Lucene search
K

167 matches found

CNNVD
CNNVD
added 2026/05/05 12:0 a.m.10 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 148.0.7778.96 contained a security vulnerability, which was caused by improper implementation of the ORB mechanism. This vulnerability could allow remote attackers to bypass site isolation...

6.3CVSS5.8AI score0.00177EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.5 views

CVE-2026-32708

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the Zenoh uORB subscriber allocates a stack VLA directly from the incoming payload length without bounds. A remote Zenoh publisher can send an oversized fragmented message to force an unbounded stack allocation and copy,...

8CVSS5.9AI score0.00241EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/13 9:18 p.m.2 views

CVE-2026-32708 Zenoh uORB Subscriber Allows Arbitrary Stack Allocation (PX4/PX4-Autopilot)

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the Zenoh uORB subscriber allocates a stack VLA directly from the incoming payload length without bounds. A remote Zenoh publisher can send an oversized fragmented message to force an unbounded stack allocation and copy,...

7.8CVSS5.9AI score0.00241EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/13 9:18 p.m.3 views

CVE-2026-32708

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the Zenoh uORB subscriber allocates a stack VLA directly from the incoming payload length without bounds. A remote Zenoh publisher can send an oversized fragmented message to force an unbounded stack allocation and copy,...

7.8CVSS5.9AI score0.00241EPSS
Exploits1References2Affected Software1
The Hacker News
The Hacker News
added 2026/01/08 2:54 p.m.9 views

China-Linked UAT-7290 Targets Telecoms with Linux Malware and ORB Nodes

A China-nexus threat actor known as UAT-7290 has been attributed to espionage-focused intrusions against entities in South Asia and Southeastern Europe. The activity cluster, which has been active since at least 2022, primarily focuses on extensive technical reconnaissance of target organizations...

7.7AI score
Exploits0
EUVD
EUVD
added 2025/11/25 12:16 a.m.3 views

EUVD-2025-199424

Malicious code in @voiceflow/circleci-config-sdk-orb-import npm...

6.6AI score
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2004-2686

Malware in sbrugna...

5.5CVSS6.4AI score0.01286EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2008-5618

Malware in sbrugna...

7.8CVSS6.4AI score0.0218EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2012-3133

Malware in sbrugna...

5CVSS6.1AI score0.02531EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2008-5539

Malware in sbrugna...

5CVSS6.4AI score0.0144EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.11 views

EUVD-2005-4756

Malware in sbrugna...

7.5CVSS6.4AI score0.01536EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-24506

Malicious code in bioql PyPI...

5.9CVSS7.2AI score0.00445EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-2849

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.0065EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/09/11 3:19 a.m.15 views

CVE-2025-42925

Due to the lack of randomness in assigning Object Identifiers in the SAP NetWeaver AS JAVA IIOP service, an authenticated attacker with low privileges could predict the identifiers by conducting a brute force search. By leveraging knowledge of several identifiers generated close to the same time,...

4.3CVSS6.6AI score0.00218EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2012-3155

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unspecified vulnerability in the CORBA ORB component in Sun GlassFish Enterprise Server 2.1.1, Oracle GlassFish Server 3.0.1 and 3.1.2, and Sun Java System...

5CVSS6AI score0.02531EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/06/27 5:33 a.m.2 views

Malicious code in aquasec-orb-test-project (npm)

The package communicates with a domain associated with malicious activity...

7AI score
Exploits0
OSV
OSV
added 2025/06/27 5:33 a.m.1 views

MAL-2025-5362 Malicious code in aquasec-orb-test-project (npm)

The package communicates with a domain associated with malicious activity...

7.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 5:6 a.m.11 views

CVE-2023-5763

In Eclipse Glassfish 5 or 6, running with old versions of JDK lower than 6u211, or 7u201, or 8u191, allows remote attackers to load malicious code on the server via access to insecure ORB listeners...

9.8CVSS7.1AI score0.0065EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 9:2 p.m.3 views

CVE-2021-2394

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIO...

10CVSS7.1AI score0.76567EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/21 10:12 p.m.7 views

CVE-2005-4763

BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier, when Internet Inter-ORB Protocol IIOP is used, sometimes include a password in an exception message that is sent to a client or stored in a log file, which might allow remote attackers to...

7.5CVSS7AI score0.01536EPSS
Exploits0References1
Rows per page
Query Builder