Lucene search
K

50 matches found

Redos
Redos
added 2026/06/08 12:0 a.m.9 views

ROS-20260608-73-0014

The vulnerability of the .NET Core software platform is related to an incorrect limitation on the path name to the directory. Exploiting this vulnerability allows a remote attacker to write arbitrary files...

4.3CVSS5.7AI score0.00711EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/06/05 10:6 p.m.10 views

CVE-2026-45409

Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domain Names in Applications IDNA and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as "\u0660" N or "\u30fb" N + "\u6f22" utilize the validcontexto function pri...

7.5CVSS6.6AI score0.01386EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-6960

Malicious code in bioql PyPI...

5.3CVSS5.4AI score0.00615EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2025/07/04 12:0 a.m.6 views

The vulnerability of Nokia’s Single Radio Access Network management platform lies in the improper limitation of the path name to the restricted access catalog. This allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Nokia Single RAN network management platform lies in the improper limitation of the path name to the restricted access catalog. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected...

6.5CVSS5.5AI score0.00229EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/05/19 12:0 a.m.10 views

The vulnerability of the FUN_0040fffc function in the microprogramming software for ZyXEL AMG1302-T10B allows a hacker to write arbitrary files.

The vulnerability of the FUN0040fffc function in the microprogramming software for ZyXEL AMG1302-T10B is related to an incorrect limitation on the path name when processing the SESSIONID parameter. Exploiting this vulnerability allows a remote attacker to write arbitrary files by sending speciall...

6.8CVSS5.7AI score0.08952EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2025/05/13 8:28 a.m.6 views

kernel: afs: Fix the maximum cell name length

In the Linux kernel, the following vulnerability has been resolved: afs: Fix the maximum cell name length The kafs filesystem limits the maximum length of a cell to 256 bytes, but a problem occurs if someone actually does that: kafs tries to create a directory under /proc/net/afs/ with the name o...

5.5CVSS6.7AI score0.002EPSS
Exploits0References5
OSV
OSV
added 2025/04/03 12:54 p.m.3 views

OESA-2025-1364 erlang security update

Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson. Security Fixes: Erlang/OTP is a set of libraries for the Erlang...

7.5CVSS6.8AI score0.00436EPSS
Exploits0References2
OSV
OSV
added 2025/04/02 7:17 a.m.6 views

BIT-MLFLOW-2024-6838 Uncontrolled Resource Consumption in mlflow/mlflow

In mlflow/mlflow version v2.13.2, a vulnerability exists that allows the creation or renaming of an experiment with a large number of integers in its name due to the lack of a limit on the experiment name. This can cause the MLflow UI panel to become unresponsive, leading to a potential denial of...

5.3CVSS5.1AI score0.00615EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2025/04/02 12:0 a.m.56 views

The vulnerability of the gp_open_scratch_file_impl() function in the files base/gp_mswin.c and base/winrtsup.cpp of the Ghostscript processing, conversion, and generation software suite allows a malicious actor to read arbitrary files.

The vulnerability of the gpopenscratchfileimpl function in the base/gpmswin.c and base/winrtsup.cpp files of the Ghostscript processing, conversion, and generation software suite is related to an incorrect path name limitation. Exploiting this vulnerability could allow a remote attacker to read...

10CVSS6AI score0.00586EPSS
Exploits0References7Affected Software1
SUSE CVE
SUSE CVE
added 2025/04/01 1:43 a.m.3 views

SUSE CVE-2025-30211

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.1, 26.2.5.10, and 25.3.2.19, a maliciously formed KEX init message can result with high memory usage. Implementation does not verify RFC specified limits on algorithm names 64 characters provided in K...

7.5CVSS9.1AI score0.00436EPSS
Exploits0References4
CVE
CVE
added 2025/03/28 2:55 p.m.129 views

CVE-2025-30211

CVE-2025-30211 affects Erlang/OTP: prior to OTP-27.3.1, 26.2.5.10, and 25.3.2.19, a malicious KEX init message can trigger high memory usage because the implementation does not verify RFC limits on 64-character algorithm names in KEX init messages, leading to memory allocation for processing mali...

7.5CVSS7AI score0.00436EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/03/22 12:56 p.m.21 views

CVE-2024-6838

In mlflow/mlflow version v2.13.2, a vulnerability exists that allows the creation or renaming of an experiment with a large number of integers in its name due to the lack of a limit on the experiment name. This can cause the MLflow UI panel to become unresponsive, leading to a potential denial of...

5.3CVSS6.8AI score0.00615EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/20 10:9 a.m.28 views

CVE-2024-6838 Uncontrolled Resource Consumption in mlflow/mlflow

In mlflow/mlflow version v2.13.2, a vulnerability exists that allows the creation or renaming of an experiment with a large number of integers in its name due to the lack of a limit on the experiment name. This can cause the MLflow UI panel to become unresponsive, leading to a potential denial of...

5.3CVSS0.00615EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2025/03/18 12:0 a.m.10 views

The vulnerability of Siemens Scalance LPE9403 industrial switches’ microprogramming software lies in the incorrect limitation of the path name in the restricted access catalog, allowing attackers to read and write arbitrary files.

The vulnerability of Siemens Scalance LPE9403 industrial switches’ microprogramming software is related to an incorrect limitation on the name of the path to the restricted-access catalog. Exploiting this vulnerability allows a malicious actor to read and write arbitrary files remotely...

9CVSS5.6AI score0.00609EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/03/13 12:0 a.m.7 views

The vulnerability of the DevTools set of tools for web development in Google Chrome allows a hacker to bypass security restrictions.

The vulnerability of the DevTools set of tools for web development in the Google Chrome browser is related to an incorrect path name limitation for the restricted access directory. Exploiting this vulnerability could allow a malicious actor to bypass security restrictions remotely...

9.4CVSS6.8AI score0.00415EPSS
Exploits0References6Affected Software4
OSV
OSV
added 2024/12/13 1:19 p.m.4 views

OESA-2024-2561 iptraf-ng security update

IPTraf is a console-based network monitoring program for Linux that displays information about IP traffic. It returns such information as: Security Fixes: VUL-0: CVE-2024-52949: iptraf-ng: limit interface name lengths to IFNAMSIZCVE-2024-52949...

7.5CVSS6.7AI score0.00727EPSS
Exploits1References2
OSV
OSV
added 2024/12/06 3:23 p.m.5 views

OESA-2024-2500 iptraf-ng security update

IPTraf is a console-based network monitoring program for Linux that displays information about IP traffic. It returns such information as: Security Fixes: VUL-0: CVE-2024-52949: iptraf-ng: limit interface name lengths to IFNAMSIZCVE-2024-52949...

7.5CVSS6.7AI score0.00727EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2024/10/02 12:0 a.m.5 views

The vulnerability of the Rockwell Automation Pavilion8 platform’s simulation, control, and optimization functions arises from an improper limitation on the path name to the restricted access catalog. This allows a malicious actor to execute arbitrary code.

The vulnerability of the Rockwell Automation Pavilion8 platform for simulation, control, and optimization is related to an incorrect limitation on the path name to the restricted access catalog. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code...

10CVSS5.9AI score0.00956EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/04/17 12:0 a.m.5 views

The vulnerability of the threat detection mechanism for Microsoft Defender for IoT involves an incorrect path name limitation, allowing attackers to execute arbitrary code.

The vulnerability of the Microsoft Defender for IoT’s threat detection mechanism is related to an incorrect path name limitation when loading tar-format files. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

9CVSS8AI score0.03199EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/04/06 12:0 a.m.8 views

The vulnerability of the pgAdmin 4 database management tool arises from an incorrect path name limitation for the restricted access directory, allowing a hacker to execute arbitrary code.

The vulnerability of the pgAdmin 4 database management tool exists due to an incorrect limitation on the path name for the restricted access directory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

7.4CVSS7.5AI score0.64846EPSS
Exploits5References4Affected Software2
Rows per page
Query Builder