Lucene search
K

181 matches found

CNNVD
CNNVD
added 2025/12/01 12:0 a.m.6 views

Shirt Pocket SuperDuper! 安全漏洞

Shirt Pocket SuperDuper! is a data backup, disk cloning and recovery tool for macOS from Shirt Pocket. A security vulnerability exists in Shirt Pocket SuperDuper! version 3.10 and earlier, which originates from a local attacker who can modify the default task template to execute arbitrary preflig...

8.4CVSS6.9AI score0.00116EPSS
Exploits1References4
OSV
OSV
added 2025/10/11 1:19 p.m.3 views

OESA-2025-2361 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. %if 0 %global mozdebugprefix /lib/debug %global mozdebugdir /lib/debug/ %global unamem %uname -m %global symbolsfilename -.en-US.-%uname.crashreporter-symbols.zip %global symbolsfilepath...

9.8CVSS7.4AI score0.00687EPSS
Exploits0References14
OSV
OSV
added 2025/10/11 1:19 p.m.2 views

OESA-2025-2360 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. %if 0 %global mozdebugprefix /lib/debug %global mozdebugdir /lib/debug/ %global unamem %uname -m %global symbolsfilename -.en-US.-%uname.crashreporter-symbols.zip %global symbolsfilepath...

9.8CVSS7.4AI score0.00687EPSS
Exploits0References14
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2013-1670

Malware in sbrugna...

6.8CVSS6.1AI score0.00491EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2025-22369

Malicious code in bioql PyPI...

8.1CVSS6.2AI score0.00417EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-29518

Malicious code in bioql PyPI...

7.5CVSS6.4AI score0.00572EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/26 2:23 p.m.8 views

Security Bulletin: Multiple vulnerabilities in IBM Aspera HTTP Gateway

Summary Multiple vulnerabilities were addressed in IBM Aspera HTTP Gateway version 2.3.2. Vulnerability Details CVEID:CVE-2025-36274 DESCRIPTION: IBM Aspera HTTP Gateway stores sensitive information in clear text in easily obtainable files which can be read by an unauthenticated user. CWE:CWE-312...

7.5CVSS6.5AI score0.00856EPSS
Exploits2Affected Software5
Tenable Nessus
Tenable Nessus
added 2025/09/03 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2023-34049

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an...

6.7CVSS7AI score0.00187EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2020-5397

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC spring-webmvc module or...

5.3CVSS6.4AI score0.02382EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/22 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-47908

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers ACRH heade...

7.5CVSS6.8AI score0.00572EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/09 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-8036

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability was fixed in Firef...

8.1CVSS7.5AI score0.00417EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/08/08 2:38 p.m.14 views

OpenBao Userpass and LDAP User Lockout Bypass

Impact Attackers could bypass the automatic user lockout mechanisms in the OpenBao Userpass or LDAP auth systems. This was caused by different aliasing between pre-flight and full login request user entity alias attributions. Patches OpenBao v2.3.2 will patch this issue. Workarounds Existing user...

5.3CVSS6.2AI score0.00211EPSS
Exploits0References6Affected Software1
SUSE CVE
SUSE CVE
added 2025/08/07 11:22 p.m.7 views

SUSE CVE-2025-47908

Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers ACRH header whose value contains many commas. This behavior can be abused by attackers to produce undue load on the middleware/server as an attempt...

5.3CVSS6.8AI score0.00572EPSS
Exploits0References7
OSV
OSV
added 2025/08/06 9:31 p.m.4 views

GHSA-VH9X-PHQ6-FX54 Duplicate Advisory: Denial of service via malicious preflight requests in github.com/rs/cors

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mh55-gqvf-xfwm. This link is maintained to preserve external references. Original Description Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include ...

6.9CVSS6.2AI score0.00572EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/08/06 9:31 p.m.9 views

Duplicate Advisory: Denial of service via malicious preflight requests in github.com/rs/cors

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mh55-gqvf-xfwm. This link is maintained to preserve external references. Original Description Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include ...

7.5CVSS6.2AI score0.00572EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/08/06 9:15 p.m.3 views

UBUNTU-CVE-2025-47908

Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers ACRH header whose value contains many commas. This behavior can be abused by attackers to produce undue load on the middleware/server as an attempt...

7.5CVSS6.6AI score0.00572EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/08/06 8:41 p.m.5 views

CVE-2025-47908 Denial of service via malicious preflight requests in github.com/rs/cors

Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers ACRH header whose value contains many commas. This behavior can be abused by attackers to produce undue load on the middleware/server as an attempt...

6.3AI score0.00572EPSS
Exploits0References3
OSV
OSV
added 2025/08/06 8:41 p.m.4 views

CVE-2025-47908 Denial of service via malicious preflight requests in github.com/rs/cors

Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers ACRH header whose value contains many commas. This behavior can be abused by attackers to produce undue load on the middleware/server as an attempt...

7.5CVSS6.9AI score0.00572EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2025/08/06 8:41 p.m.6 views

CVE-2025-47908

Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers ACRH header whose value contains many commas. This behavior can be abused by attackers to produce undue load on the middleware/server as an attempt...

7.5CVSS7AI score0.00572EPSS
Exploits0
CNNVD
CNNVD
added 2025/08/06 12:0 a.m.7 views

Go CORS handler 安全漏洞

Go CORS handler is a configurable handler for handling CORS requests by the individual developer Olivier Poitrey. A security vulnerability exists in Go CORS handler that stems from a potential over-allocation of heap when handling malicious preflight requests, which could lead to a denial of...

7.5CVSS6.3AI score0.00572EPSS
Exploits0References3
Rows per page
Query Builder