Lucene search
K

405 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2021-7678

Malicious code in bioql PyPI...

3.3CVSS6.7AI score0.00255EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2022-3720

Malicious code in bioql PyPI...

5.8CVSS8AI score0.87264EPSS
Exploits14References361
AlmaLinux
AlmaLinux
added 2025/09/29 12:0 a.m.10 views

Moderate: kernel-rt security update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: nfsd: don't ignore the return code of svcprocregister CVE-2025-22026 kernel: netsched: hfsc: Fix a UAF vulnerability in class...

7.8CVSS8.8AI score0.00178EPSS
Exploits0References10
OSV
OSV
added 2025/09/01 2:4 p.m.3 views

SUSE-SU-2025:02993-1 Security update for jetty-minimal

This update for jetty-minimal fixes the following issues: Upgraded to version 9.4.58.v20250814: - CVE-2025-5115: Fixed MadeYouReset DoS attack via HTTP/2 protocol including DNS over HTTPS bsc1244252...

7.7CVSS6.7AI score0.01567EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/08/29 12:0 a.m.5 views

ntpd-rs 安全漏洞

ntpd-rs is a Project Pendulum open source tool for synchronizing computer clocks with the NTP and NTS protocols. A security vulnerability exists in ntpd-rs versions 1.2.0 through 1.6.1, which stems from allowing non-NTS traffic and could lead to a denial of service attack...

5.3CVSS6.2AI score0.00313EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2025/08/25 1:46 p.m.4 views

Security update for tomcat11

This update for tomcat11 fixes the following issues: Updated to Tomcat 11.0.9 - CVE-2025-52520: Fixed integer overflow can lead to DoS for some unlikely configurations of multipart upload bsc1246388 - CVE-2025-53506: Fixed uncontrolled resource HTTP/2 client consumption vulnerability bsc1246318...

9.1CVSS8.2AI score0.03163EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2025/08/22 12:0 a.m.6 views

PT-2025-34462 · Reolink · Reolink Smart 2K+ Plug-In Wi-Fi Video Doorbell

Name of the Vulnerable Software and Affected Versions: Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime version 3.0.0.4662 2503122283 Description: An incorrect access control issue exists in the RTMP server settings. This allows attackers to cause a Denial of Service DoS by initiating a...

7.5CVSS7.2AI score0.00481EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2017-15407

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out-of-bounds Write in the QUIC networking stack in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to gain code execution via a malicious server...

8.8CVSS8.6AI score0.02427EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/14 12:0 a.m.5 views

EulerOS 2.0 SP13 : ppp (EulerOS-SA-2025-1983)

According to the versions of the ppp package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The passprompt plugin in pppd in ppp before 2.5.2 mishandles privileges.CVE-2024-58250 Tenable has extracted the preceding description block directly...

9.3CVSS5.5AI score0.00196EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/14 12:0 a.m.13 views

F5 Networks BIG-IP : HTTP/2 vulnerability (K000152001)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10.8 / 16.1.6.1 / 17.1.3 / 17.5.1.2. It is, therefore, affected by a vulnerability as referenced in the K000152001 advisory. An HTTP/2 implementation flaw allows a denial-of-service DoS that uses malformed HTTP/2...

6.9CVSS6.1AI score0.00458EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/12 5:10 p.m.68 views

CVE-2025-53778 Windows NTLM Elevation of Privilege Vulnerability

...

8.8CVSS0.36074EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/08/01 12:0 a.m.7 views

The vulnerability of the BCH Handler component in the End-of-Train and Head-of-Train protocols allows a attacker to trigger a service failure.

The vulnerability of the BCH Handler component in the End-of-Train and Head-of-Train protocols relates to the bypassing of authentication processes. Exploiting this vulnerability can allow a malicious actor to cause service failures...

9.4CVSS8AI score0.0053EPSS
Exploits0References3
NVD
NVD
added 2025/07/17 8:15 p.m.6 views

CVE-2025-2818

A vulnerability was reported in version 1.0 of the Bluetooth Transmission Alliance protocol adopted by Motorola Smart Connect Android Application that could allow a nearby attacker within the Bluetooth interaction range to intercept files when transferred to a device not paired in Smart Connect...

5.1CVSS0.00112EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/07/17 7:17 p.m.10 views

CVE-2025-2818

A vulnerability was reported in version 1.0 of the Bluetooth Transmission Alliance protocol adopted by Motorola Smart Connect Android Application that could allow a nearby attacker within the Bluetooth interaction range to intercept files when transferred to a device not paired in Smart Connect...

5.1CVSS0.00112EPSS
Exploits0References2
NVD
NVD
added 2025/07/12 5:15 p.m.7 views

CVE-2024-41169

The attacker can use the raft server protocol in an unauthenticated way. The attacker can see the server's resources, including directories and files. This issue affects Apache Zeppelin: from 0.10.1 up to 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue by removin...

7.5CVSS0.00564EPSS
Exploits0References4
NVD
NVD
added 2025/07/11 4:15 p.m.8 views

CVE-2025-52984

A NULL Pointer Dereference vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause impact to the availability of the device. When static route points to a reject next hop and a gNMI query is...

8.2CVSS0.00388EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/24 7:53 p.m.9 views

CVE-2025-52471 ESP-NOW Integer Underflow Vulnerability Advisory

ESF-IDF is the Espressif Internet of Things IOT Development Framework. An integer underflow vulnerability has been identified in the ESP-NOW protocol implementation within the ESP Wi-Fi component of versions 5.4.1, 5.3.3, 5.2.5, and 5.1.6 of the ESP-IDF framework. This issue stems from insufficie...

9.2CVSS0.00741EPSS
Exploits0References7
Rosalinux
Rosalinux
added 2025/06/23 7:13 a.m.54 views

Advisory ROSA-SA-2025-2895

Software: nginx 1.20.1 OS: rosa-server79 packageevrstring: nginx-1.20.1-22.res7.2 CVE-ID: CVE-2021-3618 BDU-ID: 2022-00351 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the vsftpd FTP server is related to a lack of protection for transmitted data. Exploitation of the vulnerability could allow an...

7.8CVSS7.9AI score0.99999EPSS
Exploits19
Cvelist
Cvelist
added 2025/06/12 7:59 a.m.16 views

CVE-2025-5301 Reflected Cross-Site Scripting in ONLYOFFICE Docs (DocumentServer)

ONLYOFFICE Docs DocumentServer in versions equal and below 8.3.1 are affected by a reflected cross-site scripting XSS issue when opening files via the WOPI protocol. Attackers could inject malicious scripts via crafted HTTP POST requests, which are then reflected in the server's HTML response...

0.36306EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2025/06/03 6:9 a.m.8 views

quic-go Has Panic in Path Probe Loss Recovery Handling

Impact The loss recovery logic for path probe packets that was added in the v0.50.0 release can be used to trigger a nil-pointer dereference by a malicious QUIC client. In order to do so, the attacker first sends valid QUIC packets from different remote addresses thereby triggering the newly adde...

7.5CVSS6.7AI score0.00402EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder