Lucene search
K

75 matches found

OSV
OSV
added 2025/11/10 4:5 a.m.1 views

MAL-2025-51831 Malicious code in fajar-mangut61-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 32aa55042889d0042a7a4f0ab7b968ba58df284820aa9e56fba5a624884d934c The package fajar-mangut61-breki was found to contain malicious code. This package appears to be part of the tea.xyz token reward campaign that flood...

6.9AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-1482

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.01022EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/12/04 12:0 a.m.9 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure of the synclinkedregs function in the bpf subsystem to preserve the subregdef flag, which could le...

5.5CVSS6.2AI score0.00207EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/09/28 12:0 a.m.31 views

openSUSE 15 Security Update : coredns (openSUSE-SU-2024:0319-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2024:0319-1 advisory. Update to version 1.11.3: optimize the performance for high qps 6767 bump deps Fix zone parser error handling 6680 Add alternate option to forwar...

7.5CVSS7.8AI score0.03931EPSS
Exploits1References13
OSV
OSV
added 2024/05/14 7:15 p.m.2 views

UBUNTU-CVE-2024-32020

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, local clones may end up hardlinking files into the target repository's object database when source and target repository reside on the same disk. If the source repository is owned by a...

3.9CVSS6.8AI score0.00519EPSS
Exploits1References7
NVD
NVD
added 2024/05/14 3:38 p.m.24 views

CVE-2024-34350

Next.js is a React framework that can provide building blocks to create web applications. Prior to 13.5.1, an inconsistent interpretation of a crafted HTTP request meant that requests are treated as both a single request, and two separate requests by Next.js, leading to desynchronized responses...

7.5CVSS7.4AI score0.01022EPSS
Exploits0References1
CVE
CVE
added 2024/05/09 4:7 p.m.142 views

CVE-2024-34350

CVE-2024-34350 affects Next.js (React framework). The issue arises from inconsistent interpretation of a crafted HTTP request, causing a request to be treated as both a single request and two separate requests, which can poison the response queue. Exploitation requires the affected route to use t...

7.5CVSS6.6AI score0.01022EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/05/09 4:7 p.m.7 views

CVE-2024-34350 Next.js Vulnerable to HTTP Request Smuggling

Next.js is a React framework that can provide building blocks to create web applications. Prior to 13.5.1, an inconsistent interpretation of a crafted HTTP request meant that requests are treated as both a single request, and two separate requests by Next.js, leading to desynchronized responses...

7.5CVSS7.2AI score0.01022EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/05/09 4:7 p.m.31 views

CVE-2024-34350 Next.js Vulnerable to HTTP Request Smuggling

Next.js is a React framework that can provide building blocks to create web applications. Prior to 13.5.1, an inconsistent interpretation of a crafted HTTP request meant that requests are treated as both a single request, and two separate requests by Next.js, leading to desynchronized responses...

7.5CVSS7.6AI score0.01022EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/05/09 12:0 a.m.9 views

PT-2024-25807 · Next.Js · Next.Js

Name of the Vulnerable Software and Affected Versions: Next.js versions prior to 13.5.1 Description: The issue arises from an inconsistent interpretation of crafted HTTP requests, leading to desynchronized responses and a response queue poisoning vulnerability. This occurs when the affected route...

7.5CVSS6.7AI score0.01022EPSS
Exploits0References9
OSV
OSV
added 2024/03/15 4:48 p.m.22 views

GHSA-494H-9924-XWW9 Pterodactyl Wings vulnerable to improper isolation of server file access

Impact This vulnerability impacts anyone running the affected versions of Wings. The vulnerability can potentially be used to access files and directories on the host system. The full scope of impact is exactly unknown, but reading files outside of a server's base directory sandbox root is...

9.9CVSS9.2AI score0.0055EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2023/04/04 10:8 a.m.39 views

Arid Viper Hacking Group Using Upgraded Malware in Middle East Cyber Attacks

The threat actor known as Arid Viper has been observed using refreshed variants of its malware toolkit in its attacks targeting Palestinian entities since September 2022. Symantec, which is tracking the group under its insect-themed moniker Mantis, said the adversary is "going to great lengths to...

7AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/01/23 12:0 a.m.4 views

The vulnerability of the command-line interface (CLI) of the microprogramming software for Cisco TelePresence Collaboration Endpoint conference call control devices and the Cisco RoomOS operating system allows a hacker to re-write any files at will.

The vulnerability of the command-line interface CLI of the microprogramming software for Cisco TelePresence Collaboration Endpoint conference call controllers and the Cisco RoomOS operating system is related to access control deficiencies. Exploiting this vulnerability could allow a attacker to...

4.6CVSS7AI score0.00194EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2018/10/09 12:39 a.m.2 views

GHSA-G6F4-J6C2-W3P3 High severity vulnerability that affects uglify-js

Withdrawn, accidental duplicate publish. The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attackers to bypass security mechanisms or possibly have unspecified other impact by leveraging improperl...

9.8CVSS7.2AI score0.03559EPSS
Exploits1References2
OSV
OSV
added 2017/01/23 9:59 p.m.4 views

UBUNTU-CVE-2015-8857

The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attackers to bypass security mechanisms or possibly have unspecified other impact by leveraging improperly rewritten Javascript...

9.8CVSS7.2AI score0.03559EPSS
Exploits1References4
Rows per page
Query Builder