6340 matches found
GO-2025-3512 kubevirt-csi: PersistentVolume allows access to HCP's root node in github.com/kubevirt/csi-driver
kubevirt-csi: PersistentVolume allows access to HCP's root node in github.com/kubevirt/csi-driver. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...
CVE-2025-20143
A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Secure Boot functionality and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges o...
PYSEC-2025-122
The Keras Model.loadmodel function permits arbitrary code execution, even with safemode=True, through a manually constructed, malicious .keras archive. By altering the config.json file within the archive, an attacker can specify arbitrary Python modules and functions, along with their arguments, ...
ai.wanaku.sdk:capabilities-runtimes-camel-common (=0.1.1), ai.wanaku.sdk:capabilities-runtimes-camel-plugin (=0.1.1) +2981 more potentially affected by CVE-2025-27636 via org.apache.camel:camel-support (>=4.0.0-M1 <=4.8.4)
org.apache.camel:camel-support MAVEN version =4.0.0-M1, =0.0.4, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.4, =0.0.4, =0.0.4, =0.0.7 and more Source cves: CVE-2025-27636 Source advisory: OSV:GHSA-2C2H-2855-MF97...
DEBIAN-CVE-2024-58060
In the Linux kernel, the following vulnerability has been resolved: bpf: Reject structops registration that uses module ptr and the module btfid is missing There is a UAF report in the bpfstructops when CONFIGMODULES=n. In particular, the report is on tcpcongestionops that has a "struct module...
UBUNTU-CVE-2024-58060
In the Linux kernel, the following vulnerability has been resolved: bpf: Reject structops registration that uses module ptr and the module btfid is missing There is a UAF report in the bpfstructops when CONFIGMODULES=n. In particular, the report is on tcpcongestionops that has a "struct module...
Linux Distros Unpatched Vulnerability : CVE-2024-53100
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nvme: tcp: avoid race between queuelock lock and destroy Commit 76d54bf20cdc nvme-tcp: don't access released socket during error recovery added a mutexlock call...
DRUPAL-CONTRIB-2025-023
This module enables you to allow and/or require users to use a second authentication method in addition to password authentication. The module does not sufficiently ensure that known login routes are not overridden by third-party modules which can allow an access bypass to occur. This vulnerabili...
Two-factor Authentication (TFA) - Moderately critical - Access bypass - SA-CONTRIB-2025-023
This module enables you to allow and/or require users to use a second authentication method in addition to password authentication. The module does not sufficiently ensure that known login routes are not overridden by third-party modules which can allow an access bypass to occur. This vulnerabili...
Linux Distros Unpatched Vulnerability : CVE-2022-2503
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root...
Linux Distros Unpatched Vulnerability : CVE-2024-4741
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: Calling the OpenSSL API function SSLfreebuffers may cause memory to be accessed that was previously freed in some situations Impact summary: A us...
SUSE SLES15 Security Update : podman (SUSE-SU-2025:0775-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0775-1 advisory. - CVE-2025-27144: Fixed denial of service in parsing function of embedded library Go JOSE bsc1237641 - CVE-2024-9676:...
Linux Distros Unpatched Vulnerability : CVE-2024-26907
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RDMA/mlx5: Fix fortify source warning while accessing Eth segment ------------ cut here ------------ memcpy: detected field-spanning write size 56 of single fie...
Linux Distros Unpatched Vulnerability : CVE-2022-49131
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ath11k: fix kernel panic during unload/load ath11k modules Call netifnapidel from ath11kahbfreeextirq to fix the following kernel panic when unload/load ath11k...
Linux Distros Unpatched Vulnerability : CVE-2016-8734
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Subversion's moddontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by...
GO-2025-3495 MinIO SFTP authentication bypass due to improperly trusted SSH key in github.com/minio/minio
MinIO SFTP authentication bypass due to improperly trusted SSH key in github.com/minio/minio. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...
CVE-2025-1755
MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privileges, when a crafted file is stored in C:\nodemodules\. This issue affects MongoDB Compass prior to 1.42.1...
CVE-2024-41340
An issue in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to v4.4.5.3, Vigor 2962/391...
CVE-2024-41340
An issue in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to v4.4.5.3, Vigor 2962/391...
CVE-2024-41340
An issue in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to v4.4.5.3, Vigor 2962/391...