Lucene search
K

22 matches found

OSV
OSV
added 2026/04/01 8:54 p.m.4 views

GHSA-HQXF-MHFW-RC44 AVideo: CSRF on Plugin Enable/Disable Endpoint Allows Disabling Security Plugins

Summary The AVideo endpoint objects/pluginSwitch.json.php allows administrators to enable or disable any installed plugin. The endpoint checks for an active admin session but does not validate a CSRF token. Additionally, the plugins database table is explicitly listed in ignoreTableSecurityCheck,...

6.5CVSS6AI score0.00201EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2002-0893

Malware in sbrugna...

7.5CVSS6.4AI score0.07157EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2006-4538

Malware in sbrugna...

5CVSS6.4AI score0.01634EPSS
Exploits0References4
CVE
CVE
added 2025/06/24 12:28 p.m.82 views

CVE-2025-6429

CVE-2025-6429 is active in Firefox/Thunderbird . The issue arises from an incorrect URL parse in an embed tag, which could rewrite a URL to youtube.com and bypass domain-embedding security checks. Affected products include Firefox and Thunderbird; versions affected are Firefox < 140 and Firefo...

6.5CVSS6.6AI score0.00285EPSS
Exploits0References7Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 8:6 p.m.9 views

CVE-2021-37579

The Dubbo Provider will check the incoming request and the corresponding serialization type of this request meet the configuration set by the server. But there's an exception that the attacker can use to skip the security check when enabled and reaching a deserialization operation with native jav...

9.8CVSS6.9AI score0.0653EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:10 p.m.8 views

CVE-2021-39234

In Apache Ozone versions prior to 1.2.0, Authenticated users knowing the ID of an existing block can craft specific request allowing access those blocks, bypassing other security checks like ACL...

6.8CVSS6.8AI score0.01367EPSS
Exploits0References1
OSV
OSV
added 2023/12/28 9:16 p.m.14 views

GHSA-WPMX-564X-H2MH ewen-lbh/ffcss Late-Unicode normalization vulnerability

Summary The function lookupPreprocess is meant to apply some transformations to a string by disabling characters in the regex - .. However, due to the use of late Unicode normalization of type NFKD, it is possible to bypass that validation and re-introduce all the characters in the regex - .. go ...

5.3CVSS5.3AI score0.00522EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2023/09/12 1:12 p.m.10 views

CVE-2023-2071 FactoryTalk View Machine Edition Vulnerable to Remote Code Execution

Rockwell Automation FactoryTalk View Machine Edition on the PanelView Plus, improperly verifies user’s input, which allows unauthenticated attacker to achieve remote code executed via crafted malicious packets. The device has the functionality, through a CIP class, to execute exported functions...

9.8CVSS8AI score0.10974EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2023/07/03 12:30 p.m.24 views

Apache Airflow Hive Provider Beeline remote code execution with Principal

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Hive Provider. This issue affects Apache Airflow Apache Hive Provider: before 6.1.1. Before version 6.1.1 it was possible to bypass the security check to RCE via principal parameter. For this to be exploited it...

9.8CVSS9.1AI score0.02125EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2023/07/03 10:15 a.m.13 views

CVE-2023-35797

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Hive Provider. This issue affects Apache Airflow Apache Hive Provider: before 6.1.1. Before version 6.1.1 it was possible to bypass the security check to RCE via principal parameter. For this to be exploited it...

9.8CVSS9.1AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/07/03 9:8 a.m.14 views

CVE-2023-35797 Apache Airflow Hive Provider Beeline RCE with Principal

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Hive Provider. This issue affects Apache Airflow Apache Hive Provider: before 6.1.1. Before version 6.1.1 it was possible to bypass the security check to RCE via principal parameter. For this to be exploited it...

9.5AI score0.02125EPSS
Exploits0References3
OSV
OSV
added 2021/09/09 8:15 a.m.29 views

CVE-2021-37579

The Dubbo Provider will check the incoming request and the corresponding serialization type of this request meet the configuration set by the server. But there's an exception that the attacker can use to skip the security check when enabled and reaching a deserialization operation with native jav...

9.8CVSS9.5AI score
Exploits0References1
OSV
OSV
added 2019/07/23 2:15 p.m.6 views

CVE-2019-9816

A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all...

5.9CVSS6.9AI score
Exploits0References4
The Hacker News
The Hacker News
added 2018/06/12 2:43 p.m.50 views

Signature Validation Bug Let Malware Bypass Several Mac Security Products

A years-old vulnerability has been discovered in the way several security products for Mac implement Apple's code-signing API that could make it easier for malicious programs to bypass the security check, potentially leaving millions of Apple users vulnerable to hackers. Josh Pitts, a researcher...

7.8CVSS0.1AI score0.00857EPSS
Exploits6
OSV
OSV
added 2018/06/11 9:29 p.m.4 views

CVE-2018-5168

Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This vulnerability affects...

5.3CVSS8.8AI score
Exploits0References18
GoogleProjectZero
GoogleProjectZero
added 2015/08/25 12:0 a.m.51 views

Windows 10^H^H Symbolic Link Mitigations

Posted by James Forshaw, abusing symbolic links like it’s 1999. For the past couple of years I’ve been researching Windows elevation of privilege attacks. This might be escaping sandboxing or gaining system privileges. One of the techniques I’ve used multiple times is abusing the symbolic link...

10CVSS7.6AI score0.12974EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/02/05 12:0 a.m.27 views

Mozilla Firefox for Android < 27.0 Multiple Vulnerabilities

Binary data 8101.prm...

7.5CVSS9.1AI score0.03889EPSS
Exploits1References4
Check Point Advisories
Check Point Advisories
added 2014/01/07 12:0 a.m.6 views

Oracle Java MBeanInstantiator.findClass Remote Code Execution - Ver2 (CVE-2013-0422)

A code execution vulnerability has been reported in Oracle Java. The vulnerability is due to an access control failure in the com.sun.jmx.mbeanserver package and in the invokeWithArguments method of the java.lang.invoke.MethodHandle class. A remote attacker could trigger this vulnerability by usi...

10CVSS7.5AI score0.97612EPSS
Exploits38
RedHat Linux
RedHat Linux
added 2011/04/08 2:53 a.m.62 views

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

7.8CVSS6.6AI score0.02523EPSS
Exploits5References24
RedHat Linux
RedHat Linux
added 2011/04/08 2:53 a.m.5 views

kernel: install_special_mapping skips security_file_mmap check

The installspecialmapping function in mm/mmap.c in the Linux kernel before 2.6.37-rc6 does not make an expected securityfilemmap function call, which allows local users to bypass intended mmapminaddr restrictions and possibly conduct NULL pointer dereference attacks via a crafted assembly-languag...

2.1CVSS6.1AI score0.00405EPSS
Exploits0References4
Rows per page
Query Builder