Lucene search
K

121 matches found

Cvelist
Cvelist
added 2025/12/05 4:22 p.m.31 views

CVE-2025-14104 Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames

A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the setpwnam function, affecting SUID Set User ID login-utils utilities writing to the password database...

6.1CVSS0.00179EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2025/12/05 4:21 p.m.3 views

CVE-2025-14104

A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the setpwnam function, affecting SUID Set User ID login-utils utilities writing to the password database. Mitigation Mitigation for this issue is either not...

6.1CVSS6.3AI score0.00179EPSS
Exploits0References3
OSV
OSV
added 2025/10/31 9:15 a.m.10 views

ALPINE-CVE-2025-30189

When cache is enabled, some passdb/userdb drivers incorrectly cache all users with same cache key, causing wrong cached information to be used for these users. After cached login, all subsequent logins are for same user. Install fixed version or disable caching either globally or for the impacted...

7.4CVSS6.6AI score0.00548EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/31 9:2 a.m.7 views

EUVD-2025-37318

When cache is enabled, some passdb/userdb drivers incorrectly cache all users with same cache key, causing wrong cached information to be used for these users. After cached login, all subsequent logins are for same user. Install fixed version or disable caching either globally or for the impacted...

7.4CVSS6.1AI score0.00548EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/10/27 12:0 a.m.7 views

Siemens Apogee PXC and Talon TC Devices Exposure of Sensitive Information to an Unauthorized Actor (CVE-2025-40757)

Affected devices connected to the network allow unrestricted access to sensitive files, such as databases. This could allow an attacker to download encrypted .db file containing passwords. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

6.3CVSS5.9AI score0.00256EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/10/20 9:27 p.m.22 views

CVE-2025-62425

MAS Matrix Authentication Service is a user management and authentication service for Matrix homeservers, written and maintained by Element. A logic flaw in matrix-authentication-service 0.20.0 through 1.4.0 allows an attacker with access to an authenticated MAS session to perform sensitive...

8.3CVSS6.8AI score0.00422EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/16 6:44 p.m.11 views

CVE-2025-62425 Matrix Authentication Service account password can be changed using an authenticated session without supplying the current password

MAS Matrix Authentication Service is a user management and authentication service for Matrix homeservers, written and maintained by Element. A logic flaw in matrix-authentication-service 0.20.0 through 1.4.0 allows an attacker with access to an authenticated MAS session to perform sensitive...

8.3CVSS0.00422EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/16 6:44 p.m.3 views

CVE-2025-62425 Matrix Authentication Service account password can be changed using an authenticated session without supplying the current password

MAS Matrix Authentication Service is a user management and authentication service for Matrix homeservers, written and maintained by Element. A logic flaw in matrix-authentication-service 0.20.0 through 1.4.0 allows an attacker with access to an authenticated MAS session to perform sensitive...

8.3CVSS6.4AI score0.00422EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/16 6:44 p.m.7 views

EUVD-2025-34822

MAS Matrix Authentication Service is a user management and authentication service for Matrix homeservers, written and maintained by Element. A logic flaw in matrix-authentication-service 0.20.0 through 1.4.0 allows an attacker with access to an authenticated MAS session to perform sensitive...

8.3CVSS6.2AI score0.00422EPSS
Exploits0References2
CVE
CVE
added 2025/10/16 6:44 p.m.12 views

CVE-2025-62425

MAS (Matrix Authentication Service) is affected by a logic flaw in matrix-authentication-service 0.20.0 through 1.4.0 that lets an attacker with access to an authenticated MAS session perform sensitive operations without entering the current password (e.g., changing the password, adding/removing ...

8.3CVSS6.4AI score0.00422EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-10781

Malware in sbrugna...

8.6CVSS7.9AI score0.00582EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2007-0159

Malware in sbrugna...

7.5CVSS6.4AI score0.01353EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-30682

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00315EPSS
Exploits0References1
CVE
CVE
added 2025/10/02 4:13 p.m.17 views

CVE-2025-34208

Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SAAS) uses unsalted SHA-512 and, fallback unsalted SHA-1, for password hashing via PHP hash() in multiple files (server_write_requests_users.php, update_database.php, legacy/Login.php, tests/Unit/Api/IdpControllerTest...

8.2CVSS7AI score0.00411EPSS
Exploits1References4Affected Software2
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2023-32682

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. In affected versions it may be possible for a deactivated user to login...

5.4CVSS5.8AI score0.00752EPSS
Exploits0References2
OSV
OSV
added 2025/08/11 1:53 p.m.4 views

BIT-LIBPHP-2023-0567 password_verify() always returns true for some invalid hashes

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, passwordverify function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid...

8.1CVSS7AI score0.00944EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/07/17 12:0 a.m.9 views

CVE-2023-41566

OA EKP v16 was discovered to contain an arbitrary download vulnerability via the component /ui/sysuiextend/sysUiExtend.do. This vulnerability allows attackers to obtain the password of the background administrator and further obtain database permissions...

0.00281EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/07/17 12:0 a.m.4 views

CVE-2023-41566

OA EKP v16 was discovered to contain an arbitrary download vulnerability via the component /ui/sysuiextend/sysUiExtend.do. This vulnerability allows attackers to obtain the password of the background administrator and further obtain database permissions...

7.2AI score0.00281EPSS
Exploits0References2
OSV
OSV
added 2025/01/14 7:21 p.m.14 views

BIT-PHP-MIN-2023-0567 password_verify() always returns true for some invalid hashes

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, passwordverify function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid...

8.1CVSS6.8AI score0.00944EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.4 views

PT-2025-49263

Name of the Vulnerable Software and Affected Versions util-linux affected versions not specified Description A flaw exists in util-linux that allows a heap buffer overread when processing 256-byte usernames. This issue is specifically present within the setpwnam function and impacts SUID Set User...

6.1CVSS6.7AI score0.00179EPSS
Exploits0References86
Rows per page
Query Builder