Lucene search
K

130 matches found

OSV
OSV
added 2025/05/26 4:15 a.m.8 views

PYSEC-2025-173

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been classified as problematic. Affected is the function MDCImporter::InternReadFile of the file assimp/code/AssetLib/MDC/MDCLoader.cpp of the component MDC File Parser. The manipulation of the argument pcVerts leads to...

5.5CVSS4.6AI score0.00208EPSS
Exploits1References6
OSV
OSV
added 2025/05/26 4:15 a.m.3 views

UBUNTU-CVE-2025-5166

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been classified as problematic. Affected is the function MDCImporter::InternReadFile of the file assimp/code/AssetLib/MDC/MDCLoader.cpp of the component MDC File Parser. The manipulation of the argument pcVerts leads to...

5.5CVSS4.8AI score0.00208EPSS
Exploits1References8
OSV
OSV
added 2025/05/26 3:15 a.m.9 views

PYSEC-2025-172

A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This issue affects the function MDCImporter::ValidateSurfaceHeader of the file assimp/code/AssetLib/MDC/MDCLoader.cpp. The manipulation of the argument pcSurface2 leads to out-of-bounds read...

5.5CVSS4.8AI score0.00208EPSS
Exploits1References6
PyPA
PyPA
added 2025/05/26 3:15 a.m.9 views

PYSEC-2025-172

A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This issue affects the function MDCImporter::ValidateSurfaceHeader of the file assimp/code/AssetLib/MDC/MDCLoader.cpp. The manipulation of the argument pcSurface2 leads to out-of-bounds read...

5.5CVSS4.8AI score0.00208EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2025/05/26 3:15 a.m.2 views

DEBIAN-CVE-2025-5165

A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This issue affects the function MDCImporter::ValidateSurfaceHeader of the file assimp/code/AssetLib/MDC/MDCLoader.cpp. The manipulation of the argument pcSurface2 leads to out-of-bounds read...

5.5CVSS3.9AI score0.00208EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2025/05/26 3:15 a.m.4 views

CVE-2025-5165

A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This issue affects the function MDCImporter::ValidateSurfaceHeader of the file assimp/code/AssetLib/MDC/MDCLoader.cpp. The manipulation of the argument pcSurface2 leads to out-of-bounds read...

5.5CVSS7.3AI score0.00208EPSS
Exploits1References6
OSV
OSV
added 2025/05/26 3:15 a.m.3 views

UBUNTU-CVE-2025-5165

A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This issue affects the function MDCImporter::ValidateSurfaceHeader of the file assimp/code/AssetLib/MDC/MDCLoader.cpp. The manipulation of the argument pcSurface2 leads to out-of-bounds read...

5.5CVSS4.9AI score0.00208EPSS
Exploits1References8
OSV
OSV
added 2025/05/26 3:0 a.m.6 views

CVE-2025-5166 Open Asset Import Library Assimp MDC File Parser MDCLoader.cpp InternReadFile out-of-bounds

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been classified as problematic. Affected is the function MDCImporter::InternReadFile of the file assimp/code/AssetLib/MDC/MDCLoader.cpp of the component MDC File Parser. The manipulation of the argument pcVerts leads to...

4.8CVSS4.7AI score0.00208EPSS
Exploits1References8
Cvelist
Cvelist
added 2025/05/26 3:0 a.m.15 views

CVE-2025-5166 Open Asset Import Library Assimp MDC File Parser MDCLoader.cpp InternReadFile out-of-bounds

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been classified as problematic. Affected is the function MDCImporter::InternReadFile of the file assimp/code/AssetLib/MDC/MDCLoader.cpp of the component MDC File Parser. The manipulation of the argument pcVerts leads to...

4.8CVSS0.00208EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/05/26 3:0 a.m.18 views

CVE-2025-5166 Open Asset Import Library Assimp MDC File Parser MDCLoader.cpp InternReadFile out-of-bounds

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been classified as problematic. Affected is the function MDCImporter::InternReadFile of the file assimp/code/AssetLib/MDC/MDCLoader.cpp of the component MDC File Parser. The manipulation of the argument pcVerts leads to...

4.8CVSS3.9AI score0.00208EPSS
Exploits1References6
CVE
CVE
added 2025/05/26 3:0 a.m.94 views

CVE-2025-5166

Open Asset Import Library Assimp 5.4.3 contains CVE-2025-5166 affecting MDCImporter::InternReadFile in MDCLoader.cpp (MDC File Parser). The manipulation of the argument pcVerts leads to an out-of-bounds read and local access may be exploited. Public disclosure of the exploit is noted. Connected O...

5.5CVSS4.1AI score0.00208EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
added 2025/05/26 12:0 a.m.4 views

PT-2025-22882 · Assimp +1 · Assimp +1

Name of the Vulnerable Software and Affected Versions: Open Asset Import Library Assimp version 5.4.3 Description: A vulnerability was found in the Open Asset Import Library Assimp. It has been classified as problematic and affects the function MDCImporter::InternReadFile of the component MDC Fil...

5.5CVSS3.5AI score0.00208EPSS
Exploits1References18
RedhatCVE
RedhatCVE
added 2025/05/23 6:39 a.m.20 views

CVE-2024-51875

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nazmul Ahsan MDC YouTube Downloader mdc-youtube-downloader allows DOM-Based XSS.This issue affects MDC YouTube Downloader: from n/a through = 3.0.0...

6.5CVSS7.2AI score0.00304EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/02/24 12:8 a.m.9 views

log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map MDC input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution RCE in a limited number of environments...

10CVSS7.9AI score0.99999EPSS
Exploits354References8
NVD
NVD
added 2025/02/06 6:15 p.m.9 views

CVE-2025-24981

MDC is a tool to take regular Markdown and write documents interacting deeply with a Vue component. In affected versions unsafe parsing logic of the URL from markdown can lead to arbitrary JavaScript code due to a bypass to the existing guards around the javascript: protocol scheme in the URL. Th...

9.3CVSS0.0066EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/02/06 5:26 p.m.15 views

CVE-2025-24981 Parsed HTML anchor links in Markdown provided to parseMarkdown can result in XSS in @nuxtjs/mdc

MDC is a tool to take regular Markdown and write documents interacting deeply with a Vue component. In affected versions unsafe parsing logic of the URL from markdown can lead to arbitrary JavaScript code due to a bypass to the existing guards around the javascript: protocol scheme in the URL. Th...

9.3CVSS0.0066EPSS
Exploits0References3
CVE
CVE
added 2025/02/06 5:26 p.m.66 views

CVE-2025-24981

The CVE-2025-24981 vulnerability affects MDC (the Markdown-to-Vue integration used in @nuxtjs/mdc). The root cause is unsafe URL parsing in the parser (props.ts) that uses a deny-list for protocols (e.g., javascript:) but can be bypassed when the attacker provides hex-encoded HTML entities within...

9.3CVSS9AI score0.0066EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/02/06 5:26 p.m.6 views

CVE-2025-24981 Parsed HTML anchor links in Markdown provided to parseMarkdown can result in XSS in @nuxtjs/mdc

MDC is a tool to take regular Markdown and write documents interacting deeply with a Vue component. In affected versions unsafe parsing logic of the URL from markdown can lead to arbitrary JavaScript code due to a bypass to the existing guards around the javascript: protocol scheme in the URL. Th...

9.3CVSS9.1AI score0.0066EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/06 2:35 a.m.7 views

CVE-2025-23639

Cross-Site Request Forgery CSRF vulnerability in Nazmul Ahsan MDC YouTube Downloader mdc-youtube-downloader allows Stored XSS.This issue affects MDC YouTube Downloader: from n/a through = 3.0.0...

7.1CVSS7.2AI score0.00162EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/06 12:0 a.m.2 views

Nuxt MDC 跨站脚本漏洞

Nuxt MDC is a Nuxt open source application that enhances regular Markdown. A cross-site scripting vulnerability exists in Nuxt MDC that stems from insecure parsing logic for URLs in Markdown, leading to arbitrary JavaScript code execution...

9.3CVSS6.5AI score0.0066EPSS
Exploits0References3
Rows per page
Query Builder