Lucene search
K

5562 matches found

GithubExploit
GithubExploit
added 2026/01/14 7:45 a.m.173 views

Exploit for Code Injection in Vmware Spring_Framework

CVE-2022-22965-Spring4Shell-Security-Operations-Analysis A com...

9.8CVSS8.9AI score0.99677EPSS
Exploits100
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.9 views

TencentOS Server 3: tomcat (TSSA-2025:0984)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0984 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

9.8CVSS7.1AI score0.66535EPSS
Exploits5References3
RedhatCVE
RedhatCVE
added 2026/01/13 10:53 p.m.6 views

CVE-2025-14172

The WP Page Permalink Extension plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5.4. This is due to missing authorization checks on the cwpptriggerflushrewriterules function hooked to wpajaxcwpptriggerflushrewriterules. This makes it possible fo...

6.5CVSS5.6AI score0.00376EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/01/13 2:1 p.m.6 views

Astra Linux – Vulnerability in libarchive

A issue was discovered in libarchive bsdtar before version 3.8.1, in the function applysubstitution in the file tar/subst.c, when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to a denial of service Out-of-Memory crash...

5.5CVSS5.4AI score0.00139EPSS
Exploits1References3
AstraLinux
AstraLinux
added 2026/01/13 2:1 p.m.5 views

Astra Linux – Vulnerability in Chromium

Inappropriate implementations in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions through a crafted Chrome Extension. Chromium security severity: High...

6.5CVSS5.2AI score0.0017EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/01/13 11:14 a.m.194 views

Exploit for CVE-2025-14172

📄 Nuclei Template for CVE-2025-14172 🚀 Overview This repo...

6.5CVSS6.5AI score0.00376EPSS
Exploits1
Packet Storm News
Packet Storm News
added 2026/01/13 12:0 a.m.21 views

Suricata IDPE 8.0.3

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and...

6.8AI score0.00508EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.6 views

MiracleLinux 9 : NetworkManager-1.48.10-5.el9_5.ML.1 (AXSA:2025-9560:03)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9560:03 advisory. NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its...

7.6CVSS7.4AI score0.04063EPSS
Exploits1References2
Wired Threat Level
Wired Threat Level
added 2026/01/12 6:48 p.m.6 views

GoFundMe Ignores Own Rules by Hosting a Legal-Defense Fund for the ICE Agent Who Killed Renee Good

The fundraiser for the ICE agent in the Renee Good killing has stayed online in seeming breach of GoFundMe’s own terms of service, prompting questions about selective enforcement...

7.2AI score
Exploits0
Patchstack
Patchstack
added 2026/01/12 10:11 a.m.11 views

WordPress WP Page Permalink Extension plugin <= 1.5.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Rewrite Rules Flush vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Rewrite Rules Flush vulnerability discovered by Legion Hunter in WordPress Plugin WP Page Permalink Extension versions = 1.5.4...

6.5CVSS6.8AI score0.00376EPSS
Exploits1References1Affected Software1
Packet Storm News
Packet Storm News
added 2026/01/12 12:0 a.m.1 views

YARA-X 1.11.0

YARA-X is a re-incarnation of YARA, a pattern matching tool designed with malware researchers in mind. This new incarnation intends to be faster, safer and more user-friendly than its predecessor. The ultimate goal of YARA-X is replacing YARA as the default pattern matching tool for malware...

6.8AI score
Exploits0
NVD
NVD
added 2026/01/11 11:15 a.m.6 views

CVE-2025-15506

A vulnerability was found in AcademySoftwareFoundation OpenColorIO up to 2.5.0. This issue affects the function ConvertToRegularExpression of the file src/OpenColorIO/FileRules.cpp. Performing a manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has...

4.8CVSS0.00165EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2026/01/11 11:15 a.m.2 views

CVE-2025-15506

A vulnerability was found in AcademySoftwareFoundation OpenColorIO up to 2.5.0. This issue affects the function ConvertToRegularExpression of the file src/OpenColorIO/FileRules.cpp. Performing a manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has...

4.8CVSS5.5AI score0.00165EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/01/11 11:2 a.m.2 views

CVE-2025-15506 AcademySoftwareFoundation OpenColorIO FileRules.cpp ConvertToRegularExpression out-of-bounds

A vulnerability was found in AcademySoftwareFoundation OpenColorIO up to 2.5.0. This issue affects the function ConvertToRegularExpression of the file src/OpenColorIO/FileRules.cpp. Performing a manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has...

4.8CVSS6.2AI score0.00165EPSS
Exploits0References9
CVE
CVE
added 2026/01/11 11:2 a.m.19 views

CVE-2025-15506

The CVE-2025-15506 issue affects AcademySoftwareFoundation OpenColorIO (up to 2.5.0) in the ConvertToRegularExpression function within src/OpenColorIO/FileRules.cpp. The vulnerability enables an out-of-bounds read when a specific manipulation is performed, with local access required. Public explo...

4.8CVSS4.2AI score0.00165EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/01/11 12:0 a.m.3 views

OpenColorIO 缓冲区错误漏洞

OpenColorIO is an open source color management framework for visual effects and animation from Academy Software Foundation. A buffer error vulnerability exists in OpenColorIO 2.5.0 and earlier versions, which stems from incorrect manipulation of the file src/OpenColorIO/FileRules.cpp, and can lea...

4.8CVSS4.2AI score0.00165EPSS
Exploits0References8
EUVD
EUVD
added 2026/01/10 12:30 a.m.5 views

EUVD-2025-206271

Details On October 1, 2025, Palantir discovered that images uploaded through the Dossier front-end app were not being marked correctly with the proper security levels. The regression was traced back to a change in May 2025, which was meant to allow file uploads to be shared among different...

3.5CVSS6.3AI score0.00196EPSS
Exploits0References2
NVD
NVD
added 2026/01/09 10:16 p.m.3 views

CVE-2025-62487

On October 1, 2025, Palantir discovered that images uploaded through the Dossier front-end app were not being marked correctly with the proper security levels. The regression was traced back to a change in May 2025, which was meant to allow file uploads to be shared among different artifacts e.g...

3.5CVSS0.00196EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/09 9:17 p.m.4 views

CVE-2025-62487

On October 1, 2025, Palantir discovered that images uploaded through the Dossier front-end app were not being marked correctly with the proper security levels. The regression was traced back to a change in May 2025, which was meant to allow file uploads to be shared among different artifacts e.g...

3.5CVSS5.5AI score0.00196EPSS
Exploits0References2Affected Software3
Vulnrichment
Vulnrichment
added 2026/01/09 9:17 p.m.5 views

CVE-2025-62487 Under certain configurations, file artifacts uploaded to the Dossier and Slides apps did not inherit security markings of their parent artifact. This lack of security markings could lead to unintended access to the uploaded files.

On October 1, 2025, Palantir discovered that images uploaded through the Dossier front-end app were not being marked correctly with the proper security levels. The regression was traced back to a change in May 2025, which was meant to allow file uploads to be shared among different artifacts e.g...

3.5CVSS6.4AI score0.00196EPSS
Exploits0References1
Rows per page
Query Builder