Lucene search
+L

294 matches found

Kaspersky
Kaspersky
added 2025/04/08 12:0 a.m.21 views

KLA82402 PE vulnerability in Microsoft SQL Server

An elevation of privilege vulnerability was found in Microsoft SQL Server. Malicious users can exploit this vulnerability to gain privileges. Original advisories CVE-2025-29803 Related products Microsoft-SQL-Server Microsoft-SQL-Server-Management-Studio CVE list CVE-2025-29803 high Solution Insta...

7.3CVSS9.1AI score0.00677EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/04/04 2:28 p.m.28 views

MinIO performs incomplete signature validation for unsigned-trailer uploads

Impact This is a high priority vulnerability and users must upgrade ASAP. The signature component of the authorization may be invalid, which would mean that as a client you can use any arbitrary secret to upload objects given the user already has prior WRITE permissions on the bucket, Prior...

8.7CVSS7AI score0.02402EPSS
Exploits0References5Affected Software1
OpenVAS
OpenVAS
added 2025/04/04 12:0 a.m.13 views

Debian: Security Advisory (DSA-5890-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7.2AI score0.00552EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/28 7:51 p.m.9 views

Security Bulletin: IBM InfoSphere Information Server is affected by an information disclosure vulnerability (CVE-2024-7577)

Summary An information disclosure vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-7577 DESCRIPTION: IBM InfoSphere Information Server could disclose sensitive user credentials from log files during new installation of the product. CWE:CWE-532...

7.5CVSS6.2AI score0.00285EPSS
Exploits0Affected Software1
Kaspersky
Kaspersky
added 2025/03/27 12:0 a.m.22 views

KLA82138 SB vulnerability in Mozilla Firefox

Security vulnerability was found in Mozilla Firefox. Malicious users can exploit this vulnerability to bypass security restrictions. Original advisories MFSA2025-19 Related products Mozilla-Firefox CVE list CVE-2025-2857 critical Solution Update to the latest version Download Firefox Impacts SB...

10CVSS9.5AI score0.01894EPSS
Exploits6References3
Kaspersky
Kaspersky
added 2025/03/20 12:0 a.m.12 views

KLA81935 PE vulnerability in Microsoft Azure

An elevation of privilege vulnerability was found in Microsoft Azure. Malicious users can exploit this vulnerability to gain privileges. Original advisories CVE-2025-29814 Related products Microsoft-Azure CVE list CVE-2025-29814 critical KB list Solution Install necessary updates from the KB...

9.3CVSS9.5AI score0.01882EPSS
Exploits0References3
OSV
OSV
added 2025/03/19 8:34 p.m.8 views

GHSA-22Q5-9PHM-744V XWiki allows unregistered users to access private pages information through REST endpoint

Impact Protected pages are listed when requesting the REST endpoints /rest/wikis/wikiName/pages even if the user doesn't have view rights on them. It's particularly true if the entire wiki is protected with "Prevent unregistered user to view pages": the endpoint would still list the pages of the...

8.7CVSS6.2AI score0.00906EPSS
Exploits1References7
OpenVAS
OpenVAS
added 2025/03/18 12:0 a.m.13 views

Ubuntu: Security Advisory (USN-7352-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS7.5AI score0.26049EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2025/03/17 1:15 p.m.14 views

CVE-2025-29786

Expr is an expression language and expression evaluation for Go. Prior to version 1.17.0, if the Expr expression parser is given an unbounded input string, it will attempt to compile the entire string and generate an Abstract Syntax Tree AST node for each part of the expression. In scenarios wher...

7.5CVSS7.2AI score0.00577EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/14 7:59 p.m.19 views

Security Bulletin: IBM DataStage on Cloud Pak for Data is vulnerable to denial of service due to the FasterXML jackson-databind package (CVE-2023-35116)

Summary Jackson-databind is used by IBM DataStage on Cloud Pak for Data as part of data processing. Vulnerability Details CVEID:CVE-2023-35116 DESCRIPTION: Fasterxml jackson-databind is vulnerable to a denial of service, caused by a stack-based overflow. By persuading a victim to open a specially...

4.7CVSS4.8AI score0.00352EPSS
Exploits0Affected Software1
NVD
NVD
added 2025/03/14 5:15 p.m.11 views

CVE-2025-29774

xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions prior to 6.0.1, 3.2.1, and 2.1.6 to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents. Th...

9.3CVSS0.0905EPSS
Exploits0References8
CVE
CVE
added 2025/03/14 5:11 p.m.2052 views

CVE-2025-29775

CVE-2025-29775 : The xml-crypto library for Node.js is vulnerable in versions prior to 6.0.1, 3.2.1, and 2.1.6. An attacker can modify a valid signed XML message in transit such that signature verification still passes, bypassing authentication/authorization checks and enabling privilege escalati...

9.3CVSS6.9AI score0.09378EPSS
Exploits1References8
OSV
OSV
added 2025/03/14 2:11 a.m.3 views

MAL-2025-2393 Malicious code in newland-component-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7a4a9b55a483b5ec495bb5e9c06c5285932e3ff8eb091beee14345f52431123f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
CBLMariner
CBLMariner
added 2025/03/13 9:13 p.m.9 views

CVE-2025-21707 affecting package kernel for versions less than 6.6.78.1-3

CVE-2025-21707 affecting package kernel for versions less than 6.6.78.1-3. An upgraded version of the package is available that resolves this issue...

5.5CVSS6.9AI score0.00201EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2025/03/11 7:9 p.m.12 views

CVE-2025-27789 Inefficient RexExp complexity in generated code with .replace when transpiling named capturing groups

Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and 8.0.0-alpha.17 to compile regular expression named capturing groups, Babel will generate a polyfill for the .replace method that has quadratic complexity on some specific replacement...

6.2CVSS6.3AI score0.00478EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/06 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2024-57974

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - udp: Deal with race between UDP socket address change and rehash If a UDP socket changes its local address while it's receiving datagrams, as a result of connec...

4.7CVSS6.7AI score0.00137EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2023-48232

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vim is an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines and smooth scrolling is...

4.3CVSS6.2AI score0.00668EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2024-43870

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: perf: Fix event leak upon exit When a task is scheduled out, pending sigtrap deliveries are...

5.5CVSS6.2AI score0.0021EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2022-36059

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 19.4.0 events sent with special strings in key places can...

8.2CVSS6.3AI score0.0094EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/02/22 12:0 a.m.14 views

CBL Mariner 2.0 Security Update: reaper (CVE-2024-52798)

The version of reaper installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-52798 advisory. - path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a...

8.7CVSS6.5AI score0.00792EPSS
Exploits0References2
Rows per page
Query Builder