Lucene search
+L

371 matches found

Tenable Nessus
Tenable Nessus
added 2025/04/01 12:0 a.m.24 views

Azure Linux 3.0 Security Update: application-gateway-kubernetes-ingress / azcopy / blobfuse2 / cert-manager / coredns / etcd (CVE-2025-30204)

The version of application-gateway-kubernetes-ingress / azcopy / blobfuse2 / cert-manager / coredns / etcd installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-30204 advisory. - golang-jwt is a Go...

7.5CVSS7.3AI score0.00693EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/28 1:24 p.m.12 views

CVE-2025-2865 Reflected Cross-Site Scripting (XSS) vulnerability in saTECH BCU

SaTECH BCU, in its firmware version 2.1.3, could allow XSS attacks and other malicious resources to be stored on the web server. An attacker with some knowledge of the web application could send a malicious request to the victim users. Through this request, the victims would interpret the code...

2.4CVSS6.2AI score0.0017EPSS
Exploits0References1
CVE
CVE
added 2025/03/28 1:24 p.m.46 views

CVE-2025-2865

CVE-2025-2865 affects Arteche/saTECH BCU firmware 2.1.3. The issue is a reflected/stored cross-site scripting (XSS) vulnerability in the web server that could cause malicious resources to be stored and interpreted by victims when visiting the affected site. Multiple sources corroborate firmware 2...

6.1CVSS6.2AI score0.0017EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2025/03/20 10:46 a.m.3 views

Cross-site Request Forgery (CSRF)

Overview polyaxon is a Command Line Interface CLI and client to interact with Polyaxon API. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the create endpoint. An attacker who can convince a user to follow a malicious link can cause the creation of a...

6.9CVSS7AI score0.0023EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/06 12:0 a.m.19 views

Linux Distros Unpatched Vulnerability : CVE-2025-27515

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Laravel is a web application framework. When using wildcard validation to validate a given file or image field files., a user-crafted malicious request could...

9.8CVSS5.5AI score0.00691EPSS
Exploits1References2
OSV
OSV
added 2025/03/05 7:15 p.m.5 views

DEBIAN-CVE-2025-27515

Laravel is a web application framework. When using wildcard validation to validate a given file or image field files., a user-crafted malicious request could potentially bypass the validation rules. This vulnerability is fixed in 11.44.1 and 12.1.1...

9.8CVSS5.3AI score0.00691EPSS
Exploits1References1
OSV
OSV
added 2025/03/05 7:9 p.m.10 views

GHSA-78FX-H6XR-VCH4 Laravel has a File Validation Bypass

When using wildcard validation to validate a given file or image field array files., a user-crafted malicious request could potentially bypass the validation rules...

6.9CVSS7.1AI score0.00691EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/03/05 6:45 p.m.113 views

CVE-2025-27515 Laravel has a File Validation Bypass

Laravel is a web application framework. When using wildcard validation to validate a given file or image field files., a user-crafted malicious request could potentially bypass the validation rules. This vulnerability is fixed in 11.44.1 and 12.1.1...

6.9CVSS0.00691EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/02/25 8:3 p.m.44 views

CVE-2025-27142 LocalSend path traversal vulnerability in the file upload endpoint allows nearby devices to execute arbitrary commands

LocalSend is a free, open-source app that allows users to securely share files and messages with nearby devices over their local network without needing an internet connection. Prior to version 1.17.0, due to the missing sanitization of the path in the POST /api/localsend/v2/prepare-upload and th...

8.7CVSS0.00514EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/05 10:8 p.m.16 views

CVE-2022-42447

HCL Compass is vulnerable to Cross-Origin Resource Sharing CORS. This vulnerability can allow an unprivileged remote attacker to trick a legitimate user into accessing a special resource and executing a malicious request...

9.6CVSS6.8AI score0.0035EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 7:36 p.m.9 views

CVE-2022-39294

conduit-hyper integrates a conduit application with the hyper server. Prior to version 0.4.2, conduit-hyper did not check any limit on a request's length before calling hyper::body::tobytes. An attacker could send a malicious request with an abnormally large Content-Length, which could lead to a...

7.5CVSS6.5AI score0.00689EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 12:7 p.m.9 views

CVE-2024-52320

The affected product is vulnerable to a command injection. An unauthenticated attacker could send commands through a malicious HTTP request which could result in remote code execution...

9.8CVSS8.1AI score0.02341EPSS
Exploits0References1
OSV
OSV
added 2025/02/04 7:5 p.m.7 views

CLSA-2025-1738695944 samba: Fix of 2 CVEs

Fix CVE-2023-42669: disable the rpcecho server - Fix CVE-2022-2127: fix out-of-bounds read triggered by a malicious request...

6.5CVSS6.7AI score0.01723EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/31 12:0 a.m.17 views

OpenPanel 安全漏洞

OpenPanel is a web hosting panel from OpenPanel, Inc. A security vulnerability exists in OpenPanel v0.3.4, which originates in the File Manager component of OpenPanel, and can be exploited to access and view a directory traversal operation by constructing a malicious HTTP request and utilizing th...

9.1CVSS8.9AI score0.02279EPSS
Exploits3References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/12/24 6:9 p.m.6 views

Malicious code in requesr (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b792f17b467610a1021820a7718884aa436487a9ec75d5ebf889d400efeaec24 Importing the module downloads and starts an infostealer attempting to exfiltrate data and establishing persistence through autorun directory. --- Category:...

7AI score
Exploits0References3
Cvelist
Cvelist
added 2024/12/02 3:57 p.m.23 views

CVE-2024-53981 python-multipart has a Denial of service (DoS) via deformation `multipart/form-data` boundary

python-multipart is a streaming multipart parser for Python. When parsing form data, python-multipart skips line breaks CR \r or LF \n in front of the first boundary and any tailing bytes after the last boundary. This happens one byte at a time and emits a log event each time, which may cause...

7.5CVSS0.00644EPSS
Exploits0References2
OSV
OSV
added 2024/11/17 12:30 p.m.46 views

GHSA-HVW5-3MGW-7RCF Debezium database connector has a script injection vulnerability

A script injection vulnerability was found in the Debezium database connector, where it does not properly sanitize some parameters. This flaw allows an attacker to send a malicious request to inject a parameter that may allow the viewing of unauthorized data...

5.9CVSS5.6AI score0.0038EPSS
Exploits0References5
NVD
NVD
added 2024/11/17 11:15 a.m.15 views

CVE-2023-1419

A script injection vulnerability was found in the Debezium database connector, where it does not properly sanitize some parameters. This flaw allows an attacker to send a malicious request to inject a parameter that may allow the viewing of unauthorized data...

5.9CVSS0.0038EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/11/15 12:0 a.m.5 views

PT-2024-10296 · Planet Technology +1 · Planet Wgs-804Hpt +2

The affected product is susceptible to a stack-based buffer overflow, which can be triggered by an unauthenticated attacker sending a malicious HTTP request. The webserver fails to properly check input size before copying data to the stack, potentially allowing remote code execution. An exploit f...

9.8CVSS9.9AI score0.01368EPSS
Exploits0References14
Vulnrichment
Vulnrichment
added 2024/10/16 4:15 p.m.14 views

CVE-2024-20420 Cisco ATA 190 Series Analog Telephone Adapter Firmware Privilege Escalation Vulnerability

A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an authenticated, remote attacker with low privileges to run commands as an Admin user. This vulnerability is due to incorrect authorization verification by the HTTP server...

5.4CVSS7.4AI score0.00363EPSS
Exploits0References1
Rows per page
Query Builder