Lucene search
K

11634 matches found

Vulnrichment
Vulnrichment
added 2025/01/29 5:46 p.m.11 views

CVE-2025-24789 Snowflake JDBC allows an untrusted search path on Windows

Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake JDBC Driver. When the EXTERNALBROWSER authentication method is used on Windows, an attacker with write...

7.8CVSS7.8AI score0.00252EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2025/01/29 8:0 a.m.9 views

PCI: Fix reset_method_store() memory leak

...

5.5CVSS6.9AI score0.00208EPSS
Exploits0
OSV
OSV
added 2025/01/28 5:15 p.m.4 views

CVE-2018-9378

In BnAudioPolicyService::onTransact of IAudioPolicyService.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

6.2CVSS5.9AI score0.00085EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/01/28 9:32 a.m.12 views

Apache Hive vulnerable to Observable Timing Discrepancy and Authentication Bypass by Spoofing

Use of Arrays.equals in LlapSignerImpl in Apache Hive to compare message signatures allows attacker to forge a valid signature for an arbitrary message byte by byte. The attacker should be an authorized user of the product to perform this attack. Users are recommended to upgrade to version 4.0.0,...

6.5CVSS7.1AI score0.01131EPSS
Exploits1References9Affected Software1
CNNVD
CNNVD
added 2025/01/28 12:0 a.m.4 views

DTEX DEC-M 安全漏洞

DTEX DEC-M is a unified internal risk management platform from DTEX Corporation. A security vulnerability exists in DTEX DEC-M version 6.1.1, which stems from a lack of proper logical validation, and allows an attacker to elevate privileges to root via an unauthorized client connection using the...

8.8CVSS6.7AI score0.00979EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2025/01/27 7:32 p.m.3 views

jinja2: Jinja has a sandbox breakout through indirect reference to format method

A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...

7.8CVSS7.5AI score0.005EPSS
Exploits0References7
NVD
NVD
added 2025/01/27 7:15 p.m.16 views

CVE-2024-56953

An issue in Baidu China Co Ltd Baidu Input Method iOS version v12.6.13 allows attackers to access user information via supplying a crafted link...

6.5CVSS0.0031EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/27 12:0 a.m.4 views

PT-2025-3357 · Baidu · Baidu Input Method

Name of the Vulnerable Software and Affected Versions: Baidu Input Method version 12.6.13 Description: The issue allows attackers to access user information by supplying a crafted link. Recommendations: For version 12.6.13, update to a newer version to mitigate the risk. At the moment, there is n...

6.5CVSS6.9AI score0.0031EPSS
Exploits0References3
CVE
CVE
added 2025/01/27 12:0 a.m.45 views

CVE-2024-56953

CVE-2024-56953 affects Baidu Input Method for iOS 12.6.13. The issue allows attackers to access user information by delivering a crafted link. Root cause details are not fully disclosed in the provided documents. Affected component: Baidu Input Method (iOS). Impact described: unauthorized access ...

6.5CVSS6.6AI score0.0031EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/27 12:0 a.m.2 views

Sogou Input 安全漏洞

Sogou Input is an input method from the Chinese company Sogou Sogou. A security vulnerability exists in Sogou Input iOS version 12.2.0, which originates from an attacker being able to obtain sensitive user information by providing a carefully crafted link...

6.5CVSS6.1AI score0.0031EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/27 12:0 a.m.6 views

CVE-2024-56953

An issue in Baidu China Co Ltd Baidu Input Method iOS version v12.6.13 allows attackers to access user information via supplying a crafted link...

6.3AI score0.0031EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/27 12:0 a.m.9 views

CVE-2024-56953

An issue in Baidu China Co Ltd Baidu Input Method iOS version v12.6.13 allows attackers to access user information via supplying a crafted link...

0.0031EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/27 12:0 a.m.3 views

Baidu Input Method 安全漏洞

Baidu Input Method is an input method from the Chinese company Baidu Baidu. A security vulnerability exists in Baidu Input Method version v12.6.13, which originates from an attacker being able to access sensitive user information by providing a carefully crafted link...

6.5CVSS6.3AI score0.0031EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/24 7:0 p.m.11 views

CVE-2025-0705 JoeyBling bootplus QrCodeController.java qrCode redirect

A vulnerability has been found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d and classified as problematic. Affected by this vulnerability is the function qrCode of the file src/main/java/io/github/controller/QrCodeController.java. The manipulation of the argument text lead...

6.9CVSS7.1AI score0.00369EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2025/01/22 2:40 p.m.697 views

Exploit for Protection Mechanism Failure in 7-Zip

7-Zip Mark-of-the-Web Bypass Vulnerability CVE-2025-0411 - P...

7CVSS8.3AI score0.67071EPSS
Exploits8
CNNVD
CNNVD
added 2025/01/22 12:0 a.m.5 views

WordPress plugin WP IMAP Auth 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripti...

7.1CVSS7.7AI score0.00412EPSS
Exploits0References2
Veracode
Veracode
added 2025/01/21 4:13 a.m.10 views

Cross-Site Request Forgery (CSRF)

typo3/cms-beuser is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper handling of state-changing actions in downstream components, where HTTP GET submissions are incorrectly accepted instead of enforcing the appropriate HTTP method. Misconfigurations, such as...

5.4CVSS7AI score0.00235EPSS
Exploits0References7Affected Software1
Veracode
Veracode
added 2025/01/21 4:9 a.m.25 views

Cross-Site Request Forgery (CSRF)

typo3/cms-scheduler is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper handling of HTTP methods and a failure to enforce appropriate security settings, which allows attackers to submit malicious requests through CSRF...

8CVSS7.2AI score0.00251EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2025/01/20 3:8 a.m.6 views

Cross-Site Request Forgery (CSRF)

typo3/cms-form is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper handling of state-changing actions in downstream components, which incorrectly accept submissions via HTTP GET requests instead of enforcing the correct HTTP method. Misconfigured settings, such ...

5.4CVSS6.7AI score0.00183EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2025/01/17 9:15 p.m.5 views

CVE-2025-23206

The AWS Cloud Development Kit AWS CDK is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. Users who use IAM OIDC custom resource provider package will download CA Thumbprints as part of the custom resource workflow...

8.1CVSS0.00312EPSS
Exploits0References7
Rows per page
Query Builder