Lucene search
K

15955 matches found

OSV
OSV
added 2025/09/29 5:15 p.m.4 views

CVE-2025-7104

A mass assignment vulnerability exists in danny-avila/librechat, affecting all versions. This vulnerability allows attackers to manipulate sensitive fields by automatically binding user-provided data to internal object properties or database fields without proper filtering. As a result, any extra...

7.5CVSS6.8AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/29 5:10 p.m.3 views

CVE-2025-7104 Mass Assignment in danny-avila/librechat

A mass assignment vulnerability exists in danny-avila/librechat, affecting all versions. This vulnerability allows attackers to manipulate sensitive fields by automatically binding user-provided data to internal object properties or database fields without proper filtering. As a result, any extra...

4.3CVSS6.4AI score0.00277EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/09/29 12:0 a.m.5 views

PT-2025-39846

Name of the Vulnerable Software and Affected Versions librechat affected versions not specified Description A mass assignment issue exists that allows manipulation of sensitive fields. Attackers can exploit this by automatically binding user-provided data to internal object properties or database...

4.3CVSS4.5AI score0.00277EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2025/09/29 12:0 a.m.4 views

AlmaLinux 9 : podman (ALSA-2025:15900)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:15900 advisory. podman: Podman kube play command may overwrite host files CVE-2025-9566 Tenable has extracted the preceding description block directly from the AlmaLinux security...

8.1CVSS5.5AI score0.01008EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2025/09/28 1:1 a.m.3 views

media: aspeed: Fix memory overwrite if timing is 1600x900

...

7.8CVSS7AI score0.00218EPSS
Exploits0
OSV
OSV
added 2025/09/26 7:41 p.m.3 views

CLSA-2025-1758915712 Fix CVE(s): CVE-2025-32988, CVE-2025-32990

SECURITY UPDATE: double-free when exporting SAN otherName - debian/patches/CVE-2025-32988.patch: fix double-free triggered when exporting certificates with multiple SAN otherName entries. - CVE-2025-32988 SECURITY UPDATE: 1-byte heap write in certtool template parsing -...

8.2CVSS6.9AI score0.01185EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/09/25 12:9 a.m.4 views

hornetq-core-client: Arbitrarily overwrite files or access sensitive information

A flaw was found in the createTempFile method of hornetq. Affected version of hornetq allows attackers to arbitrarily overwrite files or access sensitive information...

9.1CVSS5.7AI score0.00699EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2025/09/25 12:9 a.m.5 views

hornetq-core-client: Arbitrarily overwrite files or access sensitive information

A flaw was found in the createTempFile method of hornetq. Affected version of hornetq allows attackers to arbitrarily overwrite files or access sensitive information...

9.1CVSS5.7AI score0.00699EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/09/24 7:34 p.m.5 views

CVE-2025-59433

Conventional Changelog generates changelogs and release notes from a project's commit messages and metadata. Prior to version 2.0.0, @conventional-changelog/git-client has an argument injection vulnerability. This vulnerability manifests with the library's getTags API, which allows extra paramete...

5.3CVSS7.2AI score0.00202EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/09/24 12:0 a.m.5 views

RHEL 9 : podman (RHSA-2025:16488)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:16488 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods...

8.1CVSS5.7AI score0.01008EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/09/24 12:0 a.m.5 views

RHEL 9 : podman (RHSA-2025:16481)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:16481 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods...

8.1CVSS5.7AI score0.01008EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/09/23 6:32 p.m.5 views

Important: Red Hat Security Advisory: container-tools:rhel8 security update

An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common...

8.1CVSS6.8AI score0.01008EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/09/23 3:24 p.m.6 views

podman: Podman kube play command may overwrite host files

There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the targ...

8.1CVSS5.8AI score0.01008EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/09/23 3:19 p.m.3 views

podman: Podman kube play command may overwrite host files

There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the targ...

8.1CVSS5.8AI score0.01008EPSS
Exploits0References6
NVD
NVD
added 2025/09/22 8:15 p.m.25 views

CVE-2025-59433

Conventional Changelog generates changelogs and release notes from a project's commit messages and metadata. Prior to version 2.0.0, @conventional-changelog/git-client has an argument injection vulnerability. This vulnerability manifests with the library's getTags API, which allows extra paramete...

5.3CVSS0.00202EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/22 7:45 p.m.5 views

Arbitrary Argument Injection

Overview @conventional-changelog/git-client is a Simple git client for conventional changelog packages. Affected versions of this package are vulnerable to Arbitrary Argument Injection via the getTags API which allows specifying extra parameters passed to the git log command. An attacker can...

5.7CVSS7.1AI score0.00202EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/22 7:14 p.m.12 views

CVE-2025-59433 @conventional-changelog/git-client has an Argument Injection vulnerability

Conventional Changelog generates changelogs and release notes from a project's commit messages and metadata. Prior to version 2.0.0, @conventional-changelog/git-client has an argument injection vulnerability. This vulnerability manifests with the library's getTags API, which allows extra paramete...

5.3CVSS0.00202EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/22 7:14 p.m.2 views

CVE-2025-59433 @conventional-changelog/git-client has an Argument Injection vulnerability

Conventional Changelog generates changelogs and release notes from a project's commit messages and metadata. Prior to version 2.0.0, @conventional-changelog/git-client has an argument injection vulnerability. This vulnerability manifests with the library's getTags API, which allows extra paramete...

5.3CVSS7.1AI score0.00202EPSS
Exploits0References2
OSV
OSV
added 2025/09/22 6:1 p.m.2 views

GHSA-VH25-5764-9WCR @conventional-changelog/git-client has Argument Injection vulnerability

Background on exploitation This vulnerability manifests with the library's getTags API, which allows specifying extra parameters passed to the git log command. In another API by this library - getRawCommits there are secure practices taken to ensure that the extra parameter path is unable to inje...

5.3CVSS7.5AI score0.00202EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/09/22 12:0 a.m.2 views

Conventional Changelog 参数注入漏洞

Conventional Changelog is an open source update log generation tool from Conventional Changelog. A parameter injection vulnerability exists in Conventional Changelog versions prior to 2.0.0 that stems from not cleaning or validating user input in the getTags API, which could lead to a parameter...

5.3CVSS6.9AI score0.00202EPSS
Exploits0References3
Rows per page
Query Builder