Lucene search
K

147 matches found

OSV
OSV
added 2025/06/02 11:21 a.m.6 views

CVE-2025-48990 NeKernel has Heap Overflow in `rt_copy_memory`

NeKernal is a free and open-source operating system stack. Version 0.0.2 has a 1-byte heap overflow in rtcopymemory, which unconditionally wrote a null terminator at dstlen. When len equals the size of the destination buffer 256 bytes, that extra '\0' write overruns the buffer by one byte. To avo...

8.6CVSS7.4AI score0.00158EPSS
Exploits0References4
OSV
OSV
added 2025/05/27 7:47 p.m.8 views

GHSA-69RH-HCCR-CXRJ Laravel Rest Api has a Search Validation Bypass

A validation bypass vulnerability was discovered prior to version 2.13.0, where multiple validations defined for the same attribute could be silently overridden. Due to how the framework merged validation rules across multiple contexts such as index, store, and update actions, malicious actors...

8.7CVSS7.1AI score0.00515EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/05/27 7:47 p.m.35 views

Laravel Rest Api has a Search Validation Bypass

A validation bypass vulnerability was discovered prior to version 2.13.0, where multiple validations defined for the same attribute could be silently overridden. Due to how the framework merged validation rules across multiple contexts such as index, store, and update actions, malicious actors...

8.7CVSS7.1AI score0.00515EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 10:34 a.m.8 views

CVE-2024-46978

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible for any user knowing the ID of a notification filter preference of another user, to enable/disable it or even delete it. The impact is that the target user might start loosing...

6.5CVSS6.7AI score0.00519EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 10:6 p.m.9 views

CVE-2022-39352

OpenFGA is a high-performance authorization/permission engine inspired by Google Zanzibar. Versions prior to 0.2.5 are vulnerable to authorization bypass under certain conditions. You are affected by this vulnerability if you added a tuple with a wildcard assigned to a tupleset relation the right...

9.8CVSS6.6AI score0.0042EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:10 p.m.5 views

CVE-2018-15804

An issue was discovered in the MapR File System in MapR Converged Data Platform and MapR-XD 6.x and earlier. Under certain conditions, it is possible for MapR ticket credentials to become compromised, allowing a user to escalate their privileges to act as aka impersonate any other user, including...

8.8CVSS7.1AI score0.00961EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:51 a.m.6 views

CVE-2011-10003

A vulnerability was found in XpressEngine up to 1.4.4. It has been rated as critical. This issue affects some unknown processing of the component Update Query Handler. The manipulation leads to sql injection. Upgrading to version 1.4.5 is able to address this issue. The patch is named...

9.8CVSS7.6AI score0.00608EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:34 a.m.7 views

CVE-2015-10039

A vulnerability was found in dobos domino. It has been rated as critical. Affected by this issue is some unknown functionality in the library src/Complex.Domino.Lib/Lib/EntityFactory.cs. The manipulation leads to sql injection. Upgrading to version 0.1.5524.38553 is able to address this issue. Th...

8CVSS7.6AI score0.00702EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/16 1:1 p.m.14 views

CVE-2025-37890 net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc

In the Linux kernel, the following vulnerability has been resolved: netsched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc As described in Gerrard's report 1, we have a UAF case when an hfsc class has a netem child qdisc. The crux of the issue is that hfsc is assuming that...

0.00164EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/05/16 12:0 a.m.6 views

PT-2025-25828

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved. The issue was related to the debugfs summary output accessing uninitialized elements in the freq in and signal out arrays, causing...

7.8CVSS7.8AI score0.01345EPSS
Exploits8References577
OpenVAS
OpenVAS
added 2025/05/14 12:0 a.m.154 views

Microsoft Windows Multiple Vulnerabilities (KB5058392)

This host is missing an important security update according to Microsoft KB5058392 SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

8.8CVSS9.8AI score0.21562EPSS
Exploits10References3
OSV
OSV
added 2025/05/13 12:0 a.m.10 views

ALSA-2025:7417 Important: gimp security update

The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. Security Fixes: gimp: dds buffe...

7.8CVSS7.4AI score0.93639EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2025/05/04 5:22 p.m.16 views

CVE-2023-53057

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Fix global-out-of-bounds To loop a variable-length array, hciinitstagesyncstage considers that stagei is valid as long as stagei-1.func is valid. Thus, the last element of stage.func should be intentionally invali...

5.5CVSS6.5AI score0.00168EPSS
Exploits0References4
CVE
CVE
added 2025/05/01 2:9 p.m.73 views

CVE-2022-49762

CVE-2022-49762: In the Linux kernel, ntfs_attr_find() can overflow when iterating ATTR_RECORDs in MFT records, due to adding le32_to_cpu(a->length) to the current pointer and wrapping on 32‑bit systems. A patch adds bounds checks when computing the end address of the current ATTR_RECORD to pre...

5.5CVSS6.7AI score0.00184EPSS
Exploits0References8Affected Software1
Positive Technologies
Positive Technologies
added 2025/05/01 12:0 a.m.6 views

PT-2025-18582

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved, which was related to an information leak when sending a struct ifaddrlblmsg to the network. The issue occurred because the ifal...

8.8CVSS6.9AI score0.0129EPSS
Exploits3References653
NVD
NVD
added 2025/04/30 7:15 p.m.43 views

CVE-2025-46331

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.10 to v1.3.6 Helm chart = openfga-0.2.28, docker = v.1.8.10 are vulnerable to authorization bypass when certain Check and ListObject calls are executed. Th...

9.8CVSS0.00327EPSS
Exploits0References2
NVD
NVD
added 2025/04/30 3:16 p.m.20 views

CVE-2025-32971

XWiki is a generic wiki platform. In versions starting from 4.5.1 to before 15.10.13, from 16.0.0-rc-1 to before 16.4.4, and from 16.5.0-rc-1 to before 16.8.0-rc-1, the Solr script service doesn't take dropped programming rights into account. The Solr script service that is accessible in XWiki's...

3.8CVSS0.00334EPSS
Exploits1References3
The Hacker News
The Hacker News
added 2025/04/29 4:21 a.m.41 views

CISA Adds Actively Exploited Broadcom and Commvault Flaws to KEV Database

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added two high-severity security flaws impacting Broadcom Brocade Fabric OS and Commvault Web Server to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation in the wild. The vulnerabilities...

8.7CVSS8.4AI score0.01932EPSS
Exploits0
OSV
OSV
added 2025/04/25 3:9 p.m.2 views

GHSA-8H6M-WV39-239M Rancher users who can create Projects can gain access to arbitrary projects

Impact A vulnerability has been identified within Rancher where a user with the ability to create a project, on a certain cluster, can create a project with the same name as an existing project in a different cluster. This results in the user gaining access to the other project in the different...

8.5CVSS6.8AI score0.00712EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/04/22 5:15 p.m.5 views

CVE-2025-32964 ManageWiki vulnerable to permission bypass when disabling extensions requiring certain permissions in Special:ManageWiki/extensions

ManageWiki is a MediaWiki extension allowing users to manage wikis. Prior to commit 00bebea, when enabling a conflicting extension, a restricted extension would be automatically disabled even if the user did not hold the ManageWiki-restricted right. This issue has been patched in commit 00bebea. ...

4.6CVSS6.9AI score0.00182EPSS
Exploits0References2
Rows per page
Query Builder