Lucene search
K

3057 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 11:55 p.m.9 views

CVE-2022-29218

RubyGems is a package registry used to supply software for the Ruby language ecosystem. An ordering mistake in the code that accepts gem uploads allowed some gems with platforms ending in numbers, like arm64-darwin-21 to be temporarily replaced in the CDN cache by a malicious package. The bug has...

7.7CVSS6.9AI score0.01141EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 7:34 p.m.10 views

CVE-2022-39062

A vulnerability has been identified in SICAM TOOLBOX II All versions V07.10. Affected applications do not properly set permissions for product folders. This could allow an authenticated attacker with low privileges to replace DLLs and conduct a privilege escalation...

7.8CVSS6.5AI score0.00155EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 3:1 p.m.16 views

CVE-2020-27228

An incorrect default permissions vulnerability exists in the installation functionality of OpenClinic GA 5.173.3. Overwriting the binary can result in privilege escalation. An attacker can replace a file to exploit this vulnerability...

8.8CVSS6.7AI score0.00763EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/02/05 2:29 p.m.10 views

CVE-2020-2500

This improper access control vulnerability in Helpdesk allows attackers to get control of QNAP Kayako service. Attackers can access the sensitive data on QNAP Kayako server with API keys. We have replaced the API key to mitigate the vulnerability, and already fixed the issue in Helpdesk 3.0.1 and...

9.8CVSS6.7AI score0.00745EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2025/02/05 1:53 p.m.4 views

async-http-client: AsyncHttpClient (AHC) library's `CookieStore` replaces explicitly defined `Cookie`s

A flaw was found in the AsyncHttpClient AHC library. When making any HTTP request, the automatically enabled and self-managed CookieStore will silently replace explicitly defined cookies with any that have the same name from the CookieStore. For services that operate with multiple users, this can...

9.2CVSS5.8AI score0.00587EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/02/05 4:49 a.m.15 views

CVE-2024-36404

GeoTools is an open source Java library that provides tools for geospatial data. Prior to versions 31.2, 30.4, and 29.6, Remote Code Execution RCE is possible if an application uses certain GeoTools functionality to evaluate XPath expressions supplied by user input. Versions 31.2, 30.4, and 29.6...

9.8CVSS7.5AI score0.74908EPSS
Exploits0References1
OSV
OSV
added 2025/02/04 9:32 p.m.7 views

GHSA-WC9M-R3V6-9P5H Sparkle Signing Checks Bypass

A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle’s EdDSA signing checks...

7.3CVSS7.1AI score0.00849EPSS
Exploits0References5
NVD
NVD
added 2025/02/04 8:15 p.m.13 views

CVE-2025-0509

A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle’s EdDSA signing checks...

7.3CVSS0.00849EPSS
Exploits0References3
CVE
CVE
added 2025/02/04 8:1 p.m.169 views

CVE-2025-0509

The CVE-2025-0509 entry concerns the Sparkle update framework. Affected software: Sparkle prior to version 2.6.4. Issue: an attacker can replace an existing signed update with another payload, bypassing Sparkle’s (Ed)DSA signing checks, compromising update integrity. Impact: potential execution o...

7.3CVSS7.2AI score0.00849EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2025/02/04 8:1 p.m.14 views

CVE-2025-0509 Signing Checks Bypass

A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle’s EdDSA signing checks...

7.3CVSS0.00849EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2025/02/04 8:1 p.m.15 views

CVE-2025-0509

A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle’s EdDSA signing checks...

7.3CVSS8.3AI score0.00849EPSS
Exploits0
OSV
OSV
added 2025/02/03 8:47 a.m.15 views

SUSE-SU-2025:20008-1 Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-41014: xfs: add bounds checking to xlogrecoverprocessdata bsc1228408. - CVE-2024-41013: xfs: do not walk off the end of a directory data block bsc1228405...

9.8CVSS7.3AI score0.02701EPSS
Exploits6References1846
NVD
NVD
added 2025/01/30 9:15 a.m.14 views

CVE-2025-0834

Privilege escalation vulnerability has been found in Wondershare Dr.Fone version 13.5.21. This vulnerability could allow an attacker to escalate privileges by replacing the binary ‘C:\ProgramData\Wondershare\wsServices\ElevationService.exe’ with a malicious binary. This binary will be executed by...

7.8CVSS0.00153EPSS
Exploits0References1
F5 Networks
F5 Networks
added 2025/01/29 6:17 p.m.10 views

K000149537: AsyncHttpClient vulnerability CVE-2024-53990

Security Advisory Description The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When making any HTTP request, the automatically enabled and self-managed CookieStore aka cookie jar will silently replace explicitly...

9.2CVSS7.8AI score0.00587EPSS
Exploits0
VulnCheck KEV
VulnCheck KEV
added 2025/01/29 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-25608

HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.18, and older unsupported versions, and Liferay DXP 7.4 before update 19, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions can be circumvented by using the 'REPLACEMENT CHARACTER' U+FFFD, which allows...

6.1CVSS5.8AI score0.0096EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.11 views

Security Bulletin: Apache Commons IO used by IBM InfoSphere Identity Insight has a potential vulnerability (CVE-2024-47554)

Summary The Apache Commons IO used by Identity Insight is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw in the org.apache.commons.io.input.XmlStreamReader class. By sending a specially crafted input, a remote attacker could exploit this vulnerability to...

4.3CVSS7.2AI score0.01249EPSS
Exploits0Affected Software1
NVD
NVD
added 2025/01/27 9:15 a.m.11 views

CVE-2025-24814

Core creation allows users to replace "trusted" configset files with arbitrary configuration Solr instances that 1 use the "FileSystemConfigSetService" component the default in "standalone" or "user-managed" mode, and 2 are running without authentication and authorization are vulnerable to a sort...

5.5CVSS0.01136EPSS
Exploits0References3
OSV
OSV
added 2025/01/27 9:15 a.m.1 views

DEBIAN-CVE-2025-24814

Core creation allows users to replace "trusted" configset files with arbitrary configuration Solr instances that 1 use the "FileSystemConfigSetService" component the default in "standalone" or "user-managed" mode, and 2 are running without authentication and authorization are vulnerable to a sort...

5.5CVSS6.3AI score0.01136EPSS
Exploits0References1
OSV
OSV
added 2025/01/27 9:15 a.m.1 views

UBUNTU-CVE-2025-24814

Core creation allows users to replace "trusted" configset files with arbitrary configuration Solr instances that 1 use the "FileSystemConfigSetService" component the default in "standalone" or "user-managed" mode, and 2 are running without authentication and authorization are vulnerable to a sort...

5.5CVSS5.9AI score0.01136EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2025/01/27 12:0 a.m.6 views

The vulnerability of the application programming interfaces of Google Chrome and Microsoft Edge allows a hacker to bypass existing security restrictions and perform a substitution of the user interface.

The vulnerability of the application programming interfaces of Google Chrome and Microsoft Edge relates to the bypassing of authentication processes through spoofing techniques. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions and replace the use...

7.8CVSS5.6AI score0.00419EPSS
Exploits1References6Affected Software6
Rows per page
Query Builder