Lucene search
K

174 matches found

CVE
CVE
added 2025/05/27 8:51 p.m.62 views

CVE-2025-5198

CVE-2025-5198 describes a Cross-site Scripting (XSS) flaw in Stackrox where the vulnerability can be triggered if script code is placed in a small subset of table cells, specifically when contained in the name of a Kubernetes “Role” object applied to a secured cluster. The exploit would require c...

5.4CVSS4.9AI score0.00227EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 8:32 a.m.7 views

CVE-2024-23485

Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation CWE-1304 in the Controller 6000 and 7000 can lead to secured door locks connected via Aperio Communication Hubs to momentarily allow free access. This issue affects: Gallagher Controller 6000 and...

4.6CVSS7AI score0.00186EPSS
Exploits0References1
CVE
CVE
added 2025/05/20 5:32 p.m.319 views

CVE-2025-47277

vLLM (versions 0.6.5–0.8.4) is affected only when using the PyNcclPipe KV cache transfer integration with the V0 engine. The issue stems from the PyTorch TCPStore binding defaulting to ALL interfaces; a workaround constrained the store to a private interface, and as of version 0.8.5 vLLM now bind...

9.8CVSS9.5AI score0.00959EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2025/04/29 3:36 p.m.21 views

CVE-2025-46346 YesWiki Vulnerable to Stored XSS in Comments

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, a stored cross-site scripting XSS vulnerability was discovered in the application’s comments feature. This issue allows a malicious actor to inject JavaScript payloads that are stored and later executed in the browser of any user...

6.3CVSS5.3AI score0.00276EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2021-47389

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: fix missing sevdecommission in sevreceivestart DECOMMISSION the current SEV contex...

5.1CVSS5.8AI score0.00213EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/02/06 12:0 a.m.5 views

IBM ApplinX 加密问题漏洞

IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern web-based applications. A cryptographic issue vulnerability exists in IBM ApplinX version 11.1 that stems from not properly enabling HTTP strict transport. An attacker could...

5.9CVSS6.5AI score0.00242EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2024/10/31 3:49 a.m.4 views

SUSE CVE-2024-47609

Tonic is a native gRPC client & server implementation with async/await support. When using tonic::transport::Server there is a remote DoS attack that can cause the server to exit cleanly on accepting a TCP/TLS stream. This can be triggered by causing the accept call to error out with errors that...

6.9CVSS7AI score0.00622EPSS
Exploits0References3
Malwarebytes
Malwarebytes
added 2024/10/28 3:22 p.m.11 views

Europol warns about counterfeit goods and the criminals behind them

With the holidays around the bend, many are looking for gifts for their family and friends. And since we somehow decided we want to give more each time, we’re also looking for good deals. But European law enforcement agency Europol issued a warning about buying fake goods. Sure, they are cheaper,...

7.3AI score
Exploits0
RedhatCVE
RedhatCVE
added 2024/10/21 2:14 p.m.14 views

CVE-2024-49857

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: set the cipher for secured NDP ranging The cipher pointer is not set, but is derefereced trying to set its content, which leads to a NULL pointer dereference. Fix it by pointing to the cipher parameter before...

5.5CVSS6.9AI score0.00176EPSS
Exploits0References4
CVE
CVE
added 2024/10/21 12:18 p.m.122 views

CVE-2024-49857

CVE-2024-49857 (Linux kernel) involves the wifi iwlwifi mvm path where the cipher pointer is not initialized before it is dereferenced during secured NDP ranging. The underlying bug is a NULL pointer dereference caused by dereferencing an uninitialized cipher pointer. The fixed description states...

5.5CVSS6.9AI score0.00176EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2024/10/21 12:18 p.m.9 views

CVE-2024-49857

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: set the cipher for secured NDP ranging The cipher pointer is not set, but is derefereced trying to set its content, which leads to a NULL pointer dereference. Fix it by pointing to the cipher parameter before...

5.5CVSS6AI score0.00176EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2024/08/31 12:31 a.m.22 views

Missing hostname validation in Kroxylicious

A flaw was found in Kroxylicious. When establishing the connection with the upstream Kafka server using a TLS secured connection, Kroxylicious fails to properly verify the server's hostname, resulting in an insecure connection. For a successful attack to be performed, the attacker needs to perfor...

5.9CVSS6.5AI score0.00378EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2024/08/30 9:10 p.m.17 views

CVE-2024-8285 Kroxylicious: missing upstream kafka tls hostname verification

A flaw was found in Kroxylicious. When establishing the connection with the upstream Kafka server using a TLS secured connection, Kroxylicious fails to properly verify the server's hostname, resulting in an insecure connection. For a successful attack to be performed, the attacker needs to perfor...

5.9CVSS6.6AI score0.00378EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/07/16 4:51 p.m.28 views

CVE-2024-6326 Rockwell Automation Unsecured Private Keys in FactoryTalk® System Services

An exposure of sensitive information vulnerability exists in the Rockwell Automation FactoryTalk® System Service. A malicious user could exploit this vulnerability by starting a back-up or restore process, which temporarily exposes private keys, passwords, pre-shared keys, and database folders wh...

1.8CVSS0.00176EPSS
Exploits0References1
NVD
NVD
added 2024/07/11 3:15 a.m.16 views

CVE-2024-23485

Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation CWE-1304 in the Controller 6000 and 7000 can lead to secured door locks connected via Aperio Communication Hubs to momentarily allow free access. This issue affects: Gallagher Controller 6000 and...

4.6CVSS0.00186EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/11 2:38 a.m.20 views

CVE-2024-23485

Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation CWE-1304 in the Controller 6000 and 7000 can lead to secured door locks connected via Aperio Communication Hubs to momentarily allow free access. This issue affects: Gallagher Controller 6000 and...

4.6CVSS0.00186EPSS
Exploits0References1
CVE
CVE
added 2024/07/11 2:38 a.m.50 views

CVE-2024-23485

CVE-2024-23485 affects Gallagher Controller 6000 and 7000. Root cause: improper preservation of hardware configuration state during a power save/restore operation, which can cause Aperio-connected door locks to momentarily allow free access. Affected versions span 8.60 and prior; 8.70 prior to vC...

4.6CVSS4.9AI score0.00186EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.13 views

RHEL 6 : networkmanager (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - NetworkManager: creating new WPA-secured wireless network results in insecure network being created inste...

6.2CVSS5.7AI score0.00428EPSS
Exploits2References2
hivepro
hivepro
added 2024/03/27 12:15 p.m.33 views

Evil Ant The Python-Powered Ransomware

Summary: Evil Ant Ransomware, a sophisticated Python-based malware compiled with PyInstaller, operates covertly by hiding its console window and executing tasks discreetly. It aims to gain access to critical system functions and encrypt secured files. Threat Level - Amber | Attack Report For a...

7.5AI score
Exploits0
CNNVD
CNNVD
added 2024/03/06 12:0 a.m.4 views

Sulu Security Breach

Sulu is a Symfony framework on an extensible, PHP-based open source content management system from Sulu, Austria. A security vulnerability exists in Sulu versions 2.2.0 through prior to 2.5.13, which stems from the ability to grant access to a page regardless of the permissions of a role in a...

8.1CVSS6.6AI score0.0045EPSS
Exploits0References3
Rows per page
Query Builder