Lucene search
K

54813 matches found

RedHat Linux
RedHat Linux
added 2025/12/22 4:55 p.m.4 views

Important: Red Hat Security Advisory: httpd security update

An update for httpd is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

8.3CVSS7.2AI score0.015EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2025/12/22 4:14 p.m.4 views

CVE-2025-68332

In the Linux kernel, the following vulnerability has been resolved: comedi: c6xdigio: Fix invalid PNP driver unregistration The Comedi low-level driver "c6xdigio" seems to be for a parallel port connected device. When the Comedi core calls the driver's Comedi "attach" handler c6xdigioattach to...

5.2AI score0.0018EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2025/12/22 4:14 p.m.18 views

CVE-2025-68332

CVE-2025-68332 affects the Linux kernel, describing a vulnerability in the Comedi low-level driver c6xdigio where PNP resources are registered/unregistered during attach/detach. The issue stems from ignoring the return value of pnp_register_driver() in c6xdigio_attach() and the unconditional pnp_...

5.9AI score0.0018EPSS
Exploits0References8
Cvelist
Cvelist
added 2025/12/22 4:14 p.m.25 views

CVE-2025-68332 comedi: c6xdigio: Fix invalid PNP driver unregistration

In the Linux kernel, the following vulnerability has been resolved: comedi: c6xdigio: Fix invalid PNP driver unregistration The Comedi low-level driver "c6xdigio" seems to be for a parallel port connected device. When the Comedi core calls the driver's Comedi "attach" handler c6xdigioattach to...

0.0018EPSS
Exploits0References8
OSV
OSV
added 2025/12/22 4:14 p.m.3 views

CVE-2025-68332 comedi: c6xdigio: Fix invalid PNP driver unregistration

In the Linux kernel, the following vulnerability has been resolved: comedi: c6xdigio: Fix invalid PNP driver unregistration The Comedi low-level driver "c6xdigio" seems to be for a parallel port connected device. When the Comedi core calls the driver's Comedi "attach" handler c6xdigioattach to...

6.1AI score0.0018EPSS
Exploits0References11
CVE
CVE
added 2025/12/22 4:12 p.m.21 views

CVE-2025-68328

CVE-2025-68328 relates to the Linux kernel Stratix10 SVC firmware: a bug in saving controller data caused by incorrect use of platform_set_drvdata and dev_set_drvdata, which can result in rmmod failing and a kernel panic during kthread_stop and fifo free. The issue has been addressed in the SUSE/...

6AI score0.00176EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/12/22 4:12 p.m.21 views

CVE-2025-68328 firmware: stratix10-svc: fix bug in saving controller data

In the Linux kernel, the following vulnerability has been resolved: firmware: stratix10-svc: fix bug in saving controller data Fix the incorrect usage of platformsetdrvdata and devsetdrvdata. They both are of the same data and overrides each other. This resulted in the rmmod of the svc driver to...

0.00176EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2025/12/22 11:43 a.m.9 views

keylime: Keylime: Registrar allows identity takeover via duplicate UUID registration

A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module TPM device but claiming an existing agent's unique identifier UUID. This action overwrites the legitimate agent's identity, enabling the...

8.2CVSS5.7AI score0.0038EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/22 11:27 a.m.12 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to multiple node modules (CVE-2025-64718, CVE-2025-64756, CVE-2025-13466 & CVE-2025-65945)

Summary IBM App Connect Enterprise Connector Discovery and OpenAPI Editor, IBM App Connect Enterprise Discovery Connectors and IBM App Connect Enterprise runtime are vulnerable to multiple vulnerabilities due to node modules js-yaml, glob, body-parser and jws. Vulnerability Details...

7.5CVSS6.8AI score0.03026EPSS
Exploits2Affected Software1
NVD
NVD
added 2025/12/22 11:15 a.m.5 views

CVE-2025-12514

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Centreon Infra Monitoring - Open-tickets Notification rules configuration parameters, Open tickets modules allows SQL Injection to user with elevated privileges.This issue affects Infra Monitoring ...

7.2CVSS0.00264EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/22 10:55 a.m.19 views

EUVD-2025-204710

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Centreon Infra Monitoring Notification rules, Open tickets module allows Stored XSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0 before 24.10.5, from...

6.8CVSS5.6AI score0.00202EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/22 2:35 a.m.6 views

CVE-2025-14071

The Live Composer – Free WordPress Website Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.2 via deserialization of untrusted input in the dslcmodulepostsoutput shortcode. This makes it possible for authenticated attackers, with...

7.5CVSS7AI score0.0056EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/12/22 1:29 a.m.6 views

keylime: Keylime: Registrar allows identity takeover via duplicate UUID registration

A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module TPM device but claiming an existing agent's unique identifier UUID. This action overwrites the legitimate agent's identity, enabling the...

8.2CVSS5.7AI score0.0038EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/12/22 12:0 a.m.3 views

Frappe Framework 安全漏洞

Frappe Framework is a metadata-driven full-stack web application framework based on Python and JavaScript from Frappe India. A security vulnerability exists in the Attachments module of Frappe Framework v15.89.0, which stems from the fact that uploading a specially crafted XML file could lead to...

9.6CVSS6.8AI score0.00437EPSS
Exploits1References4
CVE
CVE
added 2025/12/22 12:0 a.m.10 views

CVE-2025-67291

CVE-2025-67291 affects Piranha CMS, Media module in version 12.1. The vulnerability is a stored XSS: an attacker can inject a crafted payload into the Name field, leading to execution of arbitrary web scripts/HTML in a user’s browser. Documents from multiple sources (NVD, Red Hat, OSV) confirm th...

6.1CVSS5.2AI score0.00185EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2025/12/22 12:0 a.m.3 views

PublicCMS 安全漏洞

PublicCMS is an open source content management system CMS written in Java language by PublicCMS China. A security vulnerability exists in PublicCMS version V5.202506.b. The vulnerability stems from the content search module being susceptible to cross-site scripting attacks...

5.4CVSS6AI score0.0014EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/12/22 12:0 a.m.22 views

CVE-2025-67291

A stored cross-site scripting XSS vulnerability in the Media module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name field...

0.00185EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/12/22 12:0 a.m.4 views

PT-2025-52710

Name of the Vulnerable Software and Affected Versions Zillya Total Security version 3.0.2367.0 Description Zillya Total Security allows low-privileged users to copy files to unauthorized system locations through the quarantine module, leading to potential privilege escalation. Attackers can use...

8.5CVSS6.5AI score0.00215EPSS
Exploits1References8
UbuntuCve
UbuntuCve
added 2025/12/22 12:0 a.m.2 views

CVE-2025-68332

In the Linux kernel, the following vulnerability has been resolved: comedi: c6xdigio: Fix invalid PNP driver unregistration The Comedi low-level driver "c6xdigio" seems to be for a parallel port connected device. When the Comedi core calls the driver's Comedi "attach" handler c6xdigioattach to...

5.7AI score0.0018EPSS
Exploits0References34
Vulnrichment
Vulnrichment
added 2025/12/22 12:0 a.m.2 views

CVE-2025-67291

A stored cross-site scripting XSS vulnerability in the Media module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name field...

5.2AI score0.00185EPSS
Exploits1References2
Rows per page
Query Builder