Lucene search
K

366 matches found

Positive Technologies
Positive Technologies
added 2025/08/26 12:0 a.m.4 views

PT-2025-34806 · Nvidia · Nvidia Nemo Framework

Name of the Vulnerable Software and Affected Versions: NVIDIA NeMo Framework affected versions not specified Description: The NVIDIA NeMo Framework contains an issue in the export and deploy component that could allow an attacker to inject code via malicious data. A successful exploit may lead to...

7.8CVSS7.1AI score0.00224EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/08/26 12:0 a.m.6 views

NVIDIA Nemo Framework 代码注入漏洞

NVIDIA Nemo Framework is a framework for building and deploying generative AI models from NVIDIA. The NVIDIA Nemo Framework suffers from a code injection vulnerability that stems from malicious data in the NLP component that could lead to code injection, which in turn could lead to code execution...

7.8CVSS7AI score0.00224EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/08/26 12:0 a.m.3 views

NVIDIA NeMo Framework 注入漏洞

NVIDIA Nemo Framework is a framework for building and deploying generative AI models from NVIDIA. A code injection vulnerability exists in NVIDIA NeMo Framework, which stems from malicious data in the retrieval services component that could lead to code injection, which in turn could lead to code...

7.8CVSS7AI score0.00224EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/08/26 12:0 a.m.7 views

PT-2025-34805 · Nvidia · Nvidia Nemo Framework

Name of the Vulnerable Software and Affected Versions: NVIDIA NeMo Framework affected versions not specified Description: The NVIDIA NeMo Framework contains an issue in the NLP component that could allow an attacker to inject code through malicious data. A successful exploit may lead to code...

7.8CVSS7.3AI score0.00224EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/08/20 12:0 a.m.6 views

PT-2025-34126 · Strongdm · Strongdm Macos Client

Name of the Vulnerable Software and Affected Versions: StrongDM macOS client affected versions not specified Description: The StrongDM macOS client incorrectly processed JSON-formatted messages. Attackers could potentially modify macOS system configuration by crafting a malicious JSON message...

7CVSS6.1AI score0.00151EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/08/13 12:0 a.m.2 views

ImageMagick 输入验证错误漏洞

ImageMagick is ImageMagick open source suite of open source image processing software that can read, convert or write images in a variety of formats. ImageMagick suffers from an input validation error vulnerability that stems from an insecure magnification size calculation in ReadOneMNGIMage, whi...

8.8CVSS6.8AI score0.00933EPSS
Exploits1References3
CNVD
CNVD
added 2025/08/11 12:0 a.m.3 views

OpenEXR Buffer Overflow Vulnerability (CNVD-2025-24798)

OpenEXR is an open standard for high dynamic range image HDR file formats. A buffer overflow vulnerability exists in OpenEXR version 3.3.2, which stems from incorrect pointer arithmetic leading to an out-of-bounds read operation when decompressing a DWAA compressed scanline EXR file with...

9.1CVSS7.7AI score0.00496EPSS
Exploits1References1
Veracode
Veracode
added 2025/06/25 11:43 a.m.5 views

Signature Spoofing

pbkdf2 is vulnerable to Signature Spoofing. The vulnerability is due to improper input validation in the lib/to-buffer.js file, which allows an attacker to bypass signature verification and spoof cryptographic signatures, making malicious data appear authentic...

9.1CVSS7AI score0.00359EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 10:47 a.m.8 views

CVE-2024-47485

There is a CSV injection vulnerability in some HikCentral Master Lite versions. If exploited, an attacker could build malicious data to generate executable commands in the CSV file...

9.8CVSS7.3AI score0.00538EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 10:7 a.m.13 views

CVE-2024-20334

A vulnerability in the web-based management interface of Cisco TelePresence Management Suite TMS could allow a low-privileged, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient input validation by the web-based...

5.5CVSS6AI score0.0038EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:0 a.m.7 views

CVE-2024-47486

There is an XSS vulnerability in some HikCentral Master Lite versions. If exploited, an attacker could inject scripts into certain pages by building malicious data...

6.1CVSS6.2AI score0.00262EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:29 p.m.9 views

CVE-2021-3210

components/Modals/HelpTexts/GenericAll/GenericAll.jsx in Bloodhound = 4.0.1 allows remote attackers to execute arbitrary system commands when the victim imports a malicious data file containing JavaScript in the objectId parameter...

9.6CVSS7.9AI score0.02697EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:41 p.m.6 views

CVE-2020-5304

The dashboard in WhiteSource Application Vulnerability Management AVM before version 20.4.1 allows Log Injection via a %0A%0D substring in the idp parameter to the /saml/login URI. This closes the current log and creates a new log with one line of data. The attacker can also insert malicious data...

7.5CVSS7.1AI score0.00995EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/21 6:29 p.m.6 views

CVE-2025-2261 TIBCO BPM Enterprise XSS Vulnerability

Stored XSS in TIBCO ActiveMatrix Administrator allows malicious data to appear to be part of the website and run within user's browser under the privileges of the web application...

7CVSS5.7AI score0.003EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/21 6:29 p.m.20 views

CVE-2025-2261 TIBCO BPM Enterprise XSS Vulnerability

Stored XSS in TIBCO ActiveMatrix Administrator allows malicious data to appear to be part of the website and run within user's browser under the privileges of the web application...

7CVSS0.003EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/21 12:0 a.m.8 views

PT-2025-22418 · Tibco · Tibco Activematrix Administrator

Name of the Vulnerable Software and Affected Versions: TIBCO ActiveMatrix Administrator affected versions not specified Description: The issue allows malicious data to appear as part of the website and run within a user's browser under the privileges of the web application. This is due to a Store...

7CVSS5.3AI score0.003EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2025/04/25 8:57 a.m.15 views

Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers

Cybersecurity researchers have disclosed three security flaws in the Rack Ruby web server interface that, if successfully exploited, could enable attackers to gain unauthorized access to files, inject malicious data, and tamper with logs under certain conditions. The vulnerabilities, flagged by...

6.9CVSS7.4AI score0.01142EPSS
Exploits2
Veracode
Veracode
added 2025/04/21 4:19 a.m.312 views

HTTP Request Smuggling

github.com/clickhouse/ch-go is vulnerable to HTTP Request Smuggling. The vulnerability is due to improper parsing or handling of HTTP requests. Specifically, the vulnerability arises from the way large, uncompressed malicious external data is processed, allowing an attacker to smuggle an addition...

5.9CVSS6.6AI score0.00342EPSS
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/04/12 12:0 a.m.147 views

CVE-2025-1386- Query smuggling in ch-go library

When using the ch-go library, under a specific condition when the query includes a large, uncompressed malicious external data, it is possible for an attacker in control of such data to smuggle another query packet into the connection stream...

5.9CVSS6.8AI score0.00342EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2025/04/11 4:27 a.m.8 views

CVE-2025-1386 Query smuggling in ch-go library

When using the ch-go library, under a specific condition when the query includes a large, uncompressed malicious external data, it is possible for an attacker in control of such data to smuggle another query packet into the connection stream...

5.9CVSS6.5AI score0.00342EPSS
Exploits0References1
Rows per page
Query Builder