Lucene search
K

15965 matches found

Redos
Redos
added 2025/08/19 12:0 a.m.2 views

ROS-20250819-12

Vulnerability of configuration management and remote Salt operations execution system is related to incorrect input data validation in the findfile method of the GitFS class. Exploitation of the vulnerability could allow an attacker to manipulate files and directories Vulnerability in the Salt...

9.6CVSS7.7AI score0.00959EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2025-53022

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - TrustedFirmware-M aka Trusted Firmware for M profile Arm CPUs before 2.1.3 and 2.2.x before 2.2.1 lacks length validation during a firmware upgrade. While...

8.6CVSS5.9AI score0.0043EPSS
Exploits0References2
OSV
OSV
added 2025/08/18 9:1 p.m.2 views

GHSA-P7Q8-GRRJ-3M8W Copier's safe template has filesystem write access outside destination path

Impact Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the --UNSAFE,--trust flag. As it turns out, a safe template can currently write files outside the destination path...

6.9CVSS5.9AI score0.00244EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/08/18 9:1 p.m.7 views

Copier's safe template has filesystem write access outside destination path

Impact Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the --UNSAFE,--trust flag. As it turns out, a safe template can currently write files outside the destination path...

6.9CVSS7.2AI score0.00244EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2025/08/18 5:24 p.m.28 views

CVE-2025-55293

Meshtastic (vulnerable before 2.6.3) allows crafting NodeInfo packets to overwrite a known node’s publicKey in NodeDB. Attack flow: first send NodeInfo with an empty publicKey to bypass size checks (clears existing key), then send a new key that gets stored. Root cause is improper handling of emp...

9.8CVSS6.2AI score0.00398EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2025/08/18 5:24 p.m.10 views

CVE-2025-55293 Meshtastic allows crafting of specific NodeInfo packets that overwrite any publicKey saved in the NodeDB

Meshtastic is an open source mesh networking solution. Prior to v2.6.3, an attacker can send NodeInfo with a empty publicKey first, then overwrite it with a new key. First sending a empty key bypasses 'if p.publickey.size 0 ', clearing the existing publicKey and resetting the size to 0 for a know...

9.4CVSS0.00398EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/08/18 5:24 p.m.4 views

CVE-2025-55293 Meshtastic allows crafting of specific NodeInfo packets that overwrite any publicKey saved in the NodeDB

Meshtastic is an open source mesh networking solution. Prior to v2.6.3, an attacker can send NodeInfo with a empty publicKey first, then overwrite it with a new key. First sending a empty key bypasses 'if p.publickey.size 0 ', clearing the existing publicKey and resetting the size to 0 for a know...

9.4CVSS6.7AI score0.00398EPSS
Exploits0References3
OSV
OSV
added 2025/08/18 5:24 p.m.6 views

CVE-2025-55293 Meshtastic allows crafting of specific NodeInfo packets that overwrite any publicKey saved in the NodeDB

Meshtastic is an open source mesh networking solution. Prior to v2.6.3, an attacker can send NodeInfo with a empty publicKey first, then overwrite it with a new key. First sending a empty key bypasses 'if p.publickey.size 0 ', clearing the existing publicKey and resetting the size to 0 for a know...

9.4CVSS6.6AI score0.00398EPSS
Exploits0References5
NVD
NVD
added 2025/08/18 5:15 p.m.11 views

CVE-2025-55214

Copier library and CLI app for rendering project templates. From 7.1.0 to before 9.9.1, Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the --UNSAFE,--trust flag. As it...

6.9CVSS0.00244EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/08/18 12:0 a.m.1 views

Meshtastic 授权问题漏洞

Meshtastic is a decentralized wireless off-grid mesh network LoRa protocol open-sourced by Meshtastic. An authorization issue vulnerability exists in Meshtastic versions prior to 2.6.3, which stems from bypassing public key authentication and could lead to malicious key overwriting...

9.8CVSS6.8AI score0.00398EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/08/18 12:0 a.m.3 views

PT-2025-33669 · Copier · Copier

Name of the Vulnerable Software and Affected Versions: Copier versions 7.1.0 through 9.9.0 Description: Copier, a library and CLI application for rendering project templates, allows for the potential to write files outside the intended destination path when rendering a generated directory structu...

6.9CVSS7.4AI score0.00244EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2018-14681

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in kwajdreadheaders in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte...

8.8CVSS7.2AI score0.03806EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.8 views

Amazon Linux 2023 : vim-common, vim-data, vim-default-editor (ALAS2023-2025-1138)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1138 advisory. Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vim's tar.vim plugin can allow overwriting of arbitrary files when opening specially craft...

4.1CVSS7.2AI score0.00731EPSS
Exploits2References6
OSV
OSV
added 2025/08/15 3:29 p.m.3 views

CLSA-2025-1755271747 dmidecode: Fix of CVE-2023-30630

CVE-2023-30630: prevent --dump-bin from overwriting local files to address privilege escalation vulnerability...

7.1CVSS5.8AI score0.00523EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/08/15 9:28 a.m.14 views

CVE-2025-55345

Using Codex CLI in workspace-write mode inside a malicious context repo, directory, etc could lead to arbitrary file overwrite and potentially remote code execution due to symlinks being followed outside the allowed current working directory...

8.8CVSS8.2AI score0.00782EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/15 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2024-44973

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: mm, slub: do not call doslabfree for kfence object In 782f8906f805 the freeing of kfence...

5.5CVSS5.8AI score0.0018EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/15 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2023-53065

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix perfoutputbegin parameter is incorrectly invoked in perfeventbpfoutput...

7.8CVSS6.2AI score0.00168EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/08/14 7:29 p.m.4 views

CVE-2024-52964

An Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability CWE-22 in Fortinet FortiManager version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9 and below 7.0.13 & FortiManager Cloud version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5 and before 7.2...

6.5CVSS7.2AI score0.0056EPSS
Exploits0References1
CloudLinux
CloudLinux
added 2025/08/14 3:22 p.m.9 views

git: Fix of CVE-2025-46835

CVE-2025-46835: fix vulnerability where Git GUI can create and overwrite arbitrary writable files...

8.5CVSS7.5AI score0.00296EPSS
Exploits0
CVE
CVE
added 2025/08/13 8:35 p.m.22 views

CVE-2012-10057

CVE-2012-10057 affects Lattice ispVM System v18.0.2 and is due to a buffer overflow when parsing the version attribute of the ispXCF XML tag in .xcf project files. This local, no-privilege path enables arbitrary code execution when a crafted .xcf is opened. Exploitation code/module exists (e.g., ...

8.4CVSS8.3AI score0.00398EPSS
Exploits0References5
Rows per page
Query Builder