Lucene search
+L

113 matches found

Tenable Nessus
Tenable Nessus
added 2026/03/12 12:0 a.m.3 views

FreeBSD : Firefox -- Same-origin policy bypass (e1e40d50-1de2-11f1-8aff-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the e1e40d50-1de2-11f1-8aff-b42e991fc52e advisory. https://bugzilla.mozilla.org/showbug.cgi?id=2018400 reports: Same-origin policy bypass in the CSS Parsi...

6.5CVSS5.8AI score0.00112EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/03 5:0 a.m.36 views

CVE-2026-3449

Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. The Promise remains in a permanently pending state after the signal is aborted, causing any await or .then usage to hang indefinitely. This...

4.8CVSS0.00112EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/19 10:28 p.m.3 views

CVE-2026-26321 OpenClaw has a local file disclosure via sendMediaFeishu in Feishu extension

OpenClaw is a personal AI assistant. Prior to OpenClaw version 2026.2.14, the Feishu extension previously allowed sendMediaFeishu to treat attacker-controlled mediaUrl values as local filesystem paths and read them directly. If an attacker can influence tool calls directly or via prompt injection...

7.5CVSS5.5AI score0.00482EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.10 views

MediaWiki 安全漏洞

MediaWiki is a free and open-source web-based wiki engine developed by the Wikimedia Foundation in the United States. This product can be used to deploy internal knowledge management and content management systems. There are security vulnerabilities in versions of MediaWiki prior to 1.39.14,...

6.3CVSS5.8AI score0.00272EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/16 12:0 a.m.6 views

CVE-2025-24531

In OpenSC pampkcs11 before 0.6.13, pamsmauthenticate wrongly returns PAMIGNORE in many error situations such as an error triggered by a smartcard before login, allowing authentication bypass...

6.7CVSS5.3AI score0.00235EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2026/01/10 5:59 a.m.5 views

CVE-2026-22701

filelock is a platform-independent file lock for Python. Prior to version 3.20.3, a TOCTOU race condition vulnerability exists in the SoftFileLock implementation of the filelock package. An attacker with local filesystem access and permission to create symlinks can exploit a race condition betwee...

5.3CVSS5.3AI score0.00115EPSS
Exploits0
NVD
NVD
added 2025/12/24 6:15 a.m.7 views

CVE-2024-58335

OpenXRechnungToolbox through 2024-10-05-3.0.0 before 6c50e89 allows XXE because the disallow-doctype-decl feature is not enabled in visualization/VisualizerImpl.java...

5CVSS0.00168EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/12/18 12:0 a.m.3 views

Mozilla Thunderbird < 2.0.0.19

The version of Thunderbird installed on the remote Windows host is prior to 2.0.0.19. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2008-68 advisory. - Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2...

6.8CVSS8.3AI score0.02863EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/12/18 12:0 a.m.7 views

Mozilla Thunderbird ESR < 17.0.5

The version of Thunderbird ESR installed on the remote macOS or Mac OS X host is prior to 17.0.5. It is, therefore, affected by a vulnerability as referenced in the mfsa2013-40 advisory. - CERTDecodeCertPackage reads bytes outside the input bufferCVE-2013-0791 CVE-2013-0791 Note that Nessus has n...

5CVSS8.2AI score0.05213EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/12/18 12:0 a.m.2 views

Mozilla Thunderbird < 3.1.3

The version of Thunderbird installed on the remote Windows host is prior to 3.1.3. It is, therefore, affected by a vulnerability as referenced in the mfsa2010-63 advisory. - Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before...

4.3CVSS8.3AI score0.02001EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/12/18 12:0 a.m.4 views

Mozilla Thunderbird < 2.0.0.16

The version of Thunderbird installed on the remote Windows host is prior to 2.0.0.16. It is, therefore, affected by a vulnerability as referenced in the mfsa2008-24 advisory. - Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to...

7.5CVSS6.2AI score0.03787EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/12/10 11:5 p.m.5 views

CVE-2025-67509 MySQLSelectTool Read-Only Bypass via SELECT INTO OUTFILE Allows Arbitrary File Write

Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool e.g., for LLM agent querying, however, validation based on the first keyword e.g.,...

8.2CVSS7.6AI score0.00253EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/03 6:34 p.m.6 views

EUVD-2025-201091

DeepChat is a smart assistant uses artificial intelligence. In 0.5.0 and earlier, there is a Stored Cross-Site Scripting XSS vulnerability in the Mermaid diagram renderer allows an attacker to execute arbitrary JavaScript within the application context. By leveraging the exposed Electron IPC...

9.6CVSS5.2AI score0.00518EPSS
Exploits1References2
NVD
NVD
added 2025/11/28 7:15 a.m.8 views

CVE-2025-66384

app/Controller/EventsController.php in MISP before 2.5.24 has invalid logic in checking for uploaded file validity, related to tmpname...

8.2CVSS0.00322EPSS
Exploits0References2
CBLMariner
CBLMariner
added 2025/11/24 10:21 p.m.6 views

CVE-2025-64329 affecting package moby-containerd-cc for versions less than 1.7.7-10

CVE-2025-64329 affecting package moby-containerd-cc for versions less than 1.7.7-10. A patched version of the package is available...

6.9CVSS5.4AI score0.00162EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.4 views

Google Chrome < 65.0.3325.181 Vulnerability

The version of Google Chrome installed on the remote macOS host is prior to 65.0.3325.181. It is, therefore, affected by a vulnerability as referenced in the 201803stable-channel-update-for-desktop20 advisory. Note that Nessus has not tested for this issue but has instead relied only on the...

5.6AI score
Exploits0References2
NVD
NVD
added 2025/11/10 8:15 p.m.4 views

CVE-2025-12728

Inappropriate implementation in Omnibox in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

4.2CVSS0.00198EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-28622

Malicious code in bioql PyPI...

5.5CVSS6.5AI score0.00261EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/11 8:51 a.m.6 views

Security Bulletin: Resource Exhaustion and Memory Leak in Multer Due to Improper Stream Handling (Fixed in 2.0.0), affects watsonx.data

Summary Multer is a node.js middleware for handling multipart/form-data. Versions prior to 2.0.0 are vulnerable to a resource exhaustion and memory leak issue due to improper stream handling. When the HTTP request stream emits an error, the internal busboy stream is not closed, violating Node.js...

7.5CVSS7.2AI score0.00697EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2013-0997

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service memory corruption and...

6.8CVSS5.8AI score0.02801EPSS
Exploits0References2
Rows per page
Query Builder