Lucene search
K

11633 matches found

CNNVD
CNNVD
added 2025/02/24 12:0 a.m.4 views

Phusion Passenger 安全漏洞

Phusion Passenger is a fast and powerful web server and application server from Phusion Open Source. A security vulnerability exists in Phusion Passenger versions 6.0.21 through 6.0.25 that originates in a denial of service when the HTTP parser resolves an invalid HTTP method...

7.5CVSS5.4AI score0.0057EPSS
Exploits0References5
RubySec
RubySec
added 2025/02/24 12:0 a.m.10 views

Phusion Passenger denial of service

The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method...

7.5CVSS6.7AI score0.0057EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/02/24 12:0 a.m.137 views

CVE-2025-26803

CVE-2025-26803 affects Phusion Passenger: the http parser in versions 6.0.21–6.0.25 (before 6.0.26) is vulnerable to denial of service when parsing a request with an invalid HTTP method. The issue is mitigated by upgrading to Passenger 6.0.26 or later. No exploitation details are provided in the ...

7.5CVSS6.9AI score0.0057EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2025/02/24 12:0 a.m.3 views

NovaCHRON Zeitsysteme Smart Time Plus 安全漏洞

NovaCHRON Zeitsysteme Smart Time Plus is a time only management program from NovaCHRON Zeitsysteme. A security vulnerability exists in NovaCHRON Zeitsysteme Smart Time Plus versions prior to v8.x through v8.6, which stems from a SQL injection vulnerability in the getCookieNames method...

9.8CVSS7.5AI score0.00387EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/02/24 12:0 a.m.3 views

NovaCHRON Zeitsysteme Smart Time Plus 安全漏洞

NovaCHRON Zeitsysteme Smart Time Plus is a time management only program from NovaCHRON Zeitsysteme. A security vulnerability exists in NovaCHRON Zeitsysteme Smart Time Plus versions prior to v8.x through v8.6, which stems from a SQL injection vulnerability in the addProject method...

5.4CVSS7.5AI score0.00222EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/02/24 12:0 a.m.10 views

CVE-2024-53543

NovaCHRON Zeitsysteme GmbH & Co. KG Smart Time Plus v8.x to v8.6 was discovered to contain a SQL injection vulnerability via the addProject method in the smarttimeplus/MySQLConnection endpoint...

0.00222EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/22 12:25 a.m.6 views

CVE-2024-37362

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. CWE-522 Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.0 and 9.3.0.8, including 8.3.x, discloses database...

6.3CVSS6.6AI score0.00265EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/02/21 10:43 p.m.15 views

Vyper's sqrt doesn't define rounding behavior

Vyper's sqrt builtin uses the babylonian method to calculate square roots of decimals. Unfortunately, improper handling of the oscillating final states may lead to sqrt incorrectly returning rounded up results. the fix is tracked in https://github.com/vyperlang/vyper/pull/4486 Vulnerability Detai...

7.5CVSS7.2AI score0.00302EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/02/21 10:15 p.m.2 views

PYSEC-2025-29

vyper is a Pythonic Smart Contract Language for the EVM. Vyper sqrt builtin uses the babylonian method to calculate square roots of decimals. Unfortunately, improper handling of the oscillating final states may lead to sqrt incorrectly returning rounded up results. This issue is being addressed a...

7.5CVSS5.9AI score0.00302EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/02/21 9:36 p.m.19 views

CVE-2025-26622 sqrt doesn't define rounding behavior in Vyper

vyper is a Pythonic Smart Contract Language for the EVM. Vyper sqrt builtin uses the babylonian method to calculate square roots of decimals. Unfortunately, improper handling of the oscillating final states may lead to sqrt incorrectly returning rounded up results. This issue is being addressed a...

2.3CVSS0.00302EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/21 9:36 p.m.20 views

CVE-2025-26622 sqrt doesn't define rounding behavior in Vyper

vyper is a Pythonic Smart Contract Language for the EVM. Vyper sqrt builtin uses the babylonian method to calculate square roots of decimals. Unfortunately, improper handling of the oscillating final states may lead to sqrt incorrectly returning rounded up results. This issue is being addressed a...

2.3CVSS7.4AI score0.00302EPSS
Exploits0References2
CVE
CVE
added 2025/02/21 9:36 p.m.81 views

CVE-2025-26622

The CVE concerns vyper’s sqrt() builtin, which uses the Babylonian method for decimals. The problem arises from improper handling of oscillating final states, which can cause sqrt to return a rounded-up value (e.g., for certain inputs, 0.9999999998 → 0.9999999999). The issue is detailed in the GH...

7.5CVSS6.4AI score0.00302EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2025/02/21 6:40 p.m.2 views

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection via the deserialize method, when handling untrusted XML data, which may contain external entity references. Details XXE Injection is a type of attack against an application that parses XML input. XML is...

8.7CVSS7.6AI score0.00211EPSS
Exploits0References2
OSV
OSV
added 2025/02/21 3:15 p.m.6 views

AZL-76815 CVE-2025-0838 affecting package abseil-cpp for versions less than 20220623.0-2

There exists a heap buffer overflow vulnerable in Abseil-cpp. The sized constructors, reserve, and rehash methods of absl::flat,nodehashset,map did not impose an upper bound on their size argument. As a result, it was possible for a caller to pass a very large size that would cause an integer...

9.8CVSS6AI score0.00563EPSS
Exploits0References1
OSV
OSV
added 2025/02/21 1:36 p.m.7 views

OESA-2025-1162 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: ila: call nfunregisternethooks sooner syzbot found an use-after-free Read in ilanfinput 1 Issue here is that ilaxlatexitnet frees the rhashtable, then call...

7.8CVSS6.1AI score0.00388EPSS
Exploits1References19
OSV
OSV
added 2025/02/21 1:36 p.m.7 views

OESA-2025-1158 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: ila: call nfunregisternethooks sooner syzbot found an use-after-free Read in ilanfinput 1 Issue here is that ilaxlatexitnet frees the rhashtable, then call...

7.8CVSS6.1AI score0.00388EPSS
Exploits1References19
Metasploit
Metasploit
added 2025/02/20 6:55 p.m.553 views

TFTP Fetch, Linux Command Shell, Reverse TCP Inline

Fetch and execute an MIPSBE payload from a TFTP server. Connect back to attacker and spawn a command shell Module Options msf use payload/cmd/linux/tftp/mipsbe/shellreversetcp msf payloadshellreversetcp show actions ...actions... msf payloadshellreversetcp set ACTION msf payloadshellreversetcp sh...

5.8AI score
Exploits0
Metasploit
Metasploit
added 2025/02/20 6:55 p.m.275 views

TFTP Fetch

Fetch and execute an PPC payload from an TFTP server. Module Options msf use payload/cmd/linux/tftp/ppc/meterpreterreversetcp msf payloadmeterpreterreversetcp show actions ...actions... msf payloadmeterpreterreversetcp set ACTION msf payloadmeterpreterreversetcp show options ...show and set...

5.8AI score
Exploits0
Metasploit
Metasploit
added 2025/02/20 6:55 p.m.368 views

HTTPS Fetch, Reverse TCP Stager

Fetch and execute an MIPSBE payload from an HTTPS server. Connect back to the attacker Module Options msf use payload/cmd/linux/https/mipsbe/meterpreter/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options ...show and set...

7.2AI score
Exploits0
Vulnrichment
Vulnrichment
added 2025/02/19 11:34 p.m.5 views

CVE-2024-37362 Hitachi Vantara Pentaho Data Integration & Analytics - Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. CWE-522 Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.0 and 9.3.0.8, including 8.3.x, discloses database...

6.3CVSS6.3AI score0.00265EPSS
Exploits0References1
Rows per page
Query Builder