Lucene search
K

294 matches found

Vulnrichment
Vulnrichment
added 2025/05/26 10:3 a.m.7 views

CVE-2025-35003 Apache NuttX RTOS: NuttX Bluetooth Stack HCI and UART DoS/RCE Vulnerabilities.

Improper Restriction of Operations within the Bounds of a Memory Buffer and Stack-based Buffer Overflow vulnerabilities were discovered in Apache NuttX RTOS Bluetooth Stack HCI and UART components that may result in system crash, denial of service, or arbitrary code execution, after receiving...

7.9AI score0.0121EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2025/05/26 12:0 a.m.5 views

Fedora: Security Advisory (FEDORA-2024-2e8c63e8bf)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.2CVSS8.5AI score0.00969EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 10:45 a.m.14 views

CVE-2024-52004

MediaCMS is an open source video and media CMS, written in Python/Django and React, featuring a REST API. MediaCMS has been prone to vulnerabilities that upon special cases can lead to remote code execution. All versions before v4.1.0 are susceptible, and users are highly recommended to upgrade...

8.7CVSS7.7AI score0.00679EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:27 a.m.7 views

CVE-2024-52593

Misskey is an open source, federated social media platform.In affected versions missing validation in NoteCreateService.insertNote, ApPersonService.createPerson, and ApPersonService.updatePerson allows an attacker to control the target of any "origin" links such as the "view on remote instance"...

5.1CVSS6.9AI score0.00357EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:4 a.m.11 views

CVE-2024-51493

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain a vulnerability that allows an attacker that has gained temporary control over an authenticated victim's OctoPrint browser session to retrieve/recreate/delete the user...

6.5CVSS6.3AI score0.00282EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 6:27 a.m.14 views

CVE-2024-51489

Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing does not adequately validate CSRF tokens when users send messages to one another. This vulnerability could be exploited to forge CSRF attacks, allowing an attacker to send messag...

5.4CVSS6.8AI score0.00272EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:6 a.m.9 views

CVE-2023-47621

Guest Entries is a php library which allows users to create, update & delete entries from the front-end of a site. In affected versions the file uploads feature did not prevent the upload of PHP files. This may lead to code execution on the server by authenticated users. This vulnerability is fix...

8.8CVSS7.1AI score0.01022EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:32 a.m.6 views

CVE-2022-4969

A vulnerability, which was classified as critical, has been found in bwoodsend rockhopper up to 0.1.2. Affected by this issue is the function countrows of the file rockhopper/src/raggedarray.c of the component Binary Parser. The manipulation of the argument raw leads to buffer overflow. Local...

5.3CVSS7.1AI score0.00233EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 10:53 p.m.7 views

CVE-2022-31190

DSpace open source software is a repository application which provides durable access to digital resources. dspace-xmlui is a UI component for DSpace. In affected versions metadata on a withdrawn Item is exposed via the XMLUI "mets.xml" object, as long as you know the handle/URL of the withdrawn...

5.3CVSS6.8AI score0.00712EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:23 p.m.5 views

CVE-2021-29499

SIF is an open source implementation of the Singularity Container Image Format. The siftool new command and func siftool.New produce predictable UUID identifiers due to insecure randomness in the version of the github.com/satori/go.uuid module used as a dependency. A patch is available in version...

7.5CVSS6.8AI score0.00958EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/21 5:36 p.m.17 views

Security Bulletin: IBM Aspera Faspex is affected by user input sanitization and HTML injection vulnerabilities

Summary IBM Aspera Faspex has addressed input sanitization and HTML injection vulnerabilities CVE-2025-33137, CVE-2025-33136, CVE-2025-33138 Vulnerability Details CVEID:CVE-2025-33137 DESCRIPTION: IBM Aspera Faspex 5 could allow an authenticated user to obtain sensitive information or perform...

8.8CVSS6.7AI score0.00287EPSS
Exploits0Affected Software6
Vulnrichment
Vulnrichment
added 2025/05/20 1:23 p.m.12 views

CVE-2025-47936 TYPO3 Vulnerable to Server Side Request Forgery via Webhooks

TYPO3 is an open source, PHP based web content management system. In versions on the 12.x branch prior to 12.4.31 LTS and the 13.x branch prior to 13.4.2 LTS, Webhooks are inherently vulnerable to Cross-Site Request Forgery CSRF, which can be exploited by adversaries to target internal resources...

3.3CVSS4AI score0.00229EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/13 5:19 a.m.8 views

CVE-2025-4478

A flaw was found in the gnome-remote-desktop used by Anaconda's remote install feature, where a crafted RDP packet could trigger a segmentation fault. This issue causes the service to crash and remain defunct, resulting in a denial of service. It occurs pre-boot and is likely due to a NULL pointe...

7.1CVSS6.7AI score0.00416EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/05/13 12:0 a.m.8 views

PT-2025-20826

Name of the Vulnerable Software and Affected Versions Relevanssi – A Better Search plugin for WordPress versions 4.24.4 and earlier Free and versions 2.27.4 and earlier Premium Description The Relevanssi – A Better Search plugin for WordPress is vulnerable to time-based SQL Injection via the cats...

7.5CVSS7.4AI score0.02626EPSS
Exploits2References11
Positive Technologies
Positive Technologies
added 2025/05/13 12:0 a.m.8 views

PT-2025-23257 · Freescout · Freescout

Name of the Vulnerable Software and Affected Versions: FreeScout versions prior to 1.8.180 Description: FreeScout is a free self-hosted help desk and shared mailbox. The issue arises when creating a translation of a phrase that appears in a flash-message after a completed action, allowing the...

6.8CVSS5.9AI score0.00222EPSS
Exploits1References7
OSV
OSV
added 2025/05/06 12:45 a.m.11 views

CVE-2025-46728 cpp-httplib has Unbounded Memory Allocation in Chunked/No-Length Requests

cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Prior to version 0.20.1, the library fails to enforce configured size limits on incoming request bodies when Transfer-Encoding: chunked is used or when no Content-Length header is provided. A remote attacker can send a chunked...

7.5CVSS7.4AI score0.00603EPSS
Exploits1References4
CBLMariner
CBLMariner
added 2025/05/05 3:9 p.m.11 views

CVE-2025-21912 affecting package kernel for versions less than 5.15.180.1-1

CVE-2025-21912 affecting package kernel for versions less than 5.15.180.1-1. An upgraded version of the package is available that resolves this issue...

5.5CVSS5.5AI score0.00148EPSS
Exploits0
NVD
NVD
added 2025/04/18 7:15 a.m.10 views

CVE-2025-40114

In the Linux kernel, the following vulnerability has been resolved: iio: light: Add check for array bounds in veml6075readinttimems The array contains only 5 elements, but the index calculated by veml6075readinttimeindex can range from 0 to 7, which could lead to out-of-bounds access. The check...

7.8CVSS0.00225EPSS
Exploits0References4
NVD
NVD
added 2025/04/10 3:16 p.m.43 views

CVE-2025-32027

Yii is an open source PHP web framework. Prior to 1.1.31, yiisoft/yii is vulnerable to Reflected XSS in specific scenarios where the fallback error renderer is used. Upgrade yiisoft/yii to version 1.1.31 or higher...

6.1CVSS0.0023EPSS
Exploits0References2
Kaspersky
Kaspersky
added 2025/04/08 12:0 a.m.20 views

KLA82402 PE vulnerability in Microsoft SQL Server

An elevation of privilege vulnerability was found in Microsoft SQL Server. Malicious users can exploit this vulnerability to gain privileges. Original advisories CVE-2025-29803 Related products Microsoft-SQL-Server Microsoft-SQL-Server-Management-Studio CVE list CVE-2025-29803 high Solution Insta...

7.3CVSS9.1AI score0.00622EPSS
Exploits0References4
Rows per page
Query Builder