Lucene search
+L

6715 matches found

CNNVD
CNNVD
added 2025/12/09 12:0 a.m.4 views

WordPress plugin Social Reviews Recommendations 跨站脚本漏洞

...

7.2CVSS5.8AI score0.00327EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/05 5:22 a.m.6 views

Security Bulletin: Apache Tomcat Improper Resource Shutdown Enables Made You Reset Attack, affects watsonx.data

Summary Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. Older, EOL versions may also be...

7.5CVSS6.8AI score0.03514EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/12/02 12:0 a.m.4 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: tomcat (UTSA-2025-991028)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991028 advisory. Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat...

9.6CVSS8.3AI score0.09917EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/01 9:40 a.m.18 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses cxf-core-3.6.5.jar which is vulnerable to CVE-2025-48795.

Summary IBM Maximo Application Suite - Monitor Component uses cxf-core-3.6.5.jar which is vulnerable to CVE-2025-48795. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-48795 DESCRIPTION: Apache CXF stores large stream based...

5.6CVSS6.4AI score0.00624EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.10 views

TencentOS Server 3: tomcat (TSSA-2025:0225)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0225 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

10CVSS7.6AI score0.99945EPSS
Exploits47References2
EUVD
EUVD
added 2025/11/13 10:22 p.m.6 views

EUVD-2025-48942

AWS Advanced Python Wrapper: Privilege Escalation in Aurora PostgreSQL instance...

8.6CVSS6.3AI score0.00438EPSS
Exploits0References13
Atlassian
Atlassian
added 2025/11/13 11:27 a.m.15 views

File Inclusion tar-fs Dependency in Confluence Data Center and Server

This High severity File Inclusion vulnerability known as CVE-2024-12905 was introduced in 7.19 of Confluence Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N allows an unauthenticated attacker to expose assets in...

7.5CVSS6.9AI score0.02186EPSS
Exploits2
Packet Storm News
Packet Storm News
added 2025/11/13 12:0 a.m.9 views

An In-Depth Systematic Analysis of the Security, Usability, and Automation Capabilities of Password Update Processes on Top-Ranked Websites

Password updates are a critical account security measure and an essential part of the password lifecycle. Service providers and common security recommendations advise users to update their passwords in response to incidents or as a critical cyber hygiene measure. However, password update processe...

7.3AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/11/12 12:0 a.m.6 views

PT-2025-46649

Name of the Vulnerable Software and Affected Versions TYPO3 Extension "Modules" versions prior to 4.3.11 TYPO3 Extension "Modules" versions 5.0.0 through 5.7.3 TYPO3 Extension "Modules" versions 6.0.0 through 6.4.1 TYPO3 Extension "Modules" versions 7.0.0 through 7.5.4 Description An improper...

8.2CVSS6.8AI score0.00436EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/11 12:0 a.m.21 views

PT-2025-46231

Name of the Vulnerable Software and Affected Versions SQL Anywhere Monitor Non-GUI version 17.0 versions prior to SAP Note 3666261 Description The SQL Anywhere Monitor Non-GUI contains hard-coded credentials within its code. This allows unintended users access to resources and functionality,...

10CVSS8AI score0.00671EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2025/11/10 12:0 a.m.9 views

PT-2025-46209

Name of the Vulnerable Software and Affected Versions Langfuse versions 2.70.0 through 2.95.10 Langfuse versions 3.0.0 through 3.124.0 Description Langfuse is a large language model engineering platform. In certain project membership APIs, the server improperly trusted a user-controlled orgId and...

5CVSS6.3AI score0.00325EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2025/11/10 12:0 a.m.9 views

Amazon Linux 2 : tomcat, --advisory ALAS2TOMCAT9-2025-023 (ALASTOMCAT9-2025-023)

The version of tomcat installed on the remote host is prior to 9.0.110-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2TOMCAT9-2025-023 advisory. Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the...

7.5CVSS7AI score0.66535EPSS
Exploits4References6
Packet Storm News
Packet Storm News
added 2025/11/08 12:0 a.m.7 views

RAG-Targeted Adversarial Attack on LLM-Based Threat Detection and Mitigation Framework

The rapid expansion of the Internet of Things IoT is reshaping communication and operational practices across industries, but it also broadens the attack surface and increases susceptibility to security breaches. Artificial Intelligence has become a valuable solution in securing IoT networks, wit...

7.1AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/10/30 12:0 a.m.8 views

PT-2025-44561

Name of the Vulnerable Software and Affected Versions UniFi Talk Touch versions 1.21.16 and earlier UniFi Talk Touch Max versions 2.21.22 and earlier UniFi Talk G3 Phones versions 3.21.26 and earlier Description An issue was identified in certain UniFi Talk devices where internal debugging...

7.3CVSS6.5AI score0.00218EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2025/10/24 12:43 p.m.109 views

Exploit for CVE-2025-46183

Vulnerability Disclosures Public reports of identified vulner...

8.2CVSS7AI score0.00314EPSS
Exploits1
OSV
OSV
added 2025/10/21 7:17 p.m.4 views

JLSEC-2025-184 libgit2 is a cross-platform, linkable library implementation of Git

libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the certificatecheck field of libgit2's gitremotecallbacks...

5.9CVSS7AI score0.0058EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/10/18 3:37 p.m.14 views

CVE-2025-61672

Synapse is an open source Matrix homeserver implementation. Lack of validation for device keys in Synapse before 1.138.3 and in Synapse 1.139.0 allow an attacker registered on the victim homeserver to degrade federation functionality, unpredictably breaking outbound federation to other homeserver...

5.3CVSS6.6AI score0.00434EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/14 10:44 p.m.10 views

Security Bulletin: The following vulnerabilities that can affect IBM Storage Scale and the Management GUI are now included (CVE-2025-48976)

Summary The following vulnerabilities, which can affect IBM Storage Scale and the Management GUI and could provide weaker-than-expected security, are now fixed in Storage Scale 5.1.9.12 and 5.2.3.3 or higher CVE-2025-48976. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of...

7.5CVSS6.6AI score0.64718EPSS
Exploits1Affected Software1
Snyk
Snyk
added 2025/10/08 5:51 p.m.4 views

Improper Validation of Specified Type of Input

Overview matrix-synapse is an ecosystem for open federated Instant Messaging and VoIP. Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input due to insufficient validation of device keys. An attacker can disrupt federation functionality and unpredictab...

5.4CVSS6.8AI score0.00434EPSS
Exploits0References2
CVE
CVE
added 2025/10/08 2:55 p.m.16 views

CVE-2025-61672

CVE-2025-61672 affects the Synapse Matrix homeserver. The issue is caused by lack of validation for device keys in Synapse before 1.138.3 and in 1.139.0, enabling an attacker registered on the victim homeserver to degrade federation functionality and unpredictably break outbound federation to oth...

5.3CVSS6.5AI score0.00434EPSS
Exploits0References6
Rows per page
Query Builder