Lucene search
K

68 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/05 3:49 p.m.7 views

CVE-2026-30790

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

9.8CVSS5.7AI score0.00225EPSS
Exploits0References4
NVD
NVD
added 2026/03/05 3:16 p.m.8 views

CVE-2026-3598

Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on Windows, MacOS, Linux Config string generation, web console export modules allows Retrieve Embedded Sensitive Data. This vulnerability is associated with program routin...

8.7CVSS0.00226EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.7 views

PT-2026-23461

Name of the Vulnerable Software and Affected Versions RustDesk Server Pro versions through 1.7.5 Description A security issue exists in RustDesk Server Pro related to the transmission of sensitive information in cleartext. The vulnerability is present in the address book sync API modules and allo...

7.5CVSS5.8AI score0.00261EPSS
Exploits1References8
NVD
NVD
added 2025/11/21 8:15 p.m.5 views

CVE-2025-13524

Improper resource release in the call termination process in AWS Wickr before version 6.62.13 on Windows, macOS and Linux may allow a call participant to continue receiving audio input from another user after they close their call window. This issue occurs under certain conditions, which require...

6.8CVSS0.00209EPSS
Exploits0References2
OSV
OSV
added 2025/11/14 8:33 p.m.6 views

GHSA-R9X7-7GGJ-FX9F PrivateBin vulnerable to malicious filename use for self-XSS / HTML injection locally for users

Summary Dragging a file whose filename contains HTML is reflected verbatim into the page via the drag-and-drop helper, so any user who drops a crafted file on PrivateBin will execute arbitrary JavaScript within their own session self-XSS. This allows an attacker who can entice a victim to drag or...

3.9CVSS7.1AI score0.00107EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/11/13 1:50 a.m.3 views

CVE-2025-64711 PrivateBin vulnerable to malicious filename use for self-XSS / HTML injection locally for users

PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Starting in version 1.7.7 and prior to version 2.0.3, dragging a file whose filename contains HTML is reflected verbatim into the page via the drag-and-drop helper, so any user who drops a crafted file on...

3.9CVSS6.9AI score0.00107EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/11/13 1:50 a.m.9 views

CVE-2025-64711 PrivateBin vulnerable to malicious filename use for self-XSS / HTML injection locally for users

PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Starting in version 1.7.7 and prior to version 2.0.3, dragging a file whose filename contains HTML is reflected verbatim into the page via the drag-and-drop helper, so any user who drops a crafted file on...

3.9CVSS0.00107EPSS
Exploits1References2
CVE
CVE
added 2025/11/10 5:10 p.m.24 views

CVE-2025-43079

CVE-2025-43079 concerns Qualys Cloud Agent where the bundled uninstall script qagent_uninstall.sh (Mac/Linux) executes multiple system commands without absolute paths and without sanitizing $PATH. The root cause is reliance on manipulated PATH, enabling a privileged user (root/sudo) with elevated...

6.3CVSS7AI score0.00151EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.17 views

EUVD-2025-30262

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00898EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-14322

Malicious code in bioql PyPI...

2.4CVSS6.3AI score0.00107EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/09/19 6:51 p.m.37 views

CVE-2025-34190 Vasion Print (formerly PrinterLogic) PrinterInstallerClientService Authentication Bypass via LD_PRELOAD Hooking

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 25.1.102 and Application versions prior to 25.1.1413 macOS/Linux client deployments are vulnerable to an authentication bypass in PrinterInstallerClientService. The service requires root privileges for certain...

8.5CVSS0.00403EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/09/19 6:49 p.m.12 views

CVE-2025-34189 Vasion Print (formerly PrinterLogic) Insecure Inter-Process Communication Allows Local Session Hijacking

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 1.0.735 and Application versions prior to 20.0.1330 macOS/Linux client deployments contain a vulnerability in the local inter-process communication IPC mechanism. The software stores IPC request and response files inside...

6.9CVSS0.00231EPSS
Exploits1References4
CVE
CVE
added 2025/09/19 6:49 p.m.24 views

CVE-2025-34189

Vasion Print Virtual Appliance Host <1.0.735 and Vasion Print Application

7.8CVSS6.2AI score0.00231EPSS
Exploits1References4Affected Software2
Vulnrichment
Vulnrichment
added 2025/09/19 6:46 p.m.4 views

CVE-2025-34188 Vasion Print (formerly PrinterLogic) Local Log Disclosure of Cleartext Sessions

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 1.0.735 and Application prior to 20.0.1330 macOS/Linux client deployments contain a vulnerability in the local logging mechanism. Authentication session tokens, including PHPSESSID, XSRF-TOKEN, and laravelsession, are...

8.4CVSS6AI score0.00287EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/09/19 12:0 a.m.6 views

PT-2025-38591

Name of the Vulnerable Software and Affected Versions Vasion Print Virtual Appliance Host versions prior to 1.0.735 Vasion Print Application versions prior to 20.0.1330 Description The local logging mechanism in Vasion Print contains a security issue where authentication session tokens, including...

8.4CVSS6.2AI score0.00287EPSS
Exploits1References7
Fedora
Fedora
added 2025/09/12 2:7 a.m.7 views

[SECURITY] Fedora 42 Update: uv-0.8.11-2.fc42

An extremely fast Python package installer and resolver, written in Rust. Designed as a drop-in replacement for common pip and pip-tools workflows. Highlights: =E2=80=A2 =E2=9A=96=EF=B8=8F Drop-in replacement for common pip, pip-tools, and virtualenv commands. =E2=80=A2 =E2=9A=A1=EF=B8=8F 10-100x...

2.3CVSS6.6AI score0.00303EPSS
Exploits0
OSV
OSV
added 2025/08/11 1:52 p.m.4 views

BIT-LIBPYTHON-2024-12254 Unbounded memory buffering in SelectorSocketTransport.writelines()

Starting in Python 3.12.0, the asyncio.SelectorSocketTransport.writelines method would not "pause" writing and signal to the Protocol to drain the buffer to the wire once the write buffer reached the "high-water mark". Because of this, Protocols would not periodically drain the write buffer...

8.7CVSS7.2AI score0.0188EPSS
Exploits0References9
Snyk
Snyk
added 2025/07/31 7:23 p.m.2 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via unbounded values in the dataWindow header field. An attacker can exhaust system memory or cause the application to crash by supplying specially crafted files with excessively larg...

5.5CVSS7AI score0.00259EPSS
Exploits1References2
Snyk
Snyk
added 2025/05/12 3:40 p.m.4 views

Missing Encryption of Sensitive Data

Overview Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data due to the ordering of code used to start an MCP server container. An attacker can read secrets without needing access to the secrets store itself by gaining access to the home folder of the user who...

3.2CVSS7.1AI score0.00107EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2024/12/06 11:19 p.m.13 views

CVE-2024-12254

A flaw was found in Python. In certain configurations, the asyncio.SelectorSocketTransport.writelines method fails to signal the protocol to clear the write buffer when it approaches capacity. Because of this, protocols would not periodically drain the write buffer, potentially leading to a denia...

7.5CVSS6.3AI score0.0188EPSS
Exploits0References6
Rows per page
Query Builder