2262 matches found
GHSA-2GG8-85M5-8R2P Chaos Mesh's Chaos Controller Manager is Missing Authentication for Critical Function
The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster, which provides an API to kill arbitrary processes in any Kubernetes pod, leading to cluster-wide denial of service...
CVE-2025-59358
The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster, which provides an API to kill arbitrary processes in any Kubernetes pod, leading to cluster-wide denial of service...
CVE-2025-59360 OS command injection in Chaos Mesh via the killProcesses mutation
The killProcesses mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster...
CVE-2025-59360
CVE-2025-59360 concerns Chaos Mesh’s Chaos Controller Manager. The killProcesses mutation (and related mutations like cleanIptables/cleanTcs) is reported vulnerable to OS command injection, enabling unauthenticated in-cluster attackers to perform remote code execution across the Kubernetes cluste...
CVE-2025-59358
The CVE-2025-59358 entry is linked to Chaos Mesh: the Chaos Controller Manager exposes a GraphQL debugging server without authentication, reachable across the Kubernetes cluster. This misconfiguration permits an attacker to access an API capable of killing arbitrary processes in any pod, leading ...
CVE-2025-59358 Denial of Service via Unauthorized Access to Chaos Mesh debugging server
The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster, which provides an API to kill arbitrary processes in any Kubernetes pod, leading to cluster-wide denial of service...
PT-2025-37473
Name of the Vulnerable Software and Affected Versions Chaos Mesh versions prior to 2.7.3 Description The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster. This server provides an API that allows attackers to kill...
CVE-2025-52915
K7RKScan.sys 23.0.0.10, part of the K7 Security Anti-Malware suite, allows an admin-privileged user to send crafted IOCTL requests to terminate processes that are protected through a third-party implementation. This is caused by insufficient caller validation in the driver's IOCTL handler, enabli...
Linux Distros Unpatched Vulnerability : CVE-2021-46787
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The AMS module has a vulnerability of improper permission control.Successful exploitation of this vulnerability may cause non-system application processes to...
CVE-2025-52915
K7RKScan.sys 23.0.0.10, part of the K7 Security Anti-Malware suite, allows an admin-privileged user to send crafted IOCTL requests to terminate processes that are protected through a third-party implementation. This is caused by insufficient caller validation in the driver's IOCTL handler, enabli...
CVE-2025-52915
CVE-2025-52915 affects K7RKScan.sys 23.0.0.10 (K7 Security Anti-Malware). The vulnerability arises from insufficient caller validation in the driver’s IOCTL handler, allowing an admin-privileged user to send crafted IOCTLs to terminate processes protected by a third-party implementation, in kerne...
CVE-2025-58358
Markdownify is a Model Context Protocol server for converting almost anything to Markdown. Versions below 0.0.2 contain a command injection vulnerability, caused by the unsanitized use of input parameters within a call to childprocess.exec, enabling an attacker to inject arbitrary system commands...
atop through 2.11.0 allows local users to cause a denial of service (e.g., assertion failure and application exit) or possibly have unspecified other impact by running certain types of unprivileged processes while a different user runs atop.
...
CVE-2025-29900
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We ha...
TencentOS Server 4: atop (TSSA-2025:0628)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0628 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
CVE-2025-7426
The CVE-2025-7426 entry relates to MINOVA TTA, where the FTP credentials are exposed through the debug port 1604 on the MINOVA TTA service. This allows unauthenticated remote access to an active FTP account and could enable data manipulation or extraction in automated processes (EDI/data integrat...
Linux Distros Unpatched Vulnerability : CVE-2018-6080
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Lack of access control checks in Instrumentation in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to...
Linux Distros Unpatched Vulnerability : CVE-2025-46805
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Screen version 5.0.0 and older version 4 releases have a TOCTOU race potentially allowing to send SIGHUP, SIGCONT to privileged processes when installed...
EulerOS 2.0 SP11 : screen (EulerOS-SA-2025-1942)
According to the versions of the screen package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : For a short time they PTY is set to mode 666, allowing any user on the system to connect to the screen session.CVE-2025-46802 A minor information...
Can Multi-Modal (Reasoning) LLMs Detect Document Manipulation?
Document fraud poses a significant threat to industries reliant on secure and verifiable documentation, necessitating robust detection mechanisms. This study investigates the efficacy of state-of-the-art multi-modal large language models LLMs-including OpenAI O1, OpenAI 4o, Gemini Flash thinking,...