Lucene search
K

211 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.18 views

EUVD-2023-0383

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.01553EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/26 2:23 p.m.8 views

Security Bulletin: Multiple vulnerabilities in IBM Aspera HTTP Gateway

Summary Multiple vulnerabilities were addressed in IBM Aspera HTTP Gateway version 2.3.2. Vulnerability Details CVEID:CVE-2025-36274 DESCRIPTION: IBM Aspera HTTP Gateway stores sensitive information in clear text in easily obtainable files which can be read by an unauthenticated user. CWE:CWE-312...

7.5CVSS6.5AI score0.00856EPSS
Exploits2Affected Software5
F5 Networks
F5 Networks
added 2025/09/24 3:21 p.m.10 views

K000156606: libxml2 vulnerability CVE-2025-27113

Security Advisory Description libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c. CVE-2025-27113 Impact This vulnerability allows an attacker to cause a denial-of-service DoS on the system. Security Advisory Status F5 Product Development has...

7.5CVSS6.8AI score0.01018EPSS
Exploits1Affected Software1
CNNVD
CNNVD
added 2025/08/27 12:0 a.m.3 views

PCRE2 安全漏洞

PCRE2 is a set of C functions open-sourced by PCRE2Project. Uses the same syntax and semantics as Perl5 for regular expression pattern matching. A security vulnerability exists in PCRE2 version 10.45, which stems from the processing of scs:... and ACCEPT with a heap buffer overflow read, which...

9.1CVSS6.6AI score0.00693EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2019-20454

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode...

7.5CVSS6.6AI score0.01561EPSS
Exploits1References2
Packet Storm News
Packet Storm News
added 2025/06/18 12:0 a.m.3 views

ETrace:Event-Driven Vulnerability Detection in Smart Contracts Via LLM-Based Trace Analysis

With the advance application of blockchain technology in various fields, ensuring the security and stability of smart contracts has emerged as a critical challenge. Current security analysis methodologies in vulnerability detection can be categorized into static analysis and dynamic analysis...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 7:11 p.m.8 views

CVE-2021-21626

Jenkins Warnings Next Generation Plugin 8.4.4 and earlier does not perform a permission check in methods implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match...

4.3CVSS6.6AI score0.00857EPSS
Exploits0References1
Veracode
Veracode
added 2025/05/08 1:24 p.m.11 views

Directory Traversal

Vite is vulnerable to Directory Traversal. The vulnerability is due to access control bypass due to insufficient enforcement of file access restrictions when using pattern-matching with dot-slash /. in network-exposed development servers...

6CVSS6.7AI score0.01077EPSS
Exploits1References2Affected Software1
Packet Storm News
Packet Storm News
added 2025/04/28 12:0 a.m.6 views

The Automation Advantage in AI Red Teaming

This paper analyzes Large Language Model LLM security vulnerabilities based on data from Crucible, encompassing 214,271 attack attempts by 1,674 users across 30 LLM challenges. Our findings reveal automated approaches significantly outperform manual techniques 69.5% vs 47.6% success rate, despite...

7.2AI score
Exploits0
OSV
OSV
added 2025/04/18 1:49 p.m.3 views

OESA-2025-1427 golang security update

. Security Fixes: Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied.CVE-2025-22870...

4.4CVSS6.9AI score0.00384EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2025/03/12 7:15 p.m.4 views

CVE-2025-22870

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

4.4CVSS6.7AI score0.00384EPSS
Exploits2References5Affected Software1
OSV
OSV
added 2025/03/12 7:15 p.m.4 views

UBUNTU-CVE-2025-22870

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

4.4CVSS6.7AI score0.00384EPSS
Exploits2References5
OSV
OSV
added 2025/03/05 11:1 p.m.4 views

CLSA-2025-1741215702 libxml2: Fix of CVE-2025-27113

CVE-2025-27113: fix NULL pointer dereference in xmlPatMatch in pattern.c...

7.5CVSS6.7AI score0.01018EPSS
Exploits1References1
SUSE Linux
SUSE Linux
added 2025/02/28 4:11 p.m.2 views

Security update for libxml2

This update for libxml2 fixes the following issues: CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c bsc1237363. CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c bsc1237370. CVE-2025-27113: NULL pointer...

7.3CVSS8AI score0.0113EPSS
Exploits1References12
OSV
OSV
added 2025/02/28 3:34 p.m.2 views

OESA-2025-1225 libxml2 security update

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

9.8CVSS7.4AI score0.0113EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2025/01/27 1:43 a.m.3 views

redis: Denial-of-service due to unbounded pattern matching in Redis

A flaw was found in Redis. This flaw allows authenticated users to trigger a denial of service by using specially crafted, long string match patterns on supported commands such as KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST, and ACL definitions. Matching of extremely long patterns may...

6.5CVSS7.4AI score0.01009EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/01/23 12:0 a.m.33 views

AlmaLinux 8 : redis:6 (ALSA-2025:0595)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:0595 advisory. redis: Integer overflow in the Redis HRANDFIELD and ZRANDMEMBER commands may lead to denial-of-service CVE-2023-22458 redis: Integer overflow in the Redis...

9.8CVSS8.4AI score0.69355EPSS
Exploits4References12
RedHat Linux
RedHat Linux
added 2025/01/22 10:42 a.m.2 views

redis: Denial-of-service due to unbounded pattern matching in Redis

A flaw was found in Redis. This flaw allows authenticated users to trigger a denial of service by using specially crafted, long string match patterns on supported commands such as KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST, and ACL definitions. Matching of extremely long patterns may...

6.5CVSS7.4AI score0.01009EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/12/05 9:45 p.m.3 views

redis: Denial-of-service due to unbounded pattern matching in Redis

A flaw was found in Redis. This flaw allows authenticated users to trigger a denial of service by using specially crafted, long string match patterns on supported commands such as KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST, and ACL definitions. Matching of extremely long patterns may...

6.5CVSS7.4AI score0.01009EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2024/11/14 12:0 a.m.18 views

Fedora 41 : valkey (2024-e717420659)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-e717420659 advisory. update to 8.0.1 fixes CVE-2024-31449 Lua library commands may lead to stack overflow and potential RCE. CVE-2024-31227 Potential Denial-of-service d...

8.8CVSS7.2AI score0.04488EPSS
Exploits1References4
Rows per page
Query Builder