Lucene search
K

64 matches found

SUSE Linux
SUSE Linux
added 2025/11/10 11:49 a.m.4 views

Security update for the Linux Kernel (Live Patch 27 for SUSE Linux Enterprise 15 SP5)

This update for the SUSE Linux Enterprise kernel 5.14.21-150500.55.110 fixes various security issues The following security issues were fixed: CVE-2022-50252: igb: Do not free qvector unless new one was allocated bsc1249847. CVE-2024-53164: net: sched: fix ordering of qlen adjustment bsc1246019...

7.3CVSS9.1AI score0.00288EPSS
Exploits0References22
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-45521

Malicious code in bioql PyPI...

5.4CVSS5.6AI score0.00431EPSS
Exploits1References2
Oracle linux
Oracle linux
added 2025/09/19 12:0 a.m.10 views

gnutls security update

3.8.3-6.2fips - Add FIPS package change: add fips suffix to Release and set Epoch to 10 Orabug: 35925409 - Update FIPS module name for Oracle Linux Orabug: 35925409 3.8.3-6.2 - keyupdate: rework the rekeying logic RHEL-107498 3.8.3-6.1 - Fix CVE-2025-32988, CVE-2025-32989, CVE-2025-32990, and...

8.2CVSS6.5AI score0.01185EPSS
Exploits0
CNNVD
CNNVD
added 2025/09/17 12:0 a.m.3 views

picklescan 安全漏洞

picklescan is a security scanning program by the individual developer Matthieu Maitre. A security vulnerability exists in picklescan version 0.0.30 and earlier, which stems from an insufficient module name check that could lead to bypassing insecure global checks and executing malicious code...

9.3CVSS6.3AI score0.00761EPSS
Exploits1References3
OSV
OSV
added 2025/08/14 6:52 p.m.2 views

MAL-2025-26605 Malicious code in module-name (npm)

The package module-name was found to contain malicious code...

7.2AI score
Exploits0
vulnersOsv
vulnersOsv
added 2025/08/14 6:52 p.m.7 views

1yoouoo (>=0.0.5 <=0.1.2), bluebottle-magento-marketplace (>=1.1.2 <=1.2.5) +6 more potentially affected by unknown CVE via module-name (=0.0.1-security)

module-name NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on module-name and may be impacted: - 1yoouoo =0.0.5, =1.1.2, =0.0.2, =1.0.1, =1.0.0, =1.0.1 Source cves: unknown CVE Source advisory: OSV:MAL-2025-26605...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.1 views

Malicious code in module-name (npm)

The package module-name was found to contain malicious code...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/07/26 4:53 p.m.5 views

Malicious code in your-module-name (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6751268ea24120cf5830cfbc1948e7a8826069354e61bffc450257cf198ad38f Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

7.3AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.39 views

RHEL 4 : busybox (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - busybox: Path traversal via crafted tar file containing symlink CVE-2011-5325 - The addprobe function in...

7.5CVSS7.1AI score0.07176EPSS
Exploits10References4
Prion
Prion
added 2023/11/22 6:15 p.m.17 views

Sql injection

In the module "Cross Selling in Modal Cart" motivationsale 3.5.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection. The method motivationsaleDataModel::getProductsByIds has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injectio...

7.5CVSS7.9AI score0.00714EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/09/15 3:15 a.m.8 views

CVE-2023-40982

A stored cross-site scripting XSS vulnerability in Webmin v2.100 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter...

5.4CVSS5.9AI score0.00431EPSS
Exploits1References3
NVD
NVD
added 2023/09/15 3:15 a.m.39 views

CVE-2023-40982

A stored cross-site scripting XSS vulnerability in Webmin v2.100 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter...

5.4CVSS5.3AI score0.00431EPSS
Exploits1References2
Prion
Prion
added 2023/09/15 3:15 a.m.15 views

Cross site scripting

A stored cross-site scripting XSS vulnerability in Webmin v2.100 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter...

4.9CVSS5.2AI score0.00431EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2023/09/14 12:0 a.m.6 views

Webmin Cross-Site Scripting Vulnerability

Webmin is a set of Web-based system administration tools for Unix-like operating systems from the Webmin community. A security vulnerability exists in Webmin version v2.100. An attacker can exploit this vulnerability to execute arbitrary web script or HTML via a specially crafted payload injected...

5.4CVSS6.7AI score0.00431EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:39 a.m.5 views

SUSE CVE-2017-14867

Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code i...

7.8CVSS7.9AI score0.36003EPSS
Exploits0References10
OSV
OSV
added 2023/01/18 1:15 a.m.4 views

CVE-2022-43483

Sewio’s Real-Time Location System RTLS Studio version 2.0.0 up to and including version 2.6.2 does not properly validate the input module name to the monitor services of the software. This could allow a remote attacker to access sensitive functions of the application and execute arbitrary system...

7.2CVSS6AI score0.01236EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/01/18 12:0 a.m.4 views

Sewio Real-Time Location System (RTLS) Studio 操作系统命令注入漏洞

Sewio Real-Time Location System RTLS Studio is a real-time location system from Sewio, Inc. An operating system command injection vulnerability exists in Sewio Real-Time Location System RTLS Studio versions 2.0.0 through 2.6.2, which originates from not properly validating an input module name to...

9.1CVSS7.4AI score0.01236EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/01/16 12:0 a.m.4 views

PT-2023-15526 · Sewio · Sewio'S Real-Time Location System (Rtls) Studio

Name of the Vulnerable Software and Affected Versions: Sewio’s Real-Time Location System RTLS Studio versions 2.0.0 through 2.6.2 Description: The issue is related to improper validation of the input module name to the backup services of the software. This could allow a remote attacker to access...

9.1CVSS7.1AI score0.01236EPSS
Exploits0References5
Cvelist
Cvelist
added 2022/09/20 5:35 p.m.40 views

CVE-2022-26873 The stack buffer overflow vulnerability in PlatformInitAdvancedPreMem leads to arbitrary code execution during PEI phase.

A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines VMs and bypassing memory isolation and...

8.4AI score0.00402EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/08/05 12:0 a.m.6 views

Artica Pandora FMS 跨站脚本漏洞

Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A cross-site scripting vulnerability exists in Artica Pandora FMS version 756 and earlier. An attacker can exploit this...

6.1CVSS6.2AI score0.00319EPSS
Exploits0References2
Rows per page
Query Builder