Lucene search
K

54815 matches found

RedHat Linux
RedHat Linux
β€’added 2025/12/18 1:35 a.m.β€’14 views

cpython: python: Extraction filter bypass for linking outside extraction directory

A flaw was found in CPython's tarfile module. This vulnerability allows bypassing of extraction filters, enabling symlink traversal outside the intended extraction directory and potential modification of file metadata via malicious tar archives using TarFile.extractall or TarFile.extract with the...

7.5CVSS5.7AI score0.00728EPSS
Exploits2References10
RedhatCVE
RedhatCVE
β€’added 2025/12/18 12:35 a.m.β€’6 views

CVE-2025-66921

A Cross-site scripting XSS vulnerability in Create/Update Items Module in Open Source Point of Sale v3.4.1 allows remote attackers to inject arbitrary web script or HTML via the "name" parameter...

7.2CVSS6AI score0.00465EPSS
Exploits1References1
OSV
OSV
β€’added 2025/12/18 12:17 a.m.β€’4 views

OPENSUSE-SU-2025:20177-1 Security update for cheat

This update for cheat fixes the following issues: - Security: CVE-2025-47913: Fix client process termination bsc1253593 CVE-2025-58181: Fix potential unbounded memory consumption bsc1253922 CVE-2025-47914: Fix panic due to an out of bounds read bsc1254051 Replace...

9.8CVSS6.8AI score0.93305EPSS
Exploits7References12
NVD
NVD
β€’added 2025/12/18 12:16 a.m.β€’5 views

CVE-2025-14837

A vulnerability has been found in ZZCMS 2025. Affected by this issue is the function stripfxg of the file /admin/siteconfig.php of the component Backend Website Settings Module. Such manipulation of the argument icp leads to code injection. The attack can be executed remotely. The exploit has bee...

7.2CVSS0.00386EPSS
Exploits1References4
OSV
OSV
β€’added 2025/12/18 12:16 a.m.β€’4 views

CVE-2025-14837

A vulnerability has been found in ZZCMS 2025. Affected by this issue is the function stripfxg of the file /admin/siteconfig.php of the component Backend Website Settings Module. Such manipulation of the argument icp leads to code injection. The attack can be executed remotely. The exploit has bee...

7.2CVSS5.6AI score0.00386EPSS
Exploits1References4
Positive Technologies
Positive Technologies
β€’added 2025/12/18 12:0 a.m.β€’16 views

PT-2025-52213

Name of the Vulnerable Software and Affected Versions 1C-Bitrix versions prior to 25.100.501 Description The software contains a remote code execution issue within the Translate Module. The application does not properly validate the contents of archive files before unpacking them, allowing...

8.2AI score0.01549EPSS
Exploits4References14
Positive Technologies
Positive Technologies
β€’added 2025/12/18 12:0 a.m.β€’26 views

PT-2025-52212

Name of the Vulnerable Software and Affected Versions Bitrix24 versions prior to 25.100.301 Description Remote Code Execution is possible because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess file. The supplier...

6.3CVSS6AI score0.01028EPSS
Exploits3References12
Positive Technologies
Positive Technologies
β€’added 2025/12/18 12:0 a.m.β€’5 views

PT-2025-52000

Name of the Vulnerable Software and Affected Versions M-Files Server versions prior to 25.12 Description A flaw exists in M-Files Server that allows users to download files through M-Files Web using Web Companion, even when the Print and Download Prevention module is enabled. This is due to...

5.3CVSS6.5AI score0.00277EPSS
Exploits0References5
Vulnrichment
Vulnrichment
β€’added 2025/12/18 12:0 a.m.β€’2 views

CVE-2025-65568

A denial-of-service vulnerability exists in the omec-project UPF pfcpiface component in version upf-epc-pfcpiface:2.1.3-dev. After PFCP association, a PFCP Session Establishment Request that includes a CreateFAR with an empty or truncated IPv4 address field is not properly validated. During...

6.7AI score0.00459EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
β€’added 2025/12/18 12:0 a.m.β€’2 views

EulerOS Virtualization 2.13.0 : mod_http2 (EulerOS-SA-2025-2588)

According to the versions of the modhttp2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In certain proxy configurations, a denial of service attack againstApache HTTP Server versions 2.4.26 through to 2.4.63 can be...

7.5CVSS7.2AI score0.01149EPSS
Exploits0References2
Positive Technologies
Positive Technologies
β€’added 2025/12/18 12:0 a.m.β€’5 views

PT-2025-52279

Name of the Vulnerable Software and Affected Versions SourceCodester Client Database Management System version 1.0 Description A flaw exists in SourceCodester Client Database Management System 1.0 within the Leads Generation Module. The issue affects the file /user leads.php and allows for...

8.8CVSS6.3AI score0.00299EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
β€’added 2025/12/18 12:0 a.m.β€’7 views

EulerOS Virtualization 2.13.1 : httpd (EulerOS-SA-2025-2543)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of...

9.1CVSS7.5AI score0.03914EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
β€’added 2025/12/18 12:0 a.m.β€’8 views

RHEL 8 : container-tools:rhel8 (RHSA-2025:23374)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:23374 advisory. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: golang: archive/ta...

4.3CVSS7.7AI score0.00419EPSS
Exploits0References6
Packet Storm
Packet Storm
β€’added 2025/12/18 12:0 a.m.β€’471 views

πŸ“„ C‑Bitrix 25.100.500 Translate Module Arbitrary File Upload

C‑Bitrix version 25.100.500 proof of concept exploit that demonstrates an arbitrary file upload vulnerability in the translate module. ============================================================================================================================================= | Title : C‑Bitrix...

7.2AI score0.01549EPSS
Exploits4
RedHat Linux
RedHat Linux
β€’added 2025/12/17 5:44 p.m.β€’6 views

kernel: wifi: cfg80211: fix use-after-free in cmp_bss()

A use after free vulnerbility exists in the linux kernel wifi module in the cmpbss function,an attacker could create a crafted payload to trigger, leading to damage availability and integrity of the system...

7.8CVSS5.8AI score0.00152EPSS
Exploits0References5
SUSE Linux
SUSE Linux
β€’added 2025/12/17 3:44 p.m.β€’3 views

Security update for poppler

This update for poppler fixes the following issues: CVE-2025-11896: Fixed infinite recursion leading to stack overflow due to object loop in PDF CMap bsc1252337 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

3.3CVSS7.2AI score0.00156EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
β€’added 2025/12/17 2:19 p.m.β€’5 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an infinate loop condition in CPython [CVE-2025-8194]

Summary IBM Watson Speech Services Cartridge is vulnerable to an infinate loop condition in CPython, due to a defect in the CPython "tarfile" module affecting the "TarFile" extraction and entry enumeration APIs CVE-2025-8194 . CPython is used in our service runtimes. This vulnerabilitiy has been...

7.5CVSS6.7AI score0.00611EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
β€’added 2025/12/17 8:7 a.m.β€’4 views

CVE-2025-65581

An open redirect vulnerability exists in the Account module in Volosoft ABP Framework = 5.1.0 and 10.0.0-rc.2. Improper validation of the returnUrl parameter in the register function allows an attacker to redirect users to arbitrary external domains...

5.3CVSS7AI score0.00239EPSS
Exploits0References1
RedHat Linux
RedHat Linux
β€’added 2025/12/17 7:48 a.m.β€’6 views

kernel: wifi: cfg80211: fix use-after-free in cmp_bss()

A use after free vulnerbility exists in the linux kernel wifi module in the cmpbss function,an attacker could create a crafted payload to trigger, leading to damage availability and integrity of the system...

7.8CVSS5.8AI score0.00152EPSS
Exploits0References5
RedHat Linux
RedHat Linux
β€’added 2025/12/17 7:48 a.m.β€’2 views

kernel: wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit()

A use after free exists in the wifi module of the linux kernel in the function brcmfnetdevstartxmit,thereby leading to damage to system availability and integrity...

7.8CVSS7.4AI score0.0015EPSS
Exploits0References5
Rows per page
Query Builder