Lucene search
K

119 matches found

EUVD
EUVD
added 2026/01/02 2:57 p.m.5 views

EUVD-2026-0675

An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following versions: QTS...

6.9CVSS6.4AI score0.00285EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/24 9:30 p.m.4 views

EUVD-2025-205347

FLIR AX8 Thermal Camera 1.32.16 contains hard-coded SSH and web panel credentials that cannot be changed through normal camera operations. Attackers can exploit these persistent credentials to gain unauthorized shell access and login to multiple camera interfaces using predefined username and...

9.3CVSS7.2AI score0.00523EPSS
Exploits2References4
EUVD
EUVD
added 2025/12/24 12:30 p.m.5 views

EUVD-2025-205183

In the Linux kernel, the following vulnerability has been resolved: mrp: introduce active flags to prevent UAF when applicant uninit The caller of deltimersync must prevent restarting of the timer, If we have no this synchronization, there is a small probability that the cancellation will not be...

6AI score0.00196EPSS
Exploits0References10
EUVD
EUVD
added 2025/11/19 3:32 p.m.4 views

EUVD-2025-198212

A security vulnerability has been detected in mrubyc up to 3.4. This impacts the function mrbcrawrealloc of the file src/alloc.c. Such manipulation of the argument ptr leads to null pointer dereference. An attack has to be approached locally. The name of the patch is...

4.8CVSS4AI score0.00125EPSS
Exploits0References7
EUVD
EUVD
added 2025/11/06 9:31 p.m.4 views

EUVD-2025-38181

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘ztpconfigid’ parameter to the ‘NetworkServlet’ endpoint. Successful...

8.8CVSS7.6AI score0.00502EPSS
Exploits0References5
EUVD
EUVD
added 2025/11/04 9:31 p.m.7 views

EUVD-2025-37836

EUVD-2025-37836...

6.5CVSS6.4AI score0.00195EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/04 1:16 a.m.4 views

EUVD-2025-37700

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to access sensitive user data...

5.5CVSS5.7AI score0.002EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-1075

Malicious code in bioql PyPI...

7.5CVSS7.3AI score0.0093EPSS
Exploits0References7
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/03 4:55 a.m.9 views

Security Bulletin: Vulnerabilities in dependencies affect IBM Common Licensing

Summary Security Vulnerabilities in dependencies affect IBM Common Licensing. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-38820 DESCRIPTION: The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase ha...

8.8CVSS7.9AI score0.63258EPSS
Exploits4Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/09/03 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2021-29272

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the script...

6.1CVSS6.1AI score0.00929EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/14 4:54 p.m.4 views

CVE-2025-55166

savg-sanitizer is a PHP SVG/XML sanitizer. Prior to version 0.22.0, the sanitization logic in the cleanXlinkHrefs method only searches for lower-case attribute name, which allows to by-pass the isHrefSafeValue check. As a result this allows cross-site scripting or linking to external domains. Thi...

5.1CVSS6.6AI score0.00423EPSS
Exploits0References1
OSV
OSV
added 2025/08/12 8:20 p.m.1 views

GHSA-22WQ-Q86M-83FH svg-sanitizer Bypasses Attribute Sanitization

Problem The sanitization logic at https://github.com/darylldoyle/svg-sanitizer/blob/0.21.0/src/Sanitizer.phpL454-L481 only searches for lower-case attribute names e.g. xlink:href instead of xlink:HrEf, which allows to by-pass the isHrefSafeValue check. As a result this allows cross-site scripting...

5.1CVSS6.6AI score0.00423EPSS
Exploits0References7
NVD
NVD
added 2025/08/12 5:15 p.m.3 views

CVE-2025-55166

savg-sanitizer is a PHP SVG/XML sanitizer. Prior to version 0.22.0, the sanitization logic in the cleanXlinkHrefs method only searches for lower-case attribute name, which allows to by-pass the isHrefSafeValue check. As a result this allows cross-site scripting or linking to external domains. Thi...

5.1CVSS0.00423EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/12 4:25 p.m.10 views

CVE-2025-55166 svg-sanitizer By-Passing Attribute Sanitization

savg-sanitizer is a PHP SVG/XML sanitizer. Prior to version 0.22.0, the sanitization logic in the cleanXlinkHrefs method only searches for lower-case attribute name, which allows to by-pass the isHrefSafeValue check. As a result this allows cross-site scripting or linking to external domains. Thi...

5.1CVSS0.00423EPSS
Exploits0References2
OSV
OSV
added 2025/08/12 4:25 p.m.3 views

CVE-2025-55166 svg-sanitizer By-Passing Attribute Sanitization

savg-sanitizer is a PHP SVG/XML sanitizer. Prior to version 0.22.0, the sanitization logic in the cleanXlinkHrefs method only searches for lower-case attribute name, which allows to by-pass the isHrefSafeValue check. As a result this allows cross-site scripting or linking to external domains. Thi...

5.1CVSS6AI score0.00423EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/08/12 12:0 a.m.4 views

svg-sanitizer 输入验证错误漏洞

svg-sanitizer is a SVG format file cleaning tool by the individual developer Daryll Doyle. An input validation error vulnerability exists in versions of svg-sanitizer prior to 0.22.0, which stems from the cleanXlinkHrefs method searching only for lowercase attribute names, which could lead to...

5.1CVSS5.8AI score0.00423EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2025/05/22 12:0 a.m.4 views

Password Strength Detection Via Machine Learning: Analysis, Modeling, and Evaluation

As network security issues continue gaining prominence, password security has become crucial in safeguarding personal information and network systems. This study first introduces various methods for system password cracking, outlines password defense strategies, and discusses the application of...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2025/05/07 12:0 a.m.12 views

Ensure That the Password Complexity Is Set Correctly

Simple passwords, including short passwords and passwords containing only digits or letters, are easy to guess by brute force cracking tools. As such, users are required to set complex passwords. For service scenarios with high security requirements, follow industry best practices. For example,...

6.8AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/11/19 12:0 a.m.3 views

PT-2024-9997 · Spring +1 · Spring Ldap +1

Name of the Vulnerable Software and Affected Versions: Spring LDAP versions 2.4.0 through 2.4.3 Spring LDAP versions 3.0.0 through 3.2.7 Description: The issue is related to insufficient case sensitivity checking in the String.toLowerCase and String.toUpperCase functions of the Spring LDAP projec...

6.3CVSS9AI score0.00376EPSS
Exploits0References19
OSV
OSV
added 2024/10/18 6:30 a.m.5 views

GHSA-4GC7-5J7H-4QPH Spring Framework DataBinder Case Sensitive Match Exception

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptions that could potentially result in fields not protected as expected...

5.3CVSS6.8AI score0.00631EPSS
Exploits1References6
Rows per page
Query Builder