Lucene search
K

54827 matches found

CNNVD
CNNVD
added 2025/12/17 12:0 a.m.4 views

Open Source Point of Sale 安全漏洞

Open Source Point of Sale is an open source web-based point of sale system from opensourcepos. A security vulnerability exists in Open Source Point of Sale version v3.4.1, which stems from improper handling of the name parameter in the Create/Update Items module, which could lead to a cross-site...

7.2CVSS6AI score0.00465EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.7 views

PT-2025-51894

Name of the Vulnerable Software and Affected Versions RIOT versions prior to 2025.10 Description RIOT OS, designed for IoT and embedded devices, contains a flaw in its IPv6 fragmentation reassembly process. Specifically, the implementation lacks a size check when copying the first fragment offset...

9.8CVSS8AI score0.00817EPSS
Exploits1References9
Cvelist
Cvelist
added 2025/12/17 12:0 a.m.25 views

CVE-2025-66921

A Cross-site scripting XSS vulnerability in Create/Update Items Module in Open Source Point of Sale v3.4.1 allows remote attackers to inject arbitrary web script or HTML via the "name" parameter...

0.00465EPSS
Exploits1References2
CVE
CVE
added 2025/12/17 12:0 a.m.10 views

CVE-2025-66921

CVE-2025-66921 describes a Cross-site scripting (XSS) vulnerability in the Open Source Point of Sale (OSPOS) v3.4.1, specifically in the Create/Update Item(s) Module. The issue arises from improper handling of the name parameter, allowing remote attackers to inject arbitrary web script or HTML. M...

7.2CVSS5.5AI score0.00465EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/12/17 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-68216

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LoongArch: BPF: Disable trampoline for kernel module function trace The current LoongArch BPF trampoline implementation is incompatible with tracing functions i...

5.9AI score0.00155EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/12/16 11:13 p.m.3 views

org.apache.kafka: Kafka JNDI Login Module RCE Vulnerability

A flaw was found in org.apache.kafka. The JndiLoginModule within the SASL authentication mechanism allows remote code execution and denial of service when misconfigured. This flaw allows an attacker to provide a malicious JNDI URI within the Kafka broker's configuration, permitting arbitrary code...

7.5CVSS6.5AI score0.00871EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/12/16 6:31 p.m.8 views

ABP Account Module has an Open Redirect through Improper validation in its register function

An open redirect vulnerability exists in the Account module in Volosoft ABP Framework = 5.1.0 and 10.0.0-rc.2. Improper validation of the returnUrl parameter in the register function allows an attacker to redirect users to arbitrary external domains...

5.3CVSS7AI score0.00239EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/12/16 6:31 p.m.4 views

GHSA-VFM5-CR22-JG3M ABP Account Module has an Open Redirect through Improper validation in its register function

An open redirect vulnerability exists in the Account module in Volosoft ABP Framework = 5.1.0 and 10.0.0-rc.2. Improper validation of the returnUrl parameter in the register function allows an attacker to redirect users to arbitrary external domains...

5.3CVSS6.9AI score0.00239EPSS
Exploits0References4
NVD
NVD
added 2025/12/16 6:16 p.m.3 views

CVE-2025-65581

An open redirect vulnerability exists in the Account module in Volosoft ABP Framework = 5.1.0 and 10.0.0-rc.2. Improper validation of the returnUrl parameter in the register function allows an attacker to redirect users to arbitrary external domains...

5.3CVSS0.00239EPSS
Exploits0References2
OSV
OSV
added 2025/12/16 6:16 p.m.6 views

CVE-2025-65581

An open redirect vulnerability exists in the Account module in Volosoft ABP Framework = 5.1.0 and 10.0.0-rc.2. Improper validation of the returnUrl parameter in the register function allows an attacker to redirect users to arbitrary external domains...

5.3CVSS6.9AI score
Exploits0References2
EUVD
EUVD
added 2025/12/16 3:30 p.m.4 views

EUVD-2025-203748

In the Linux kernel, the following vulnerability has been resolved: crypto: zstd - fix double-free in per-CPU stream cleanup The crypto/zstd module has a double-free bug that occurs when multiple tfms are allocated and freed. The issue happens because zstdstreams per-CPU contexts are freed in...

6AI score0.00169EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/16 3:30 p.m.3 views

EUVD-2025-203680

In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Disable trampoline for kernel module function trace The current LoongArch BPF trampoline implementation is incompatible with tracing functions in kernel modules. This causes several severe and user-visible problem...

5.8AI score0.00155EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/16 3:30 p.m.5 views

EUVD-2025-203723

In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix softlockup in ftracemoduleenable A soft lockup was observed when loading amdgpu module. If a module has a lot of tracable functions, multiple calls to kallsymslookup can spend too much time in RCU critical section and...

5.9AI score0.00168EPSS
Exploits0References6
NVD
NVD
added 2025/12/16 3:15 p.m.6 views

CVE-2025-68262

In the Linux kernel, the following vulnerability has been resolved: crypto: zstd - fix double-free in per-CPU stream cleanup The crypto/zstd module has a double-free bug that occurs when multiple tfms are allocated and freed. The issue happens because zstdstreams per-CPU contexts are freed in...

0.00169EPSS
Exploits0References3
NVD
NVD
added 2025/12/16 3:15 p.m.5 views

CVE-2025-68252

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix dmabuf object leak in fastrpcmaplookup In fastrpcmaplookup, dmabufget is called to obtain a reference to the dmabuf for comparison purposes. However, this reference is never released when the function returns,...

0.00171EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2025/12/16 3:15 p.m.2 views

CVE-2025-68262

In the Linux kernel, the following vulnerability has been resolved: crypto: zstd - fix double-free in per-CPU stream cleanup The crypto/zstd module has a double-free bug that occurs when multiple tfms are allocated and freed. The issue happens because zstdstreams per-CPU contexts are freed in...

5.7AI score0.00169EPSS
Exploits0References11
OSV
OSV
added 2025/12/16 3:15 p.m.2 views

UBUNTU-CVE-2025-68262

In the Linux kernel, the following vulnerability has been resolved: crypto: zstd - fix double-free in per-CPU stream cleanup The crypto/zstd module has a double-free bug that occurs when multiple tfms are allocated and freed. The issue happens because zstdstreams per-CPU contexts are freed in...

5.7AI score0.00169EPSS
Exploits0References12
Cvelist
Cvelist
added 2025/12/16 2:45 p.m.26 views

CVE-2025-68262 crypto: zstd - fix double-free in per-CPU stream cleanup

In the Linux kernel, the following vulnerability has been resolved: crypto: zstd - fix double-free in per-CPU stream cleanup The crypto/zstd module has a double-free bug that occurs when multiple tfms are allocated and freed. The issue happens because zstdstreams per-CPU contexts are freed in...

0.00169EPSS
Exploits0References3
OSV
OSV
added 2025/12/16 2:45 p.m.4 views

CVE-2025-68262 crypto: zstd - fix double-free in per-CPU stream cleanup

In the Linux kernel, the following vulnerability has been resolved: crypto: zstd - fix double-free in per-CPU stream cleanup The crypto/zstd module has a double-free bug that occurs when multiple tfms are allocated and freed. The issue happens because zstdstreams per-CPU contexts are freed in...

6.5AI score0.00169EPSS
Exploits0References6
CVE
CVE
added 2025/12/16 2:45 p.m.16 views

CVE-2025-68262

The provided sources describe a Linux kernel vulnerability: a double-free in the crypto/zstd per-CPU streams when multiple tfms are freed, caused by freeing zstd_streams in zstd_exit() on every tfm destruction. The recommended fix is to change lifecycle management so the streams are freed only on...

6.2AI score0.00169EPSS
Exploits0References3
Rows per page
Query Builder