Lucene search
+L

252 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.2 views

Malicious code in babel-pal (npm)

The package babel-pal was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.2 views

MAL-2025-15289 Malicious code in babel-pal (npm)

The package babel-pal was found to contain malicious code...

7.2AI score
Exploits0
OSV
OSV
added 2025/07/31 6:15 p.m.6 views

CVE-2025-54834

OPEXUS FOIAXpress Public Access Link PAL version v11.1.0 allows an unauthenticated, remote attacker to query the /App/CreateRequest.aspx endpoint to check for the existence of valid usernames. There are no rate-limiting mechanisms in place...

6.9CVSS5.9AI score0.0049EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/07/31 12:0 a.m.6 views

OPEXUS FOIAXpress Public Access Link(OPEXUS FOIAXpress PAL) 安全漏洞

OPEXUS FOIAXpress Public Access Link OPEXUS FOIAXpress PAL is a secure public-facing web portal from OPEXUS that connects organizations with requesters and integrates with payment solutions, including payment solutions. A security vulnerability exists in OPEXUS FOIAXpress Public Access Link OPEXU...

6.9CVSS6.6AI score0.0049EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/06/08 1:18 p.m.10 views

CVE-2025-49453

Cross-Site Request Forgery CSRF vulnerability in Jatinder Pal Singh BP Profile as Homepage bp-profile-as-homepage allows Stored XSS.This issue affects BP Profile as Homepage: from n/a through = 1.1...

7.1CVSS5.9AI score0.00116EPSS
Exploits0References1
NVD
NVD
added 2025/06/06 1:16 p.m.16 views

CVE-2025-49453

Cross-Site Request Forgery CSRF vulnerability in Jatinder Pal Singh BP Profile as Homepage bp-profile-as-homepage allows Stored XSS.This issue affects BP Profile as Homepage: from n/a through = 1.1...

7.1CVSS0.00116EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/06 12:54 p.m.25 views

CVE-2025-49453 WordPress BP Profile as Homepage plugin <= 1.1 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Jatinder Pal Singh BP Profile as Homepage bp-profile-as-homepage allows Stored XSS.This issue affects BP Profile as Homepage: from n/a through = 1.1...

7.1CVSS0.00116EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/06/06 2:25 a.m.5 views

SUSE CVE-2025-5645

A vulnerability, which was classified as problematic, was found in Radare2 5.9.9. This affects the function rconspalinit in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. Attacking locally is a requirement. The complexity of ...

2.5CVSS3.2AI score0.00185EPSS
Exploits1References3
OSV
OSV
added 2025/06/05 8:15 a.m.11 views

UBUNTU-CVE-2025-5646

A vulnerability has been found in Radare2 5.9.9 and classified as problematic. This vulnerability affects the function rconsrainbowfree in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. It is possible to launch the attack on...

2.5CVSS4.2AI score0.00185EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2025/05/23 6:45 a.m.9 views

CVE-2024-48047

Cross-Site Request Forgery CSRF vulnerability in Razon Komar Pal Linked Variation for WooCommerce linked-variation-for-woocommerce allows Cross Site Request Forgery.This issue affects Linked Variation for WooCommerce: from n/a through = 1.0.5...

4.3CVSS5.9AI score0.00169EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:46 a.m.12 views

CVE-2018-11922

Wrong configuration in Touch Pal application can collect user behavior data without awareness by the user...

9.8CVSS7.6AI score0.00227EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/27 12:0 a.m.9 views

PT-2025-8940 · Trivision · Trivision Camera Nc227Wf

Name of the Vulnerable Software and Affected Versions: Trivision Camera NC227WF version 5.8.0 Description: An Authentication Bypass issue allows an attacker to retrieve administrator's credentials in cleartext. This is achieved by sending a request to the "/en/player/activex pal.asp" API endpoint...

7.1CVSS7.2AI score0.00287EPSS
Exploits2References5
NVD
NVD
added 2024/12/02 11:15 a.m.15 views

CVE-2024-33039

Memory corruption when PAL client calls PAL service APIs by passing a random value as handle and the handle is not validated by the service...

6.7CVSS0.00103EPSS
Exploits0References1
CVE
CVE
added 2024/12/02 10:18 a.m.81 views

CVE-2024-33039

CVE-2024-33039 concerns memory corruption in Qualcomm PAL components when a PAL client passes a random, unvalidated handle to PAL service APIs. The available sources consistently describe this as an unvalidated handle dereference that can lead to memory corruption, with the issue documented acros...

6.7CVSS6.8AI score0.00103EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/12/02 10:18 a.m.17 views

CVE-2024-33039 Untrusted Pointer Dereference in Audio

Memory corruption when PAL client calls PAL service APIs by passing a random value as handle and the handle is not validated by the service...

6.7CVSS7.2AI score0.00103EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/12/02 12:0 a.m.5 views

PT-2024-25084 · Pal · Pal

Name of the Vulnerable Software and Affected Versions: PAL affected versions not specified Description: The issue occurs when the PAL client calls PAL service APIs by passing a random value as a handle, and the handle is not validated by the service, resulting in memory corruption. Recommendation...

6.7CVSS6.5AI score0.00103EPSS
Exploits0References5
NVD
NVD
added 2024/11/26 9:15 a.m.29 views

CVE-2018-11922

Wrong configuration in Touch Pal application can collect user behavior data without awareness by the user...

9.8CVSS0.00227EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/26 8:55 a.m.32 views

CVE-2018-11922 Configurations in Android Build

Wrong configuration in Touch Pal application can collect user behavior data without awareness by the user...

9.8CVSS0.00227EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/26 8:55 a.m.10 views

CVE-2018-11922 Configurations in Android Build

Wrong configuration in Touch Pal application can collect user behavior data without awareness by the user...

9.8CVSS7.1AI score0.00227EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/26 12:0 a.m.8 views

PT-2024-10612 · Touchpal · Touch Pal

Name of the Vulnerable Software and Affected Versions: Touch Pal application affected versions not specified Description: The issue concerns a wrong configuration in the Touch Pal application that can lead to the collection of user behavior data without the user's awareness. Recommendations: At t...

9.8CVSS7.6AI score0.00227EPSS
Exploits0References3
Rows per page
Query Builder