Lucene search
K

11633 matches found

Debian CVE
Debian CVE
added 2025/03/03 12:0 a.m.6 views

CVE-2025-27220

In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service ReDoS vulnerability exists in the UtilescapeElement method...

7.5CVSS5.8AI score0.00702EPSS
Exploits0
OSV
OSV
added 2025/03/02 7:16 a.m.5 views

BIT-PASSENGER-2025-26803

The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method...

7.5CVSS6.6AI score0.0057EPSS
Exploits0References6
OSV
OSV
added 2025/03/02 7:16 a.m.7 views

BIT-PASSENGER-NGINX-MODULE-2025-26803

The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method...

7.5CVSS6.6AI score0.0057EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2025/03/01 2:52 a.m.4 views

SUSE CVE-2025-21807

In the Linux kernel, the following vulnerability has been resolved: block: fix queue freeze vs limits lock order in sysfs store methods queueattrstore always freezes a device queue before calling the attribute store operation. For attributes that control queue limits, the store operation will als...

5.5CVSS6.4AI score0.00116EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/03/01 12:0 a.m.4 views

PT-2025-12535

Name of the Vulnerable Software and Affected Versions: Apache Commons VFS versions prior to 2.10.0 Description: The FileObject API in Commons VFS has a resolveFile method that takes a scope parameter. Specifying NameScope.DESCENDENT promises that an exception is thrown if the resolved file is not...

7.8CVSS6.8AI score0.01277EPSS
Exploits0References46
RedhatCVE
RedhatCVE
added 2025/02/28 12:26 a.m.8 views

CVE-2025-25789

FoxCMS v1.2.5 was discovered to contain a remote code execution RCE vulnerability via the index method at \controller\Sitemap.php...

9.8CVSS8.3AI score0.0146EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/02/28 12:0 a.m.5 views

PT-2025-9063 · WordPress · Wpforo Forum

Name of the Vulnerable Software and Affected Versions: wpForo Forum plugin for WordPress versions prior to 2.4.2 Description: The issue arises from insufficient input validation in the update method of the Members class, allowing authenticated attackers with subscriber-level privileges or higher ...

6.5CVSS9.4AI score0.00346EPSS
Exploits0References8
Cvelist
Cvelist
added 2025/02/27 5:0 a.m.18 views

CVE-2025-1686

Versions of the package io.pebbletemplates:pebble from 0 and before 4.1.0 are vulnerable to External Control of File Name or Path via the include tag. A high privileged attacker can access sensitive local files by crafting malicious notification templates that leverage this tag to include files...

6.8CVSS0.00782EPSS
Exploits1References5
OSV
OSV
added 2025/02/27 3:15 a.m.2 views

UBUNTU-CVE-2025-21746

In the Linux kernel, the following vulnerability has been resolved: Input: synaptics - fix crash when enabling pass-through port When enabling a pass-through port an interrupt might come before psmouse driver binds to the pass-through port. However synaptics sub-driver tries to access psmouse...

4.7CVSS6.5AI score0.00137EPSS
Exploits0References16
SUSE CVE
SUSE CVE
added 2025/02/27 2:56 a.m.3 views

SUSE CVE-2025-27221

In the URI gem before 1.0.3 for Ruby, the URI handling methods URI.join, URImerge, URI+ have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host...

5.3CVSS7.2AI score0.00472EPSS
Exploits0References11
NVD
NVD
added 2025/02/26 3:15 p.m.4 views

CVE-2025-25789

FoxCMS v1.2.5 was discovered to contain a remote code execution RCE vulnerability via the index method at \controller\Sitemap.php...

9.8CVSS0.0146EPSS
Exploits1References3
OSV
OSV
added 2025/02/26 3:15 p.m.3 views

CVE-2025-25789

FoxCMS v1.2.5 was discovered to contain a remote code execution RCE vulnerability via the index method at \controller\Sitemap.php...

9.8CVSS6.4AI score0.0146EPSS
Exploits1References3
The Hacker News
The Hacker News
added 2025/02/26 11:4 a.m.25 views

New Linux Malware 'Auto-Color' Grants Hackers Full Remote Access to Compromised Systems

Universities and government organizations in North America and Asia have been targeted by a previously undocumented Linux malware called Auto-Color between November and December 2024, according to new findings from Palo Alto Networks Unit 42. "Once installed, Auto-color allows threat actors full...

7.2AI score
Exploits0
Cvelist
Cvelist
added 2025/02/26 2:23 a.m.14 views

CVE-2022-49602 ip: Fix a data-race around sysctl_fwmark_reflect.

In the Linux kernel, the following vulnerability has been resolved: ip: Fix a data-race around sysctlfwmarkreflect. While reading sysctlfwmarkreflect, it can be changed concurrently. Thus, we need to add READONCE to its reader...

0.00177EPSS
Exploits0References8
CVE
CVE
added 2025/02/26 2:14 a.m.68 views

CVE-2022-49550

CVE-2022-49550 affects the Linux kernel ntfs3 filesystem. The root cause is the absence of the ‘invalidate_folio’ method, which leads to a memory leak where cached written data are not freed after unmount. The documented fix is to add a new implementation, block_invalidate_folio, to ntfs3 to reso...

5.5CVSS5.4AI score0.00204EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/02/26 2:14 a.m.16 views

CVE-2022-49550 fs/ntfs3: provide block_invalidate_folio to fix memory leak

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: provide blockinvalidatefolio to fix memory leak The ntfs3 filesystem lacks the 'invalidatefolio' method and it causes memory leak. If you write to the filesystem and then unmount it, the cached written data are not free...

0.00204EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2025/02/26 2:13 a.m.7 views

CVE-2022-49513

In the Linux kernel, the following vulnerability has been resolved: cpufreq: governor: Use kobject release method to free dbsdata The struct dbsdata embeds a struct govattrset and the struct govattrset embeds a kobject. Since every kobject must have a release method and we can't use kfree to free...

5.5CVSS5.3AI score0.00244EPSS
Exploits0
Cvelist
Cvelist
added 2025/02/26 2:13 a.m.16 views

CVE-2022-49513 cpufreq: governor: Use kobject release() method to free dbs_data

In the Linux kernel, the following vulnerability has been resolved: cpufreq: governor: Use kobject release method to free dbsdata The struct dbsdata embeds a struct govattrset and the struct govattrset embeds a kobject. Since every kobject must have a release method and we can't use kfree to free...

0.00244EPSS
Exploits0References3
OSV
OSV
added 2025/02/26 2:13 a.m.8 views

CVE-2022-49513 cpufreq: governor: Use kobject release() method to free dbs_data

In the Linux kernel, the following vulnerability has been resolved: cpufreq: governor: Use kobject release method to free dbsdata The struct dbsdata embeds a struct govattrset and the struct govattrset embeds a kobject. Since every kobject must have a release method and we can't use kfree to free...

5.5CVSS5.9AI score0.00244EPSS
Exploits0References6
OSV
OSV
added 2025/02/26 2:12 a.m.11 views

CVE-2022-49410 tracing: Fix potential double free in create_var_ref()

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix potential double free in createvarref In createvarref, initvarref is called to initialize the fields of variable reffield, which is allocated in the previous function call to createhistfield. Function initvarref...

7.8CVSS5.5AI score0.00282EPSS
Exploits0References10
Rows per page
Query Builder