Lucene search
K

23 matches found

RedhatCVE
RedhatCVE
added 2025/07/04 2:22 p.m.10 views

CVE-2025-34072

A data exfiltration vulnerability exists in Anthropic’s deprecated Slack Model Context Protocol MCP Server via automatic link unfurling. When an AI agent using the Slack MCP Server processes untrusted data, it can be manipulated to generate messages containing attacker-crafted hyperlinks embeddin...

9.3CVSS6.3AI score0.00371EPSS
Exploits0References1
CVE
CVE
added 2025/07/02 1:46 p.m.25 views

CVE-2025-34072

CVE-2025-34072 : A data exfiltration vulnerability affects Anthropic’s deprecated Slack Model Context Protocol (MCP) Server. When an AI agent processes untrusted data, attacker-crafted hyperlinks embedded in messages can be revealed by Slack link preview bots (Slack-LinkExpanding, Slackbot, Slack...

9.3CVSS6.5AI score0.00371EPSS
Exploits0References2
Snyk
Snyk
added 2025/04/01 9:30 a.m.3 views

Private Data Structure Returned From A Public Method

Overview Affected versions of this package are vulnerable to Private Data Structure Returned From A Public Method. When a user accesses an externally referenced image, the provider of the image may obtain private information about the IP address of that accessing user. Remediation Upgrade...

6.5CVSS6.7AI score0.00872EPSS
Exploits0References2
NVD
NVD
added 2025/04/01 8:15 a.m.32 views

CVE-2025-29868

Private Data Structure Returned From A Public Method vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.2. If a user uses an externally referenced image, when a user accesses this image, the provider of the image may obtain private information about the ip address of th...

6.5CVSS0.00872EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/03/08 7:36 p.m.11 views

CVE-2025-27600

FastGPT is a knowledge-based platform built on the LLMs. Since the web crawling plug-in does not perform intranet IP verification, an attacker can initiate an intranet IP request, causing the system to initiate a request through the intranet and potentially obtain some private data on the intrane...

6.9CVSS6.6AI score0.00254EPSS
Exploits0References1
Amazon
Amazon
added 2024/07/22 12:0 a.m.3 views

Medium: edk2

Issue Overview: Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected applicati...

9.1CVSS7AI score0.05582EPSS
Exploits1
OSV
OSV
added 2024/01/31 2:15 p.m.1 views

DEBIAN-CVE-2023-5992

A vulnerability was found in OpenSC where PKCS1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data...

5.9CVSS6.3AI score0.01156EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2023/02/15 4:50 a.m.6 views

SUSE CVE-2017-5188

The bsworker code in open build service before 20170320 followed relative symlinks, allowing reading of files outside of the package source directory during build, allowing leakage of private information...

7.5CVSS7.2AI score0.01167EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:26 a.m.4 views

SUSE CVE-2018-12366

An invalid grid size during QCMS color profile transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability affects Thunderbird 60, Thunderbird 52.9, Firefox ESR 60.1, Firefox ESR 52.9, and Firefox 61...

5.3CVSS9AI score0.03158EPSS
Exploits0References18
OSV
OSV
added 2021/06/02 7:35 p.m.5 views

USN-4978-1 firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, re-enable camera devices without an additional permission prompt, spoof the browser UI, or execute...

8.8CVSS7.1AI score0.01368EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2019/05/14 7:11 p.m.4 views

hardware: Microarchitectural Store Buffer Data Sampling (MSBDS)

Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA STore Address and STD STore Data sub-operations. These sub-operations allow the processor to hand-off address generation...

5.6CVSS6.9AI score0.01497EPSS
Exploits0References6
OSV
OSV
added 2018/11/26 8:29 p.m.5 views

UBUNTU-CVE-2018-19565

A buffer over-read in cropmaskedpixels in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information...

7.1CVSS6.8AI score0.01075EPSS
Exploits0References4
Prion
Prion
added 2018/10/18 1:29 p.m.25 views

Out-of-bounds

An invalid grid size during QCMS color profile transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability affects Thunderbird 60, Thunderbird 52.9, Firefox ESR 60.1, Firefox ESR 52.9, and Firefox 61...

4.3CVSS6.9AI score0.03158EPSS
Exploits0References20Affected Software11
Debian CVE
Debian CVE
added 2018/10/18 1:0 p.m.45 views

CVE-2018-12366

An invalid grid size during QCMS color profile transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability affects Thunderbird 60, Thunderbird 52.9, Firefox ESR 60.1, Firefox ESR 52.9, and Firefox 61...

6.5CVSS8.4AI score0.03158EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2018/07/24 9:40 p.m.7 views

Mozilla: Invalid data handling during QCMS transformations

An invalid grid size during QCMS color profile transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability affects Thunderbird 60, Thunderbird 52.9, Firefox ESR 60.1, Firefox ESR 52.9, and Firefox 61...

6.5CVSS7.3AI score0.03158EPSS
Exploits0References5
Packet Storm
Packet Storm
added 2016/06/22 12:0 a.m.70 views

SAP NetWeaver AS JAVA 7.5 Information Disclosure

Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bug: information disclosure Sent: 04.12.2015 Reported: 05.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 08.03.2016 Reference: SAP Security Note 2255990 Author: Vahagn...

5CVSS5.4AI score0.02413EPSS
Exploits1
Packet Storm
Packet Storm
added 2016/06/22 12:0 a.m.45 views

SAP NetWeaver AS JAVA 7.5 Cross Site Scripting

Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bugs: XSS Sent: 29.09.2015 Reported: 30.09.2015 Vendor response: 30.09.2015 Date of Public Advisory: 08.03.2016 Reference: SAP Security Note 2238765 Author: Vahagn Vardanyan ERPScan...

0.3AI score
Exploits0
erpscan
erpscan
added 2015/04/12 12:0 a.m.153 views

SAP NetWeaver Java AS WD_CHAT - Information disclosure vulnerability

Application: SAP NetWeaver Versions Affected: SAP NetWeaver 7.1 – 7.5 Vendor URL: SAP Bugs: Information disclosure Reported: 04.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 08.03.2016 Reference: SAP Security Note 2255990 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION...

5CVSS0.1AI score0.02413EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2011/12/13 12:0 a.m.42 views

SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7713)

Mozilla Firefox was updated to version 3.6.20. It fixes bugs and security issues. Following security issues were fixed: Mozilla Foundation Security Advisory 2011-30 - MFSA 2011-30 - Miscellaneous memory safety hazards Mozilla developers and community members identified and fixed several memory...

10CVSS8.4AI score0.05556EPSS
Exploits5References15
Tenable Nessus
Tenable Nessus
added 2011/08/17 12:0 a.m.35 views

RHEL 4 : seamonkey (RHSA-2011:1167)

The remote Redhat Enterprise Linux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2011:1167 advisory. SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the...

10CVSS8.5AI score0.05263EPSS
Exploits1References7
Rows per page
Query Builder