Lucene search
+L

179 matches found

NVD
NVD
added 2025/11/27 10:15 a.m.6 views

CVE-2025-30190

Malicious content at office documents can be used to inject script code when editing a document. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Please deploy the provided updates and patch releases. No publicly available...

5.4CVSS0.00158EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/27 9:23 a.m.11 views

CVE-2025-59026

Malicious content uploaded as file can be used to execute script code when following attacker-controlled links. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Please deploy the provided updates and patch releases. No public...

5.4CVSS0.00158EPSS
Exploits0References1
CVE
CVE
added 2025/11/27 9:23 a.m.16 views

CVE-2025-30190

CVE-2025-30190 affects Open-Xchange OX App Suite. Malicious content in office documents can inject script code during document editing, executing unintended actions in the user’s context and potentially exfiltrating sensitive data. No public exploits are known. Root cause involves script injectio...

5.4CVSS6.6AI score0.00158EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/27 9:23 a.m.10 views

CVE-2025-30186

Malicious content uploaded as file can be used to execute script code when following attacker-controlled links. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Please deploy the provided updates and patch releases. No public...

5.4CVSS0.00158EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/27 12:0 a.m.9 views

PT-2025-48256

Malicious content at office documents can be used to inject script code when editing a document. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Please deploy the provided updates and patch releases. No publicly available...

5.4CVSS7AI score0.00158EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/27 12:0 a.m.8 views

PT-2025-48258

Malicious content uploaded as file can be used to execute script code when following attacker-controlled links. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Please deploy the provided updates and patch releases. No public...

5.4CVSS7.2AI score0.00158EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/12 9:25 p.m.16 views

CVE-2025-64345 Wasmtime provides unsound API access to a WebAssembly shared linear memory

Wasmtime is a runtime for WebAssembly. Prior to version 38.0.4, 37.0.3, 36.0.3, and 24.0.5, Wasmtime's Rust embedder API contains an unsound interaction where a WebAssembly shared linear memory could be viewed as a type which provides safe access to the host Rust to the contents of the linear...

1.8CVSS0.00107EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/10/31 8:54 a.m.10 views

CVE-2025-30188

Malicious or unintentional API requests can be used to add significant amount of data to caches. Caches may evict information that is required to operate the web frontend, which leads to unavailability of the component. Please deploy the provided updates and patch releases. No publicly available...

7.5CVSS0.00338EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/08 2:55 p.m.5 views

EUVD-2025-33305

Synapse is an open source Matrix homeserver implementation. Lack of validation for device keys in Synapse before 1.138.3 and in Synapse 1.139.0 allow an attacker registered on the victim homeserver to degrade federation functionality, unpredictably breaking outbound federation to other homeserver...

5.3CVSS6.4AI score0.00434EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-46198

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00785EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-20705

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00575EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-46195

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00528EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-20711

Malicious code in bioql PyPI...

6.1CVSS6.6AI score0.00531EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-46200

Malicious code in bioql PyPI...

5.4CVSS5.8AI score0.00475EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-31727

Malicious code in bioql PyPI...

5.9CVSS6.2AI score0.02093EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2025/09/26 1:2 p.m.7 views

Rancher sends sensitive information to external services through the `/meta/proxy` endpoint

Impact A vulnerability has been identified within Rancher Manager whereby Impersonate-Extra- headers are being sent to an external entity, for example amazonaws.com, via the /meta/proxy Rancher endpoint. These headers may contain identifiable and/or sensitive information e.g. email addresses. If...

4.7CVSS7AI score0.00334EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2025/09/10 8:13 p.m.13 views

CVE-2025-59052 Angular SSR: Global Platform Injector Race Condition Leads to Cross-Request Data Leakage

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Angular uses a DI container the "platform injector" to hold request-specific state during server-side rendering. For historical reasons, the container was stored as ...

7.1CVSS0.00326EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/09/10 12:0 a.m.10 views

PT-2025-37099

Name of the Vulnerable Software and Affected Versions: Angular versions 18.2.14 through 18.2.21 Angular versions 19.2.15 through 19.2.16 Angular versions 20.3.0 Angular versions 21.0.0-next.3 Description: Angular uses a DI container to hold request-specific state during server-side rendering. Due...

7.1CVSS6.4AI score0.00326EPSS
Exploits1References11
OSV
OSV
added 2025/08/28 4:46 p.m.8 views

GHSA-VXG3-W9RV-RHR2 Contrast leaks workload secrets to logs on INFO level

This is the same vulnerability as https://github.com/edgelesssys/contrast/security/advisories/GHSA-h5f8-crrq-4pw8. The original vulnerability had been fixed for release v1.8.1, but the fix was not ported to the main branch and thus not present in releases v1.9.0 ff. Below is a brief repetition of...

7.3CVSS6.8AI score
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/08/08 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2025-53901

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.4, 33.0.2, and 34.0.2, a bug in Wasmtime's implementation of the WASIp1 set of import functions ca...

3.5CVSS5.6AI score0.00299EPSS
Exploits0References3
Rows per page
Query Builder