Lucene search
K

12 matches found

Github Security Blog
Github Security Blog
added 2026/06/10 7:33 p.m.13 views

Baileys has message upsert / hist sync spoofing and app state corruption when using maliciously crafted protocolMessage payload

Impact Any baileys session under the latest version false in socket config. There are no workarounds for the app state sync jamming...

5.4AI score0.00018EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2026/05/05 10:16 p.m.5 views

ALPINE-CVE-2026-28780

Heap-based Buffer Overflow vulnerability in modproxyajp of Apache HTTP Server. If modproxyajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to modproxyajp and cause it to write 4 attacker controlled bytes after the end of a heap based buffer. This issue...

9.8CVSS5.8AI score0.01325EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-30268

Malicious code in bioql PyPI...

5.4CVSS5.8AI score0.00558EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/08/13 12:0 a.m.10 views

PT-2025-32989 · Unknown · Cherry-Studio

Name of the Vulnerable Software and Affected Versions: Cherry Studio versions 1.2.5 through 1.5.1 Description: Cherry Studio is vulnerable to OS Command Injection when connecting to a malicious MCP server in HTTP Streamable mode. Attackers can establish a malicious MCP server with compatible OAut...

7.7CVSS7.7AI score0.02144EPSS
Exploits1References7
SUSE CVE
SUSE CVE
added 2025/07/11 11:22 p.m.8 views

SUSE CVE-2025-38264

In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: sanitize request list handling Validate the request in nvmetcphandler2t to ensure it's not part of any list, otherwise a malicious R2T PDU might inject a loop in request list processing...

5.5CVSS7.9AI score0.00136EPSS
Exploits0References17
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2024-46676

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nfc: pn533: Add poll mod list filling check In case of improtocols value is 1 and tmprotocols value is 0 this combination successfully passes the check 'if...

5.5CVSS6.7AI score0.00243EPSS
Exploits0References2
OSV
OSV
added 2023/10/11 10:15 p.m.9 views

AZL-35096 CVE-2023-39325 affecting package packer for versions less than 1.9.5-1

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

7.5CVSS6.6AI score0.03796EPSS
Exploits0References1
NVD
NVD
added 2023/08/02 1:15 p.m.18 views

CVE-2023-26448

Custom log-in and log-out locations are used-defined as jslob but were not checked to contain malicious protocol handlers. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit...

5.4CVSS5.6AI score0.00558EPSS
Exploits0References4
Prion
Prion
added 2023/08/02 1:15 p.m.18 views

Code injection

Custom log-in and log-out locations are used-defined as jslob but were not checked to contain malicious protocol handlers. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit...

4.9CVSS5.7AI score0.00558EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2023/08/02 12:23 p.m.19 views

CVE-2023-26448

Custom log-in and log-out locations are used-defined as jslob but were not checked to contain malicious protocol handlers. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit...

5.4CVSS5.9AI score0.00558EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/08/02 12:0 a.m.5 views

Open-Xchange AppSuite Cross-Site Scripting Vulnerability

Open-Xchange AppSuite is a set of Web cloud desktop environments from Open-Xchange Germany. The environment allows users to more intuitively manage email, tasks, files, etc. A security vulnerability exists in Open-Xchange AppSuite that stems from a customized login and logout location jslob that ...

5.4CVSS6.7AI score0.00558EPSS
Exploits0References7
CNVD
CNVD
added 2018/09/29 12:0 a.m.3 views

Cisco IOS Software and IOS XE Software Denial of Service Vulnerability (CNVD-2018-20297)

Cisco IOS Software and IOS XE Software are both operating systems developed by Cisco for its network devices.Cluster Management Protocol is one of the cluster management protocols. A denial of service vulnerability exists in Cluster Management Protocol in Cisco IOS Software and IOS XE Software. A...

7.4CVSS7.1AI score0.00856EPSS
Exploits0References1
Rows per page
Query Builder