Lucene search
K

544 matches found

Snyk
Snyk
added 2026/05/22 11:49 p.m.10 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the SampleAuxInfoReader constructor when parsing a specially crafted HEIF sequence file containing a saiz box that declares more samples than exist in the track's chunk table. An attacker can cause a heap buffer...

8.1CVSS5.9AI score0.00302EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/11 1:30 p.m.7 views

CVE-2026-8291

A weakness has been identified in Open5GS up to 2.7.7. Impacted is the function ogsnnrfnfmhandlenfprofile of the file lib/sbi/nnrf-handler.c of the component NRF. This manipulation causes denial of service. The attack is possible to be carried out remotely. The exploit has been made available to...

5.3CVSS5.5AI score0.00378EPSS
Exploits1References6
Snyk
Snyk
added 2026/04/29 12:0 a.m.10 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to improper handling of Uniform Resource Identifier URI and Service SRV Subject Alternative Names SANs in the certificate validation process. An attacker can intercept sensitive information or...

8.3CVSS5.8AI score0.00354EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/26 8:44 p.m.3 views

CVE-2026-33622 A PinchTab Security Policy Bypass in /wait Allows Arbitrary JavaScript Execution

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.8.3 through v0.8.5 allow arbitrary JavaScript execution through POST /wait and POST /tabs/id/wait when the request uses fn mode, even if security.allowEvaluate is disabled. POST /evaluate...

6.1CVSS6.3AI score0.00512EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-23953

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incus is a system container and virtual machine manager. In versions 6.20.0 and below, a user with the ability to launch a container with a custom YAML...

8.7CVSS6.1AI score0.00471EPSS
Exploits1References2
OSV
OSV
added 2025/12/18 9:15 p.m.7 views

AZL-72851 CVE-2025-59529 affecting package avahi 0.8-5

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions up to and including 0.9-rc2, the simple protocol server ignores the documented client limit and accepts unlimited connections, allowing for easy local DoS. Although CLIENTSMAX ...

5.5CVSS5.7AI score0.00152EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2025/12/08 4:58 a.m.188 views

Exploit for CVE-2025-1337

CVE-2025-13377 – 10Web Booster ≤ 2.32.7 – Authenticated Arbitr...

9.6CVSS6.8AI score0.00489EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2025/10/08 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2022-50479

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/amd: fix potential memory leak This patch fix potential memory leak clksrc when function run into last return NULL. s/free/kfree/ - Alex CVE-2022-50479 Note...

5.5CVSS6.2AI score0.00128EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/09/19 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2023-53371

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/mlx5e: fix memory leak in mlx5efsttredirectanycreate The memory pointed to by the fs-any pointer is not freed in the error path of mlx5efsttredirectanycreat...

5.5CVSS6.6AI score0.00143EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/09/19 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2022-50390

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/ttm: fix undefined behavior in bit shift for TTMTTFLAGPRIVPOPULATED Shifting signed 32-bit value by 31 bits is undefined, so changing significant bit to...

5.5CVSS6.2AI score0.00152EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/15 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2025-21853

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: bpf: avoid holding freezemutex during mmap operation We use map-freezemutex to prevent races...

5.5CVSS6.2AI score0.0021EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/08/13 12:0 a.m.6 views

PT-2025-33065 · Code Projects · Job Diary

Name of the Vulnerable Software and Affected Versions: code-projects Job Diary version 1.0 Description: A SQL injection issue exists due to the manipulation of the ID argument in the /admin-inbox.php file. This allows for remote exploitation. The exploit has been publicly disclosed...

9.8CVSS8.4AI score0.00405EPSS
Exploits1References9
SUSE CVE
SUSE CVE
added 2025/06/23 11:21 p.m.4 views

SUSE CVE-2025-6494

A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833. It has been classified as problematic. This affects the function hashmapgetwithhash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be...

4.8CVSS3.5AI score0.00149EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/06/09 12:0 a.m.6 views

PT-2025-24426 · Tp Link · Tp-Link Tl-Ipc544Ep-W4

Name of the Vulnerable Software and Affected Versions: TP-Link TL-IPC544EP-W4 version 1.0.9 Build 240428 Rel 69493n Description: A critical vulnerability has been found in the TP-Link TL-IPC544EP-W4 camera. The issue affects the sub 69064 function of the /bin/main file. The manipulation of the te...

9CVSS8.7AI score0.00813EPSS
Exploits1References15
Positive Technologies
Positive Technologies
added 2025/05/26 12:0 a.m.6 views

PT-2025-22876 · Unknown · Perfreeblog

Name of the Vulnerable Software and Affected Versions: PerfreeBlog version 4.0.11 Description: A vulnerability has been found in the function JwtUtil of the component JWT Handler, which leads to the use of a hard-coded cryptographic key. The attack can be initiated remotely, and the complexity of...

8.1CVSS3.8AI score0.0062EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2025/05/20 12:0 a.m.7 views

PT-2025-22314 · Unknown · Project Worlds Online Time Table Generator

Name of the Vulnerable Software and Affected Versions: projectworlds Online Time Table Generator version 1.0 Description: A critical issue affects the processing of the file "/admin/add course.php". The manipulation of the argument c/subname leads to SQL injection. This issue may be exploited...

9.8CVSS7.5AI score0.00421EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2025/04/07 12:0 a.m.4 views

PT-2025-15238 · Ruoyi · Ruoyi

Name of the Vulnerable Software and Affected Versions: RUoYi version 4.8.0 Description: An issue in RUoYi allows a remote attacker to escalate privileges via the postID parameter in the edit method. Recommendations: For RUoYi version 4.8.0, consider disabling the edit method until a patch is...

6.7CVSS7.3AI score0.00339EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2025/04/03 12:0 a.m.11 views

PT-2025-14702 · Unknown · Code-Projects Matrimonial Site

Name of the Vulnerable Software and Affected Versions: Code-Projects Matrimonial Site version V1.0 Description: The issue concerns SQL Injection. It affects the /view profile.php API endpoint, specifically the id variable. There is no information provided about the estimated number of potentially...

9.8CVSS6.8AI score0.00615EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/03/20 12:0 a.m.10 views

PT-2025-12052

Name of the Vulnerable Software and Affected Versions: gaizhenbiao/chuanhuchatgpt version git d4ec6a3 Description: The issue is related to a local file inclusion vulnerability due to the use of the gradio component gr.JSON. This vulnerability allows unauthenticated users to access arbitrary files...

6.5CVSS6.6AI score0.00669EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/02/27 12:0 a.m.7 views

PT-2025-8946 · Hkcms · Hkcms

Name of the Vulnerable Software and Affected Versions: HkCms version 2.3.2.240702 Description: The issue is related to an arbitrary file write vulnerability in the Appcenter.php component. This vulnerability allows for the writing of files to arbitrary locations, potentially leading to security...

7.2CVSS7.4AI score0.00391EPSS
Exploits0References4
Rows per page
Query Builder