Lucene search
K

11633 matches found

RedHat Linux
RedHat Linux
added 2025/02/10 6:29 a.m.4 views

jinja2: Jinja has a sandbox breakout through indirect reference to format method

A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...

7.8CVSS7.5AI score0.005EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/02/10 12:0 a.m.6 views

Azure Linux 3.0 Security Update: bind (CVE-2024-4076)

The version of bind installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-4076 advisory. - Client queries that trigger serving stale data and that also require lookups in local authoritative zone data M...

7.5CVSS8AI score0.02111EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/07 6:1 p.m.6 views

CVE-2025-22694

Missing Authorization vulnerability in Dotstore Hide Shipping Method For WooCommerce hide-shipping-method-for-woocommerce.This issue affects Hide Shipping Method For WooCommerce: from n/a through = 1.5.1...

4.3CVSS7.2AI score0.00317EPSS
Exploits0References1
OSV
OSV
added 2025/02/06 12:33 p.m.149 views

BIT-PYTHON-2024-12254 Unbounded memory buffering in SelectorSocketTransport.writelines()

Starting in Python 3.12.0, the asyncio.SelectorSocketTransport.writelines method would not "pause" writing and signal to the Protocol to drain the buffer to the wire once the write buffer reached the "high-water mark". Because of this, Protocols would not periodically drain the write buffer...

8.7CVSS7.6AI score0.01844EPSS
Exploits0References9
OSV
OSV
added 2025/02/06 12:33 p.m.8 views

BIT-PYTHON-MIN-2024-12254 Unbounded memory buffering in SelectorSocketTransport.writelines()

Starting in Python 3.12.0, the asyncio.SelectorSocketTransport.writelines method would not "pause" writing and signal to the Protocol to drain the buffer to the wire once the write buffer reached the "high-water mark". Because of this, Protocols would not periodically drain the write buffer...

8.7CVSS7.6AI score0.01844EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2025/02/06 5:2 a.m.4 views

jinja2: Jinja has a sandbox breakout through indirect reference to format method

A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...

7.8CVSS7.5AI score0.005EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/02/06 3:46 a.m.11 views

CVE-2021-26613

improper input validation vulnerability in nexacro permits copying file to the startup folder using rename method...

8.1CVSS6.8AI score0.00818EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/06 3:45 a.m.13 views

CVE-2021-26626

Improper input validation vulnerability in XPLATFORM's execBrowser method can cause execute arbitrary commands. IF the second parameter value of the execBrowser function is ‘default’, the first parameter value could be passed to the ShellExecuteW API. The passed parameter is an arbitrary code to ...

8.8CVSS7.9AI score0.01166EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/02/06 1:16 a.m.2 views

jinja2: Jinja has a sandbox breakout through indirect reference to format method

A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...

7.8CVSS7.5AI score0.005EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/02/05 10:42 p.m.6 views

CVE-2022-36078

Binary provides encoding/decoding in Borsh and other formats. The vulnerability is a memory allocation vulnerability that can be exploited to allocate slices in memory with arbitrary excessive size value, which can either exhaust available memory or crash the whole program. When using...

8.8CVSS6.8AI score0.00907EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/02/05 9:45 p.m.13 views

CVE-2022-24356

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader Foxit reader 11.0.1.0719 macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...

8.8CVSS6.7AI score0.02193EPSS
Exploits0References1
OSV
OSV
added 2025/02/05 9:30 p.m.12 views

GHSA-MJ4V-HP69-27X5 Plenti - Code Injection - Denial of Services

Summary While pushing a file via postLocal method if user add javascript code in file parameter that codes can exe in v8go context. Details While posting a file via postLocal, any attacker will add javascript codes to file parameter. That parameter content pass to componentSignature method after...

6.5CVSS9AI score0.00696EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2025/02/05 5:11 p.m.7 views

CVE-2019-19168

Dext5.ocx ActiveX 5.0.0.116 and eariler versions contain a vulnerability, which could allow remote attacker to download and execute remote arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution...

9.8CVSS7.4AI score0.0161EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 3:0 p.m.11 views

CVE-2020-27869

This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor 2020 HF1, NPM: 2020.2. Authentication is required to exploit this vulnerability. The specific flaw exists within the WriteToFile method. The issue results from the...

9CVSS7.5AI score0.05091EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 1:33 p.m.26 views

CVE-2020-26222

Dependabot is a set of packages for automated dependency management for Ruby, JavaScript, Python, PHP, Elixir, Rust, Java, .NET, Elm and Go. In Dependabot-Core from version 0.119.0.beta1 before version 0.125.1, there is a remote code execution vulnerability in dependabot-common and...

8.8CVSS7.6AI score0.02935EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/02/05 1:28 a.m.6 views

CVE-2024-11248

A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. Affected by this issue is the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack may be launched remotely...

9CVSS8.8AI score0.01225EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 1:5 a.m.7 views

CVE-2024-28074

It was discovered that a previous vulnerability was not completely fixed with SolarWinds Access Rights Manager. While some controls were implemented the researcher was able to bypass these and use a different method to exploit the vulnerability...

9.6CVSS6.9AI score0.10917EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 12:58 a.m.6 views

CVE-2024-28181

turboboost-commands is a set of commands to help you build robust reactive applications with Rails & Hotwire. TurboBoost Commands has existing protections in place to guarantee that only public methods on Command classes can be invoked; however, the existing checks aren't as robust as they should...

8.1CVSS7.4AI score0.00796EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 12:56 a.m.11 views

CVE-2024-28240

The GLPI Agent is a generic management agent. A vulnerability that only affects GLPI-Agent installed on windows via MSI packaging can allow a local user to cause denial of agent service by replacing GLPI server url with a wrong url or disabling the service. Additionally, in the case the Deploy ta...

7.8CVSS7AI score0.00224EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 12:34 a.m.23 views

CVE-2024-55924

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

8CVSS7.9AI score0.00251EPSS
Exploits0References1
Rows per page
Query Builder