Lucene search
K

207 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2024-43802

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but does not...

4.5CVSS5.6AI score0.00296EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/03/04 4:43 p.m.28 views

IDOR Vulnerabilities in ZITADEL's Admin API that Primarily Impact LDAP Configurations

Summary ZITADEL's Admin API contains Insecure Direct Object Reference IDOR vulnerabilities that allow authenticated users, without specific IAM roles, to modify sensitive settings. While several endpoints are affected, the most critical vulnerability lies in the ability to manipulate LDAP...

9CVSS7.1AI score0.00584EPSS
Exploits0References14Affected Software2
OSV
OSV
added 2025/02/27 4:15 p.m.7 views

CVE-2025-1741

A vulnerability classified as problematic was found in b1gMail up to 7.4.1-pl1. Affected by this vulnerability is an unknown functionality of the file src/admin/users.php of the component Admin Page. The manipulation of the argument query/q leads to deserialization. The attack can be launched...

5.1CVSS7AI score
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/02/05 7:38 p.m.14 views

CVE-2022-39344

Azure RTOS USBX is a USB host, device, and on-the-go OTG embedded stack, that is fully integrated with Azure RTOS ThreadX. Prior to version 6.1.12, the USB DFU UPLOAD functionality may be utilized to introduce a buffer overflow resulting in overwrite of memory contents. In particular cases this m...

9.8CVSS8AI score0.01936EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 7:34 p.m.8 views

CVE-2022-39268

Impact In a CSRF attack, an innocent end user is tricked by an attacker into submitting a web request that they did not intend. This may cause actions to be performed on the website that can include inadvertent client or server data leakage, change of session state, or manipulation of an end user...

8.1CVSS6.4AI score0.00382EPSS
Exploits0References1
CVE
CVE
added 2025/02/04 8:53 p.m.73 views

CVE-2025-22601

CVE-2025-22601 affects Discourse via the activate-account route; a crafted link could cause a target user to modify their own username. The issue is tied to a client-side path traversal in affected Discourse releases. According to sources, the vulnerability has been patched in the latest Discours...

3.1CVSS3.9AI score0.00357EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/01/03 9:31 p.m.69 views

CVE-2024-13129 Roxy-WI roxy.py action_service os command injection

A vulnerability was found in Roxy-WI up to 8.1.3. It has been declared as critical. Affected by this vulnerability is the function actionservice of the file app/modules/roxywi/roxy.py. The manipulation of the argument action/service leads to os command injection. The attack can be launched...

9CVSS0.17797EPSS
Exploits0References8
Cvelist
Cvelist
added 2024/12/20 7:52 p.m.28 views

CVE-2024-56333 Remote code execution in onyxia-api

Onyxia is a web app that aims at being the glue between multiple open source backend technologies to provide a state of art working environment for data scientists. This critical vulnerability allows authenticated users to remotely execute code within the Onyxia-API, leading to potential...

9.4CVSS0.00623EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/12/12 12:0 a.m.9 views

PT-2024-37029

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74 Description The issue is related to the net: mscc: ocelot: fix incorrect IFH SRC PORT field in ocelot ifh set basic function. Packets injected by the CPU should have a SRC PORT field equal to the CPU port...

5.5CVSS5.5AI score0.00202EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/10/23 12:0 a.m.7 views

PT-2024-33663 · Frappe +1 · Press

Name of the Vulnerable Software and Affected Versions: Press versions prior to commit 5d118a902872d7941f099ad1fb918e2421e79ccd Description: The issue allows a user to inject HTML through SaaS signup inputs, which could affect the user themselves but not other users. Recommendations: For versions...

5.1CVSS7.2AI score0.00479EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2024/10/17 2:48 a.m.5 views

SUSE CVE-2024-47887

Action Pack is a framework for handling and responding to web requests. Starting in version 4.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. For applications using HTTP Token authenticatio...

5.9CVSS8.8AI score0.01048EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/09/10 12:0 a.m.5 views

PT-2024-7991 · Progress · Progress Telerik Reporting

Name of the Vulnerable Software and Affected Versions: Progress Telerik Reporting versions prior to 2024 Q3 18.2.24.924 Description: The issue is related to the insecure type resolution vulnerability in Progress Telerik Reporting, allowing for object injection and potentially enabling a remote...

9CVSS8.2AI score0.00602EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2024/09/10 12:0 a.m.4 views

PT-2024-6304 · Ivanti · Ivanti Cloud Services Appliance

The vulnerable software is Ivanti Cloud Services Appliance, specifically versions 4.6 Patch 518 and earlier. An OS command injection vulnerability in these versions allows a remote authenticated attacker to obtain remote code execution, but the attacker must have admin level privileges to exploit...

9CVSS8.4AI score0.88955EPSS
Exploits2References205
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/06 8:28 a.m.25 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2023-50313)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

7.5CVSS6.6AI score0.00792EPSS
Exploits0Affected Software1
OSV
OSV
added 2024/09/02 6:15 p.m.2 views

UBUNTU-CVE-2024-45306

Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. Back then we assumed this loop ...

5.5CVSS6.1AI score0.00298EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/05/13 12:0 a.m.4 views

PT-2024-13957 · Nocodb · Nocodb

Name of the Vulnerable Software and Affected Versions: NocoDB versions 0.202.6 through 0.202.9 Description: The issue allows an attacker to upload a html file with malicious content. If a user tries to open that file in a browser, malicious scripts can be executed, leading to a stored cross-site...

5.7CVSS6.5AI score0.00574EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2024/03/28 12:0 a.m.4 views

PT-2024-23613 · Unknown · Zephyr Rtos

Name of the Vulnerable Software and Affected Versions: Zephyr RTOS versions prior to 3.6 Description: The issue allows a malicious BLE device to crash a BLE victim device by sending a malformed gatt packet. This can be exploited for local attacks. Network segmentation can help mitigate the risk...

6.8CVSS7.1AI score0.00469EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2024/03/11 12:0 a.m.5 views

PT-2024-2215

Name of the Vulnerable Software and Affected Versions Spring Security versions 5.7.x prior to 5.7.12 Spring Security versions 5.8.x prior to 5.8.11 Spring Security versions 6.0.x prior to 6.0.9 Spring Security versions 6.1.x prior to 6.1.8 Spring Security versions 6.2.x prior to 6.2.3 Bitbucket...

8.5CVSS6.8AI score0.00948EPSS
Exploits0References48
Positive Technologies
Positive Technologies
added 2023/12/22 12:0 a.m.4 views

PT-2023-31352

Name of the Vulnerable Software and Affected Versions Nextcloud iOS Files app versions prior to 4.9.2 Description The issue affects the Nextcloud iOS Files app, which is used to interact with the Nextcloud self-hosted productivity platform. It allows the application to be used without providing t...

4.3CVSS4.6AI score0.00288EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2023/12/18 3:15 p.m.8 views

CVE-2023-6817

A use-after-free vulnerability in the Linux kernel's netfilter: nftables component can be exploited to achieve local privilege escalation. The function nftpipapowalk did not skip inactive elements during set walk which could lead double deactivations of PIPAPO Pile Packet Policies elements, leadi...

7.8CVSS6AI score0.00334EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder