because: - The package...

6.9AI score
Exploits0
OSV
OSV
added 2024/12/18 7:51 a.m.2 views

MAL-2024-11911 Malicious code in baby-loris (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 9155edd098ee3fed04541b192087704f5a42b1f149bdd0f4f487d7e0ae941870 The OpenSSF Package Analysis project identified 'baby-loris' @ 1.0.2 npm as malicious. It is considered malicious because: - The package...

7.1AI score
Exploits0
SUSE CVE
SUSE CVE
added 2024/05/30 2:59 a.m.5 views

SUSE CVE-2024-28854

tls-listener is a rust lang wrapper around a connection listener to support TLS. With the default configuration of tls-listener, a malicious user can open 6.4 TcpStreams a second, sending 0 bytes, and can trigger a DoS. The default configuration options make any public service using...

7.5CVSS6.8AI score0.00964EPSS
Exploits1References2
Rows per page
Query Builder