CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

92 matches found

Microsoft CVE•added 2025/03/25 7:0 a.m.•2 views

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.

...

7.8CVSS7AI score0.00087EPSS

Exploits1

OSV•added 2025/03/14 2:15 a.m.•0 views

UBUNTU-CVE-2025-24855

7.8CVSS6.9AI score0.00087EPSS

Exploits1References4

Github Security Blog•added 2025/02/20 8:24 p.m.•6 views

Namada-apps allows Post-Genesis Validator Bypass

Impact Ledger crash. A user is able to initialize a post-genesis validator with a negative commission rate using the --force flag. If this validator gets into the consensus set, then when computing PoS inflation inside fn updaterewardsproductsandmintinflation, an instance of mulfloor will cause t...

7AI score

Exploits0References2Affected Software1

Github Security Blog•added 2025/02/14 5:19 p.m.•15 views

`gh attestation verify` returns incorrect exit code during verification if no attestations are present

Summary A bug in GitHub's Artifact Attestation CLI tool, gh attestation verify, may return an incorrect zero exit status when no matching attestations are found for the specified --predicate-type or the default https://slsa.dev/provenance/v1 if not specified. This issue only arises if an artifact...

6.3CVSS7AI score0.00213EPSS

Exploits0References5Affected Software1

OSV•added 2025/02/14 5:19 p.m.•8 views

GHSA-FGW4-V983-MGP8 `gh attestation verify` returns incorrect exit code during verification if no attestations are present

6.3CVSS6.4AI score0.00213EPSS

Exploits0References5

OSV•added 2024/08/21 3:11 p.m.•15 views

GO-2022-0494 Query predicate bypass in Zalando Skipper in github.com/zalando/skipper

Query predicate bypass in Zalando Skipper in github.com/zalando/skipper...

7.5CVSS7.5AI score0.00173EPSS

Exploits1References5

RedHat Linux•added 2024/04/30 9:57 a.m.•1 views

kernel: arm64: sme: Use STR P to clear FFR context field in streaming SVE mode

In the Linux kernel, the following vulnerability has been resolved: arm64: sme: Use STR P to clear FFR context field in streaming SVE mode The FFR is a predicate register which can vary between 16 and 256 bits in size depending upon the configured vector length. When saving the SVE state in...

6.8AI score0.0003EPSS

Exploits0References5

RedHat Linux•added 2023/11/08 3:38 p.m.•2 views

mariadb: crash when using HAVING with NOT EXIST predicate in an equality

A flaw was found in the MariaDB Server. It contains a segmentation fault via the component, sql/itemsubselect.cc, affecting availability...

7.5CVSS7.3AI score0.00142EPSS

Exploits1References4

SUSE CVE•added 2023/02/15 5:56 a.m.•1 views

SUSE CVE-2010-3836

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service assertion failure and server crash via vectors related to view preparation, pre-evaluation of LIKE predicates, and IN Optimizers...

4CVSS6.5AI score0.0125EPSS

Exploits0References3

SUSE CVE•added 2023/02/15 4:24 a.m.•2 views

SUSE CVE-2018-15863

Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local attackers to crash NULL pointer dereference the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression...

3.3CVSS6.6AI score0.0007EPSS

Exploits0References10

SUSE CVE•added 2023/02/15 4:6 a.m.•2 views

SUSE CVE-2019-19072

A memory leak in the predicateparse function in kernel/trace/traceeventsfilter.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service memory consumption, aka CID-96c5c6e6a5b6...

4.4CVSS6.1AI score0.00099EPSS

Exploits0References3

OSV•added 2022/11/02 2:15 p.m.•2 views

ALPINE-CVE-2022-43253

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via putunweightedpred16fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted video file...

6.5CVSS7.1AI score0.00256EPSS

Exploits1References1

Openbugbounty•added 2022/10/04 12:4 a.m.•11 views

hfsca.org Cross Site Scripting vulnerability OBB-2975811

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Exploits0

RedHat Linux•added 2022/07/28 4:6 p.m.•2 views

mariadb: crash when using HAVING with NOT EXIST predicate in an equality

A flaw was found in the MariaDB Server. It contains a segmentation fault via the component, sql/itemsubselect.cc, affecting availability...

7.5CVSS7.3AI score0.00142EPSS

Exploits1References4

Veracode•added 2022/06/24 3:21 a.m.•24 views

Cross-site Scripting (XSS)

github.com/zalando/skipper is vulnerable to cross-site scripting. The vulnerability exists due to a lack of sanitization allowing an attacker to bypass a query predicate via a maliciously crafted request...

7.5CVSS6.9AI score0.00173EPSS

Exploits1References2Affected Software1

OSV•added 2022/06/24 12:0 a.m.•29 views

GHSA-QX2J-85Q5-FFP8 Query predicate bypass in Zalando Skipper

In Zalando Skipper before 0.13.218, a query predicate could be bypassed via a prepared request...

7.5CVSS7.4AI score0.00173EPSS

Exploits1References5

Github Security Blog•added 2022/06/24 12:0 a.m.•45 views

Query predicate bypass in Zalando Skipper

In Zalando Skipper before 0.13.218, a query predicate could be bypassed via a prepared request...

7.5CVSS7.2AI score0.00173EPSS

Exploits1References5Affected Software1