Lucene search
K

135 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-32505

Malicious code in bioql PyPI...

6.1CVSS6.6AI score0.00253EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-16826

Malicious code in bioql PyPI...

4.3CVSS6.5AI score0.00431EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/09/16 1:0 p.m.1 views

CVE-2025-39814 ice: fix NULL pointer dereference in ice_unplug_aux_dev() on reset

In the Linux kernel, the following vulnerability has been resolved: ice: fix NULL pointer dereference in iceunplugauxdev on reset Issuing a reset when the driver is loaded without RDMA support, will results in a crash as it attempts to remove RDMA's non-existent auxbus device: echo 1...

6AI score0.0012EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/09/14 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-38720

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: hibmcge: fix rtnl deadlock issue Currently, the hibmcge netdev acquires the rtnllock in pcierrorhandlers.resetprepare and releases it in...

5.5CVSS6.2AI score0.00105EPSS
Exploits0References2
OSV
OSV
added 2025/08/20 12:0 a.m.11 views

ALSA-2025:14181 Important: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Apache Tomcat DoS in multipart upload CVE-2025-48988 tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources CVE-2025-49125 apache-commons-fileupload: Apache...

7.5CVSS7.3AI score0.64718EPSS
Exploits1References16
Microsoft KB
Microsoft KB
added 2025/08/19 12:0 a.m.7 views

August 19, 2025—KB5066189 (OS Builds 22621.5771 and 22631.5771) Out-of-band

August 19, 2025—KB5066189 OS Builds 22621.5771 and 22631.5771 Out-of-band Windows Secure Boot certificate expirationImportant: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. Microsoft has been updating these certificates on consumer and non-managed...

7.8CVSS5.5AI score0.00454EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-38417

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ice: fix eswitch code memory leak in reset scenario Add simple eswitch mode checker in...

5.5CVSS6.2AI score0.00155EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/08/07 12:0 a.m.9 views

CVE-2025-55137

LinkJoin through 882f196 mishandles lacks type checking in password reset...

7.4CVSS0.00327EPSS
Exploits0References1
NVD
NVD
added 2025/07/25 1:15 p.m.10 views

CVE-2025-38371

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Disable interrupts before resetting the GPU Currently, an interrupt can be triggered during a GPU reset, which can lead to GPU hangs and NULL pointer dereference in an interrupt context as shown in the following trace:...

5.5CVSS0.00161EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2025/07/22 3:49 p.m.5 views

CVE-2025-7371

Okta On-Premises Provisioning OPP agents log certain user data during administrator-initiated password resets. This vulnerability allows an attacker with access to the local servers running OPP agents to retrieve user personal information and temporary passwords created during password reset. You...

6.8CVSS6.8AI score0.00281EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/07/07 12:8 a.m.5 views

CVE-2025-47227

In the Production Environment extension in Netmake ScriptCase through 9.12.006 23, the Administrator password reset mechanism is mishandled. Making both a GET and a POST request to login.php.is sufficient. An unauthenticated attacker can then bypass authentication via administrator account takeov...

7.5CVSS6.9AI score0.01955EPSS
Exploits5References1
Positive Technologies
Positive Technologies
added 2025/07/07 12:0 a.m.5 views

PT-2025-28176 · Fblog · Fblog

Name of the Vulnerable Software and Affected Versions: fblog versions through 983bede Description: The issue allows account takeover via the password reset feature because the SERVER NAME is not configured, causing the reset to depend on the Host HTTP header. Recommendations: For versions through...

9.8CVSS6.7AI score0.00369EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/07/07 12:0 a.m.13 views

CVE-2025-43931

flask-boilerplate through a170e7c allows account takeover via the password reset feature because SERVERNAME is not configured and thus a reset depends on the Host HTTP header...

0.00341EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/07/07 12:0 a.m.5 views

PT-2025-28175 · Jobcenter · Jobcenter

Name of the Vulnerable Software and Affected Versions: JobCenter versions through 7e7b0b2 Description: The issue allows for account takeover via the password reset feature. This is because the SERVER NAME is not configured, causing the password reset to depend on the Host HTTP header...

9.8CVSS6.7AI score0.00341EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/06/30 11:16 a.m.5 views

CVE-2025-4407 Application does not invalidate session after password reset

Insufficient Session Expiration vulnerability in ABB Lite Panel Pro.This issue affects Lite Panel Pro: through 1.0.1...

6.8CVSS6.6AI score0.00155EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/30 11:16 a.m.11 views

CVE-2025-4407 Application does not invalidate session after password reset

Insufficient Session Expiration vulnerability in ABB Lite Panel Pro.This issue affects Lite Panel Pro: through 1.0.1...

6.8CVSS0.00155EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/06/27 12:0 a.m.10 views

PT-2025-27070 · WordPress · Dwt - Directory & Listing Wordpress Theme

Name of the Vulnerable Software and Affected Versions: The DWT - Directory & Listing WordPress Theme versions up to, and including, 3.3.6 Description: The issue allows for privilege escalation via account takeover due to improper checking of an empty token value prior to resetting a user's passwo...

9.8CVSS7.5AI score0.00353EPSS
Exploits0References8
CVE
CVE
added 2025/06/02 6:23 a.m.55 views

CVE-2025-1235

CVE-2025-1235 affects WAGO Fully Managed Switches. A low-privilege attacker can set the device date to Jan 19, 2038, triggering 32‑bit time overflow and the switch date rolling back to Jan 1, 1970. Public details in provided documents confirm the issue and lack of patch/version information; no re...

4.3CVSS4.6AI score0.00229EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/06/02 12:0 a.m.5 views

PT-2025-23466 · Wago · Fully Managed Switches 0852-0303 +12

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A low-privileged attacker can set the device's date to January 19th, 2038, exceeding the 32-bit time limit. This causes the device's date to be set back to January 1st, 1970. Recommendations...

4.3CVSS6AI score0.00229EPSS
Exploits0References5
NVD
NVD
added 2025/05/28 6:15 p.m.11 views

CVE-2024-47057

SummaryThis advisory addresses a security vulnerability in Mautic related to the "Forget your password" functionality. This vulnerability could be exploited by unauthenticated users to enumerate valid usernames. User Enumeration via Timing Attack: A user enumeration vulnerability exists in the...

5.3CVSS0.00267EPSS
Exploits0References1
Rows per page
Query Builder