Lucene search
K

1427 matches found

AlpineLinux
AlpineLinux
added 2025/09/30 1:17 p.m.10 views

CVE-2025-9231

Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm implementation on 64 bit ARM platforms. Impact summary: A timing side-channel in SM2 signature computations on 64 bit ARM platforms could allow recovering the private...

6.5CVSS6.7AI score0.02234EPSS
Exploits0
OSV
OSV
added 2025/09/11 9:53 p.m.5 views

GHSA-7VM2-J586-VCVC SurrealDB is Vulnerable to Unauthorized Data Exposure via LIVE Query Subscriptions

LIVE SELECT statements are used to capture changes to data within a table in real time. Documents included in WHERE conditions and DELETE notifications were not properly reduced to respect the querying user's security context. Instead the leaked documents reflect the context of the user triggerin...

6.9CVSS6.7AI score0.00298EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2025/09/11 9:53 p.m.12 views

SurrealDB is Vulnerable to Unauthorized Data Exposure via LIVE Query Subscriptions

LIVE SELECT statements are used to capture changes to data within a table in real time. Documents included in WHERE conditions and DELETE notifications were not properly reduced to respect the querying user's security context. Instead the leaked documents reflect the context of the user triggerin...

5.7CVSS6.7AI score0.00298EPSS
Exploits0References8Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/24 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2010-2198

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deleti...

7.2CVSS7.2AI score0.00357EPSS
Exploits0References2
OSV
OSV
added 2025/08/20 3:31 p.m.4 views

GHSA-8F93-J3FX-72F3 CRI-O has Potential High Memory Consumption from File Read

There's a vulnerability in the CRI-O application where when container is launched with securityContext.runAsUser specifying a non-existent user, CRI-O attempts to create the user, reading the container's entire /etc/passwd file into memory. If this file is excessively large, it can cause the a hi...

5.7CVSS7AI score0.00224EPSS
Exploits0References5
NVD
NVD
added 2025/08/20 1:15 a.m.5 views

CVE-2024-12223

Prism Central versions prior to 2024.3.1 are vulnerable to a stored cross-site scripting attack via the Events component, allowing an attacker to hijack a victim user’s session and perform actions in their security context...

9.3CVSS0.00311EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/20 12:44 a.m.10 views

CVE-2024-12223 Stored Cross-site Scripting (XSS) in Nutanix Prism Central

Prism Central versions prior to 2024.3.1 are vulnerable to a stored cross-site scripting attack via the Events component, allowing an attacker to hijack a victim user’s session and perform actions in their security context...

9.3CVSS0.00311EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2021-21334

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In containerd an industry-standard container runtime before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation through...

6.3CVSS6.2AI score0.02044EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/07/30 12:0 a.m.5 views

PT-2025-31455 · Absolute · Absolute Secure Access

Name of the Vulnerable Software and Affected Versions: Absolute Secure Access versions 12.01 through 13.55 Description: The management console of Absolute Secure Access is susceptible to an issue where attackers possessing administrative privileges can trigger the deserialization and execution of...

7.2CVSS6.8AI score0.00369EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2025/07/28 11:23 p.m.2 views

SUSE CVE-2025-38396

In the Linux kernel, the following vulnerability has been resolved: fs: export anoninodemakesecureinode and fix secretmem LSM bypass Export anoninodemakesecureinode to allow KVM guestmemfd to create anonymous inodes with proper security context. This replaces the current pattern of calling...

7.8CVSS6.4AI score0.00163EPSS
Exploits0References69
CVE
CVE
added 2025/07/28 3:27 p.m.20 views

CVE-2024-49343

CVE-2024-49343 affects IBM Informix Dynamic Server (IDS) versions 12.10 and 14.10. The issue is an HTML injection vulnerability: a remote attacker can inject malicious HTML that is rendered in the victim’s browser within the hosting site’s security context. The provided documents do not describe ...

5.4CVSS6.5AI score0.00199EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/07/25 1:15 p.m.13 views

CVE-2025-38396

In the Linux kernel, the following vulnerability has been resolved: fs: export anoninodemakesecureinode and fix secretmem LSM bypass Export anoninodemakesecureinode to allow KVM guestmemfd to create anonymous inodes with proper security context. This replaces the current pattern of calling...

7.8CVSS0.00163EPSS
Exploits0References6
OSV
OSV
added 2025/07/25 1:15 p.m.4 views

UBUNTU-CVE-2025-38396

In the Linux kernel, the following vulnerability has been resolved: fs: export anoninodemakesecureinode and fix secretmem LSM bypass Export anoninodemakesecureinode to allow KVM guestmemfd to create anonymous inodes with proper security context. This replaces the current pattern of calling...

7.8CVSS6.2AI score0.00163EPSS
Exploits0References30
OSV
OSV
added 2025/07/25 12:53 p.m.10 views

CVE-2025-38396 fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass

In the Linux kernel, the following vulnerability has been resolved: fs: export anoninodemakesecureinode and fix secretmem LSM bypass Export anoninodemakesecureinode to allow KVM guestmemfd to create anonymous inodes with proper security context. This replaces the current pattern of calling...

7.8CVSS6.4AI score0.00163EPSS
Exploits0References9
CVE
CVE
added 2025/06/27 2:48 p.m.35 views

CVE-2023-38007

CVE-2023-38007 affects IBM Cloud Pak System versions on Power (2.3.5.0; 2.3.3.7 with iFix1) and Intel (2.3.3.6 with iFix1/2; 2.3.4.0/2.3.4.1). Root cause is HTML injection (XSS) in the web UI, allowing a remote attacker to inject malicious HTML that runs in the browser within the hosting site's s...

5.4CVSS6.5AI score0.00212EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2025/06/26 12:0 a.m.1 views

Allocation of Resources Without Limits or Throttling

Overview github.com/cri-o/cri-o/server is an OCI-based implementation of Kubernetes Container Runtime Interface Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the handling of the /etc/passwd file. An attacker with minimal privileges to...

7.1CVSS6.8AI score0.00224EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 6:26 a.m.12 views

CVE-2024-41752

IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

6.1CVSS6.9AI score0.00263EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 3:37 a.m.6 views

CVE-2023-28650

An unauthenticated remote attacker could provide a malicious link and trick an unsuspecting user into clicking on it. If clicked, the attacker could execute the malicious JavaScript JS payload in the target’s security context...

6.1CVSS7.3AI score0.00516EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:50 a.m.4 views

CVE-2023-32332

IBM Maximo Application Suite 8.9, 8.10 and IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-For...

5.4CVSS6.5AI score0.00493EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:39 a.m.12 views

CVE-2022-40160

DISPUTED This record was originally reported by the oss-fuzz project who failed to consider the security context in which JXPath is intended to be used and failed to contact the JXPath maintainers prior to requesting the CVE allocation. The CVE was then allocated by Google in breach of the CNA...

6.5CVSS6.7AI score0.01188EPSS
Exploits0References1
Rows per page
Query Builder