Lucene search
K

604 matches found

RedhatCVE
RedhatCVE
added 2025/12/31 5:11 a.m.3 views

CVE-2025-15221

A flaw has been found in SohuTV CacheCloud up to 3.2.0. This vulnerability affects the function index of the file src/main/java/com/sohu/cache/web/controller/AppDataMigrateController.java. This manipulation causes cross site scripting. Remote exploitation of the attack is possible. The exploit ha...

5.4CVSS5.5AI score0.002EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/12/31 12:0 a.m.3 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992719)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992719 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: fix idatasem unlock order in ext4indmigrate Fuzzing reports a possible deadlock in...

4.7CVSS6.2AI score0.0019EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/17 12:30 p.m.5 views

EUVD-2025-203888

Apache Airflow Providers Edge3 exposes internal API allowing RCE in web server context...

9.8CVSS6.4AI score0.00823EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/16 3:30 p.m.2 views

EUVD-2025-203634

In the Linux kernel, the following vulnerability has been resolved: arm64: mte: Do not warn if the page is already tagged in copyhighpage The arm64 copyhighpage assumes that the destination page is newly allocated and not MTE-tagged PGmtetagged unset and warns accordingly. However, following comm...

5.9AI score0.00166EPSS
Exploits0References4
OSV
OSV
added 2025/12/16 1:30 p.m.5 views

CVE-2025-40353 arm64: mte: Do not warn if the page is already tagged in copy_highpage()

In the Linux kernel, the following vulnerability has been resolved: arm64: mte: Do not warn if the page is already tagged in copyhighpage The arm64 copyhighpage assumes that the destination page is newly allocated and not MTE-tagged PGmtetagged unset and warns accordingly. However, following comm...

6.3AI score0.00166EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2025/12/05 12:25 a.m.3 views

SUSE CVE-2025-40256

In the Linux kernel, the following vulnerability has been resolved: xfrm: also call xfrmstatedeletetunnel at destroy time for states that were never added In commit b441cf3f8c4b "xfrm: delete x-tunnel as we delete x", I missed the case where state creation fails between full initialization...

5.5CVSS6.7AI score0.00179EPSS
Exploits0References28
NVD
NVD
added 2025/12/04 4:16 p.m.4 views

CVE-2025-40256

In the Linux kernel, the following vulnerability has been resolved: xfrm: also call xfrmstatedeletetunnel at destroy time for states that were never added In commit b441cf3f8c4b "xfrm: delete x-tunnel as we delete x", I missed the case where state creation fails between full initialization...

0.00179EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2025/12/01 12:0 a.m.1 views

Fedora: Security Advisory (FEDORA-2025-427af3b610)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.8AI score0.00626EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2025/12/01 12:0 a.m.5 views

Fedora: Security Advisory (FEDORA-2025-57302ba8ea)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.8AI score0.00626EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/11/19 11:21 a.m.18 views

CVE-2025-11427

The WP Migrate Lite – WordPress Migration Made Easy plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.7.6 via the wpmdbflush AJAX action. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations...

5.8CVSS5.9AI score0.00413EPSS
Exploits0References1
CVE
CVE
added 2025/11/18 11:0 a.m.20 views

CVE-2025-11427

CVE-2025-11427 affects the WP Migrate Lite – Migration Made Easy plugin for WordPress, versions up to and including 2.7.6. The issue is an unauthenticated Blind Server-Side Request Forgery (SSRF) triggered via the wpmdb_flush AJAX action, enabling an attacker to cause the application to make web ...

5.8CVSS5.6AI score0.00413EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/11/18 4:48 a.m.5 views

WordPress WP Migrate Lite plugin <= 2.7.6 - Unauthenticated Blind Server-Side Request Forgery vulnerability

Unauthenticated Blind Server-Side Request Forgery vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin WP Migrate Lite versions = 2.7.6...

5.8CVSS7.1AI score0.00413EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.4 views

PT-2025-47295

Name of the Vulnerable Software and Affected Versions WP Migrate Lite – WordPress Migration Made Easy plugin versions prior to 2.7.7 Description The WP Migrate Lite – WordPress Migration Made Easy plugin for WordPress is susceptible to a Blind Server-Side Request Forgery. This allows...

5.8CVSS6.4AI score0.00413EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/11/18 12:0 a.m.5 views

WordPress plugin WP Migrate Lite – WordPress Migration Made Easy 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin WP...

5.8CVSS6.7AI score0.00413EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/11/18 12:0 a.m.2 views

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-50096)

nouveau/dmem: vulnerability in migratetoram upon copy error. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504623; scriptversion"1.3";...

5.5CVSS6.7AI score0.00243EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.2 views

Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2025-21767)

In the Linux kernel, the following vulnerability has been resolved: clocksource: Use migratedisable to avoid calling getrandomu32 in atomic context The following bug report happened with a PREEMPTRT kernel: BUG: sleeping function called from invalid context at kernel/locking/spinlockrt.c:48...

5.5CVSS5.9AI score0.00156EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/11/12 12:0 a.m.3 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990845)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990845 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: fix idatasem unlock order in ext4indmigrate Fuzzing reports a possible deadlock in...

4.7CVSS6.2AI score0.0019EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2025/11/11 9:13 a.m.4 views

kernel: mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize()

A vulnerability was found in the Linux kernel's memory migration system in the migratedevicefinalize function, where a folio that should be freed is erroneously added back into the Least Recently Used LRU list. This issue can lead to memory corruption caused by a use-after-free issue when a...

5.5CVSS7.2AI score0.00198EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/11/11 8:21 a.m.5 views

kernel: mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize()

A vulnerability was found in the Linux kernel's memory migration system in the migratedevicefinalize function, where a folio that should be freed is erroneously added back into the Least Recently Used LRU list. This issue can lead to memory corruption caused by a use-after-free issue when a...

5.5CVSS7.2AI score0.00198EPSS
Exploits0References5
Snyk
Snyk
added 2025/11/07 11:46 p.m.2 views

Incorrect Default Permissions

Overview Affected versions of this package are vulnerable to Incorrect Default Permissions due to excessive permissions granted to the virt-handler service account. An attacker can initiate unauthorized migrations of virtual machine instances to attacker-controlled nodes or mark all nodes as...

6.9CVSS5.5AI score0.00254EPSS
Exploits1References2
Rows per page
Query Builder