Lucene search
K

3057 matches found

BDU FSTEC
BDU FSTEC
added 2025/01/27 12:0 a.m.4 views

The vulnerability of the Frames component in Google Chrome and Microsoft Edge allows attackers to bypass existing security restrictions and perform substitution attacks on user interfaces.

The vulnerability of the Frames component in Google Chrome and Microsoft Edge involves bypassing authentication through spoofing. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions and replace the user interface with a specially created HTML page...

7.8CVSS6.5AI score0.00268EPSS
Exploits1References11Affected Software8
BDU FSTEC
BDU FSTEC
added 2025/01/27 12:0 a.m.5 views

The vulnerability of the application programming interfaces of Google Chrome and Microsoft Edge allows a hacker to bypass existing security restrictions and perform a substitution of the user interface.

The vulnerability of the application programming interfaces of Google Chrome and Microsoft Edge relates to the bypassing of authentication processes through spoofing techniques. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions and replace the use...

7.8CVSS5.6AI score0.00419EPSS
Exploits1References6Affected Software6
BDU FSTEC
BDU FSTEC
added 2025/01/27 12:0 a.m.7 views

The vulnerability of the Extensions component in Google Chrome and Microsoft Edge browsers allows attackers to bypass existing security restrictions and perform substitution attacks on user interfaces.

The vulnerability of the Extensions component in Google Chrome and Microsoft Edge involves bypassing authentication through spoofing. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions and replace the user interface...

5CVSS5.6AI score0.00276EPSS
Exploits0References10Affected Software8
BDU FSTEC
BDU FSTEC
added 2025/01/27 12:0 a.m.7 views

The vulnerability of the Compositing component in Google Chrome and Microsoft Edge browsers allows attackers to replace the user interface.

The vulnerability of the Compositing component in Google Chrome and Microsoft Edge exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to replace the user interface with a specially created HTML page...

5CVSS5.5AI score0.00294EPSS
Exploits1References10Affected Software8
Huntr
Huntr
added 2025/01/25 8:10 p.m.7 views

Bucket "h2o-release" publicly writable, allowing an attacker to replace any file

The S3 bucket "h2o-release" where you host docs and which you instruct your users to use as a Maven repo e.g. in here https://github.com/h2oai/h2o-3?tab=readme-ov-file3-using-h2o-3-artifacts is publicly writable. It is possible to overwrite any file in that bucket. As a PoC I created the followin...

7.1AI score
Exploits0
NVD
NVD
added 2025/01/21 1:15 p.m.10 views

CVE-2025-21657

In the Linux kernel, the following vulnerability has been resolved: schedext: Replace rqlock to rawspinrqlock in scxopsbypass scxopsbypass iterates all CPUs to re-enqueue all the scx tasks. For each CPU, it acquires a lock using rqlock regardless of whether a CPU is offline or the CPU is currentl...

5.5CVSS0.00172EPSS
Exploits0References2
CVE
CVE
added 2025/01/21 12:18 p.m.91 views

CVE-2025-21657

CVE-2025-21657 relates to the Linux kernel sched_ext component. The root cause was that scx_ops_bypass() re-enqueued scx tasks across CPUs by acquiring rq_lock() for online CPUs regardless of CPU state, which could trigger a spurious rq_pin_lock() warning. The fix replaces rq_lock() with raw_spin...

5.5CVSS6.5AI score0.00172EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/01/21 12:18 p.m.19 views

CVE-2025-21657 sched_ext: Replace rq_lock() to raw_spin_rq_lock() in scx_ops_bypass()

In the Linux kernel, the following vulnerability has been resolved: schedext: Replace rqlock to rawspinrqlock in scxopsbypass scxopsbypass iterates all CPUs to re-enqueue all the scx tasks. For each CPU, it acquires a lock using rqlock regardless of whether a CPU is offline or the CPU is currentl...

0.00172EPSS
Exploits0References2
OSV
OSV
added 2025/01/21 7:47 a.m.3 views

MAL-2025-318 Malicious code in webpack-extensive-lodash-replacement-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 845800d2390e86cf58dcd05fd029a2ff2a064fef8ec1bc60b2ad041467db4fdb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References3
Microsoft KB
Microsoft KB
added 2025/01/14 8:0 a.m.87 views

Description of the security update for Office 2016: January 14, 2025 (KB5002675)

Description of the security update for Office 2016: January 14, 2025 KB5002675 Summary This security update resolves a Microsoft Office security feature bypass vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2025-21346. Note: To apply...

7.8CVSS8.7AI score0.00659EPSS
Exploits0
CNNVD
CNNVD
added 2025/01/14 12:0 a.m.3 views

Silverstripe Asset Admin Module 跨站脚本漏洞

Silverstripe Asset Admin Module is an open source asset management module from Silverstripe. A cross-site scripting vulnerability exists in Silverstripe Asset Admin Module, which stems from the fact that HTML is not sanitized until the shortcode is replaced, allowing execution of script loads in...

5.4CVSS6AI score0.01108EPSS
Exploits2References5
RedhatCVE
RedhatCVE
added 2025/01/13 10:24 a.m.12 views

CVE-2024-48875

In the Linux kernel, the following vulnerability has been resolved: btrfs: don't take devreplace rwsem on task already holding it Running fstests btrfs/011 with MKFSOPTIONS="-O rst" to force the usage of the RAID stripe-tree, we get the following splat from lockdep: BTRFS info device sdd:...

5.5CVSS6.8AI score0.00143EPSS
Exploits0References4
OSV
OSV
added 2025/01/11 1:15 p.m.2 views

UBUNTU-CVE-2024-48875

In the Linux kernel, the following vulnerability has been resolved: btrfs: don't take devreplace rwsem on task already holding it Running fstests btrfs/011 with MKFSOPTIONS="-O rst" to force the usage of the RAID stripe-tree, we get the following splat from lockdep: BTRFS info device sdd:...

5.5CVSS6.2AI score0.00143EPSS
Exploits0References20
CVE
CVE
added 2025/01/11 12:25 p.m.133 views

CVE-2024-48881

CVE-2024-48881 concerns the Linux kernel’s bcache implementation. The issue was a NULL pointer dereference risk in cache_set_flush() caused by a changed check: the code could access c->root when previous registration failed before c->root was allocated. The patch reverts the IS_ERR check to...

5.5CVSS6.6AI score0.00246EPSS
Exploits0References9Affected Software1
Cvelist
Cvelist
added 2025/01/11 12:25 p.m.20 views

CVE-2024-48875 btrfs: don't take dev_replace rwsem on task already holding it

In the Linux kernel, the following vulnerability has been resolved: btrfs: don't take devreplace rwsem on task already holding it Running fstests btrfs/011 with MKFSOPTIONS="-O rst" to force the usage of the RAID stripe-tree, we get the following splat from lockdep: BTRFS info device sdd:...

0.00143EPSS
Exploits0References2
CVE
CVE
added 2025/01/11 12:25 p.m.121 views

CVE-2024-48875

In the Linux kernel, CVE-2024-48875 is described as a fix for a btrfs issue: don’t take the dev_replace rwsem if the task already holds it. The root cause is a possible deadlock when btrfs_dev_replace flow takes the same rwsem twice during operations like btrfs_map_block, as demonstrated by a loc...

5.5CVSS6.5AI score0.00143EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/01/10 1:0 p.m.3 views

OESA-2025-1024 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: A vulnerability has been found in cURL Network Utility Software and classified as problematic. Affected by this vulnerability is an unknown cod...

3.4CVSS6.3AI score0.01351EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2025/01/10 12:21 a.m.2 views

SUSE CVE-2024-56664

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix race between element replace and close Element replace with a socket different from the one stored may race with socket's close link popping & unlinking. sockmapdelete unconditionally unrefs the wrong element: /...

7CVSS7.7AI score0.00173EPSS
Exploits0References52
Cvelist
Cvelist
added 2025/01/09 5:22 p.m.28 views

CVE-2025-22149 JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh

JWK Set JSON Web Key Set is a JWK and JWK Set Go implementation. Prior to 0.6.0, the project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use...

2.1CVSS0.00543EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2024/12/28 1:36 a.m.27 views

CVE-2024-56664

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix race between element replace and close Element replace with a socket different from the one stored may race with socket's close link popping & unlinking. sockmapdelete unconditionally unrefs the wrong element: /...

6.4CVSS6.7AI score0.00173EPSS
Exploits0References4
Rows per page
Query Builder