Lucene search
K

11632 matches found

Cvelist
Cvelist
added 2025/02/26 12:0 a.m.12 views

CVE-2025-25789

FoxCMS v1.2.5 was discovered to contain a remote code execution RCE vulnerability via the index method at \controller\Sitemap.php...

0.0146EPSS
Exploits1References3
CVE
CVE
added 2025/02/26 12:0 a.m.74 views

CVE-2025-25789

CVE-2025-25789 affects FoxCMS v1.2.5 and is described as a remote code execution (RCE) via the index() method in Sitemap.php. The vulnerability is detailed as a high-severity issue (CVSS v3.1: 9.8, CRITICAL) with NETWORK attack vector, LOW attack complexity, no privileges required, no user intera...

9.8CVSS8AI score0.0146EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2025/02/25 5:49 p.m.7 views

GHSA-HW62-58PR-7WC5 DOM Expressions has a Cross-Site Scripting (XSS) vulnerability due to improper use of string.replace

!NOTE This advisory was originally emailed to [email protected] by @nsysean. To sum it up, the use of javascript's .replace opens up to potential XSS vulnerabilities with the special replacement patterns beginning with $. Particularly, when the attributes of Meta tag from solid-meta are...

7.3CVSS6.3AI score0.00256EPSS
Exploits0References4
OSV
OSV
added 2025/02/25 12:33 p.m.4 views

USN-7292-1 Several security issues were fixed in Dropbear

Manfred Kaiser discovered that Dropbear through 2020.81 does not properly check the available authentication methods in the client-side SSH code. An attacker could use this vulnerability to gain unauthorized access to remote systems. CVE-2021-36369 Fabian Bäumer, Marcus Brinkmann, and Jörg Schwen...

7.5CVSS6.7AI score0.93305EPSS
Exploits4References3
RedHat Linux
RedHat Linux
added 2025/02/25 11:30 a.m.3 views

urllib3: Request body not stripped after redirect from 303 status changes request method to GET

A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as POST to GET, as is required by HTTP...

4.2CVSS7.2AI score0.00544EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2025/02/25 7:26 a.m.11 views

Moderate: Red Hat Security Advisory: tuned security update

An update for tuned is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

5.5CVSS6.4AI score0.00298EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2025/02/25 7:26 a.m.4 views

tuned: improper sanitization of `instance_name` parameter of the `instance_create()` method

A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick t...

5.5CVSS5.7AI score0.00298EPSS
Exploits0References7
Citrix
Citrix
added 2025/02/25 12:0 a.m.12 views

Driver Disk for Qlogic qla2xxx 10.02.13.00_k - For Citrix Hypervisor 8.2 Cumulative Update 1 LTSR

Who should install this driver disk? Customers running the Citrix Hypervisor 8.2 Cumulative Update 1 LTSR release who use Qlogic's qla2xxx driver and wish to use the latest version of the following: Driver Module| Driver Type| Version ---|---|--- qla2xxx| Fibre Channel HBA/Storage Controller|...

7.1AI score
Exploits0
Microsoft KB
Microsoft KB
added 2025/02/25 12:0 a.m.6 views

February 25, 2025—KB5052077 (OS Build 19045.5555) Preview

February 25, 2025—KB5052077 OS Build 19045.5555 Preview Support for Windows 10 has ended on October 14, 2025 After October 14, 2025, Microsoft will no longer provide free software updates from Windows Update, technical assistance, or security fixes for Windows 10. Your PC will still work, but we...

5.6AI score
Exploits0
NVD
NVD
added 2025/02/24 11:15 p.m.23 views

CVE-2024-53543

NovaCHRON Zeitsysteme GmbH & Co. KG Smart Time Plus v8.x to v8.6 was discovered to contain a SQL injection vulnerability via the addProject method in the smarttimeplus/MySQLConnection endpoint...

5.4CVSS0.00222EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/02/24 6:32 p.m.17 views

Phusion Passenger denial of service

The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method...

7.5CVSS7.1AI score0.0057EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2025/02/24 6:32 p.m.5 views

GHSA-2CJ2-QQXJ-5M3R Phusion Passenger denial of service

The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method...

5.3CVSS5.2AI score0.0057EPSS
Exploits0References8
OSV
OSV
added 2025/02/24 4:15 p.m.3 views

DEBIAN-CVE-2025-26803

The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method...

7.5CVSS5.6AI score0.0057EPSS
Exploits0References1
NVD
NVD
added 2025/02/24 4:15 p.m.13 views

CVE-2025-26803

The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method...

7.5CVSS0.0057EPSS
Exploits0References5
OSV
OSV
added 2025/02/24 4:15 p.m.12 views

CVE-2025-26803

The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method...

7.5CVSS5.2AI score
Exploits0References5
OSV
OSV
added 2025/02/24 4:15 p.m.1 views

UBUNTU-CVE-2025-26803

The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method...

7.5CVSS5.8AI score0.0057EPSS
Exploits0References7
Rosalinux
Rosalinux
added 2025/02/24 12:28 p.m.14 views

Advisory ROSA-SA-2025-2703

Software: jbig2dec 0.16 OS: ROSA Virtualization 3.0 packageevrstring: jbig2dec-0.16 CVE-ID: CVE-2020-12268 BDU-ID: 2022-05687 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the jbig2imagecompose function of the jbig2imagecompose component of the jbig2image.c decoder of the JBIG2 Jbig2dec image...

9.8CVSS7AI score0.02622EPSS
Exploits1
Cvelist
Cvelist
added 2025/02/24 12:0 a.m.9 views

CVE-2025-26803

The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method...

5.3CVSS0.0057EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/02/24 12:0 a.m.5 views

CVE-2025-26803

The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method...

5.3CVSS6.9AI score0.0057EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/02/24 12:0 a.m.4 views

Phusion Passenger 安全漏洞

Phusion Passenger is a fast and powerful web server and application server from Phusion Open Source. A security vulnerability exists in Phusion Passenger versions 6.0.21 through 6.0.25 that originates in a denial of service when the HTTP parser resolves an invalid HTTP method...

7.5CVSS5.4AI score0.0057EPSS
Exploits0References5
Rows per page
Query Builder