Lucene search
K

11637 matches found

NVD
NVD
added 2025/01/17 9:15 p.m.5 views

CVE-2025-23206

The AWS Cloud Development Kit AWS CDK is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. Users who use IAM OIDC custom resource provider package will download CA Thumbprints as part of the custom resource workflow...

8.1CVSS0.00312EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/01/17 8:10 p.m.20 views

CVE-2025-21606 Local Privilege Escalation via Exposed XPC Method Due to Client Verification Failure in stats

stats is a macOS system monitor in for the menu bar. The Stats application is vulnerable to a local privilege escalation due to the insecure implementation of its XPC service. The application registers a Mach service under the name eu.exelban.Stats.SMC.Helper. The associated binary,...

8.7CVSS0.00261EPSS
Exploits0References2
OSV
OSV
added 2025/01/17 5:15 p.m.3 views

CVE-2024-26156

All versions of ETIC Telecom Remote Access Server RAS prior to 4.5.0 are vulnerable to reflected cross site scripting XSS attacks in the method parameter. The ETIC RAS web server uses dynamic pages that gets their input from the client side and reflects the input in its response to the client...

6.1CVSS5.3AI score0.00217EPSS
Exploits0References1
OSV
OSV
added 2025/01/17 5:15 p.m.4 views

CVE-2024-26157

All versions of ETIC Telecom Remote Access Server RAS prior to 4.5.0 are vulnerable to reflected cross site scripting XSS attacks in get view method under view parameter. The ETIC RAS web server uses dynamic pages that get their input from the client side and reflect the input in their response t...

5.3CVSS5.3AI score0.00224EPSS
Exploits0References1
OSV
OSV
added 2025/01/17 4:9 p.m.5 views

SUSE-SU-2025:0167-1 Security update for pam_u2f

This update for pamu2f fixes the following issues: - CVE-2025-23013: Fixed problematic PAMIGNORE return values in pamsmauthenticate bsc1233517...

7.3CVSS9.3AI score0.00397EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/01/17 12:0 a.m.3 views

ETIC Telecom Remote Access Server 跨站脚本漏洞

ETIC Telecom Remote Access Server is a remote maintenance solution from the French company ETIC Telecom. It is designed to enable manufacturers to remotely maintain automated equipment. A cross-site scripting vulnerability exists in ETIC Telecom Remote Access Server versions prior to 4.5.0, which...

6.1CVSS5.7AI score0.00224EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/01/17 12:0 a.m.4 views

PT-2025-2392 · Etic Telecom · Etic Telecom Remote Access Server

Name of the Vulnerable Software and Affected Versions: ETIC Telecom Remote Access Server RAS versions prior to 4.5.0 Description: The issue concerns reflected cross-site scripting XSS attacks. Specifically, the ETIC RAS web server is vulnerable to XSS attacks in the method parameter. This occurs...

6.1CVSS5.5AI score0.00217EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/01/17 12:0 a.m.3 views

PT-2025-5302 · Apple · Ipados +5

Name of the Vulnerable Software and Affected Versions: visionOS versions prior to 2.3 iOS versions prior to 18.3 iPadOS versions prior to 18.3 macOS Sequoia versions prior to 15.3 watchOS versions prior to 11.3 tvOS versions prior to 18.3 Description: A type confusion issue was addressed with...

7.8CVSS8.2AI score0.01283EPSS
Exploits0References23
CNNVD
CNNVD
added 2025/01/17 12:0 a.m.3 views

ETIC Telecom Remote Access Server 跨站脚本漏洞

ETIC Telecom Remote Access Server is a remote maintenance solution from the French company ETIC Telecom. It is designed to enable manufacturers to remotely maintain automated equipment. A cross-site scripting vulnerability exists in ETIC Telecom Remote Access Server versions prior to 4.5.0, which...

6.1CVSS5.7AI score0.00217EPSS
Exploits0References2
OSV
OSV
added 2025/01/16 7:22 a.m.17 views

BIT-PYTHON-MIN-2022-42919

Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network...

7.8CVSS8AI score0.00603EPSS
Exploits0References16
BDU FSTEC
BDU FSTEC
added 2025/01/16 12:0 a.m.5 views

The vulnerability of the `asyncio._SelectorSocketTransport.writelines()` method in the Python programming language, which allows a hacker to cause a denial-of-service attack

The vulnerability of the asyncio.SelectorSocketTransport.writelines method in the Python programming language is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

7.8CVSS7.2AI score0.01844EPSS
Exploits0References7Affected Software3
RedHat Linux
RedHat Linux
added 2025/01/15 9:41 p.m.2 views

jinja2: Jinja has a sandbox breakout through indirect reference to format method

A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...

7.8CVSS7.5AI score0.005EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/01/15 7:57 p.m.33 views

CVE-2025-22146 Improper authentication on SAML SSO process allows user impersonation in sentry

Sentry is a developer-first error tracking and performance monitoring tool. A critical vulnerability was discovered in the SAML SSO implementation of Sentry. It was reported to us via our private bug bounty program. The vulnerability allows an attacker to take over any user account by using a...

9.1CVSS0.00584EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/01/15 3:42 p.m.2 views

jinja2: Jinja has a sandbox breakout through indirect reference to format method

A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...

7.8CVSS7.5AI score0.005EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2025/01/15 9:47 a.m.13 views

Moderate: Red Hat Security Advisory: tuned security update

An update for tuned is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as...

5.5CVSS6.4AI score0.00298EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2025/01/15 8:0 a.m.3 views

Jinja has a sandbox breakout through indirect reference to format method

...

7.8CVSS7AI score0.005EPSS
Exploits0
OSV
OSV
added 2025/01/15 12:15 a.m.6 views

CVE-2024-57761

An arbitrary file upload vulnerability in the parserXML method of JeeWMS before v2025.01.01 allows attackers to execute arbitrary code via uploading a crafted file...

8.1CVSS6.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/15 12:0 a.m.6 views

PT-2025-34632

Name of the Vulnerable Software and Affected Versions: PhpOffice/PhpSpreadsheet versions prior to 1.30.0 PhpOffice/PhpSpreadsheet versions prior to 2.1.12 PhpOffice/PhpSpreadsheet versions prior to 2.4.0 PhpOffice/PhpSpreadsheet versions prior to 3.10.0 PhpOffice/PhpSpreadsheet versions prior to...

8.7CVSS6.9AI score0.00741EPSS
Exploits0References19
NVD
NVD
added 2025/01/14 8:15 p.m.12 views

CVE-2024-55922

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

5.4CVSS0.00183EPSS
Exploits0References2
NVD
NVD
added 2025/01/14 8:15 p.m.12 views

CVE-2024-55920

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

4.3CVSS0.00188EPSS
Exploits0References2
Rows per page
Query Builder