Lucene search
+L

356 matches found

OSV
OSV
added 2025/06/10 2:13 p.m.7 views

GHSA-5GW5-JCCF-6HXW GeoServer Vulnerable to Unauthenticated SSRF via TestWfsPost

Summary It possible to achieve Service Side Request Forgery SSRF via the Demo request endpoint if Proxy Base URL has not been set. Details A unauthenticated user can supply a request that will be issued by the server. This can be used to enumerate internal networks and also in the case of cloud...

7.5CVSS7AI score0.18925EPSS
Exploits0References6
OSV
OSV
added 2025/06/06 5:32 p.m.4 views

CVE-2025-47950 CoreDNS Vulnerable to DoQ Memory Exhaustion via Stream Amplification

CoreDNS is a DNS server that chains plugins. In versions prior to 1.12.2, a Denial of Service DoS vulnerability exists in the CoreDNS DNS-over-QUIC DoQ server implementation. The server previously created a new goroutine for every incoming QUIC stream without imposing any limits on the number of...

7.5CVSS7.5AI score0.01132EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/06/02 7:42 p.m.12 views

CVE-2024-52035

A flaw was found in the catdoc OLE Document File Allocation Table Parser. This vulnerability allows heap-based memory corruption via a specially crafted malformed file. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product...

8.4CVSS8.3AI score0.00252EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/30 9:14 p.m.24 views

CVE-2025-48943

An application level denial of service flaw was found in vLLM. This flaw allows a remote attacker with access to the system prompt to submit an invalid regular expression while requesting structured output and crash the vLLM instance. Mitigation Mitigation for this issue is either not available o...

6.5CVSS6.1AI score0.004EPSS
Exploits0References7
NVD
NVD
added 2025/05/28 6:15 p.m.13 views

CVE-2024-47057

SummaryThis advisory addresses a security vulnerability in Mautic related to the "Forget your password" functionality. This vulnerability could be exploited by unauthenticated users to enumerate valid usernames. User Enumeration via Timing Attack: A user enumeration vulnerability exists in the...

5.3CVSS0.00267EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2025/05/26 3:6 p.m.12 views

CVE-2025-46803

The default mode of pseudo terminals PTYs allocated by Screen was changed from 0620 to 0622, thereby allowing anyone to write to any Screen PTYs in the system...

5.1CVSS7.4AI score0.00201EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 8:5 a.m.4 views

CVE-2024-51498

cobalt is a media downloader that doesn't piss you off. A malicious cobalt instance could serve links with the javascript: protocol, resulting in Cross-site Scripting XSS when the user tries to download an item from a picker. This issue has been present since commit 66bac03e, was mitigated in...

6CVSS6.1AI score0.00471EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:44 p.m.7 views

CVE-2020-9692

Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution...

8.5CVSS7.3AI score0.03807EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:32 a.m.9 views

CVE-2019-14356

On Coldcard MK1 and MK2 devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be...

5.3CVSS6.5AI score0.01198EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:13 a.m.15 views

CVE-2019-10073

The "Blog", "Forum", "Contact Us" screens of the template "ecommerce" application bundled in Apache OFBiz are weak to Stored XSS attacks. Mitigation: Upgrade to 16.11.06 or manually apply the following commits on branch 16.11: 1858438, 1858543, 1860595 and 1860616...

6.1CVSS6AI score0.05227EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/16 12:0 a.m.4 views

PT-2025-21751

Name of the Vulnerable Software and Affected Versions: Spring Framework versions 5.3.0 through 5.3.42 Spring Framework versions 6.0.0 through 6.0.27 Spring Framework versions 6.1.0 through 6.1.19 Spring Framework versions 6.2.0 through 6.2.6 Description: The issue concerns a bypass of disallowed...

3.1CVSS7.8AI score0.00351EPSS
Exploits1References20
RedhatCVE
RedhatCVE
added 2025/05/14 11:42 a.m.16 views

CVE-2025-3931

A flaw was found in Yggdrasil, which acts as a system broker, allowing the processes to communicate to other children's "worker" processes through the DBus component. Yggdrasil creates a DBus method to dispatch messages to workers. However, it misses authentication and authorization checks,...

7.8CVSS6.8AI score0.00158EPSS
Exploits0References3
Intel
Intel
added 2025/05/12 12:0 a.m.27 views

2025.1 IPU -Intel® Processor Advisory

Summary: A potential security vulnerability in some Intel® Processors may allow information disclosure. Intel is releasing microcode updates and prescriptive guidance to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2024-28956 Description: Exposure of Sensitive...

5.7CVSS6.1AI score0.00371EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/01 7:42 p.m.19 views

Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to a Race Condition vulnerability in Apache Tomcat [CVE-2024-56337]

Summary IBM Watson Speech Services Cartridge is vulnerable to a Race Condition vulnerability in Apache Tomcat, due to a case insensitive file system, caused by improper default installation settings CVE-2024-56337. Apache Tomcat is used in our Speech microservices. This vulnerabilitiy has been...

9.8CVSS9.9AI score0.09028EPSS
Exploits13Affected Software1
RedhatCVE
RedhatCVE
added 2025/04/29 8:43 p.m.18 views

CVE-2025-3501

A flaw was found in Keycloak. By setting a verification policy to 'ALL', the trust store certificate verification is skipped, which is unintended. Mitigation Use the correct TLS configuration and avoid using "--tls-hostname-verifier=any"...

8.2CVSS8AI score0.00385EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/04/21 5:32 a.m.11 views

CVE-2025-43961

In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment,...

2.9CVSS3.5AI score0.0039EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/04/08 6:37 a.m.7 views

CVE-2025-29769

libvips is a demand-driven, horizontally threaded image processing library. The heifsave operation could incorrectly determine the presence of an alpha channel in an input when it was not possible to determine the colour interpretation, known internally within libvips as "multiband". There aren't...

6.6CVSS6.3AI score0.00265EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2025/04/08 6:5 a.m.9 views

CVE-2024-38797

A flaw was found in EDK2. This vulnerability allows an attacker to cause an out-of-bounds read, potentially leading to a loss of integrity and/or availability via a crafted data pointer and length sent over an adjacent network. Mitigation Mitigation for this issue is either not available or the...

4.6CVSS6.8AI score0.0023EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/03/31 7:38 p.m.17 views

CVE-2025-31124 Zitadel allows User Enumeration by loginname attribute normalization

Zitadel is open-source identity infrastructure software. ZITADEL administrators can enable a setting called "Ignoring unknown usernames" which helps mitigate attacks that try to guess/enumerate usernames. If enabled, ZITADEL will show the password prompt even if the user doesn't exist and report...

5.3CVSS0.00487EPSS
Exploits0References11
GithubExploit
GithubExploit
added 2025/03/29 2:12 a.m.542 views

Exploit for CVE-2025-29927

CVE-2025-29927 - Next.js Middleware Authorization Bypass PoC...

9.1CVSS7.5AI score0.99301EPSS
Exploits58
Rows per page
Query Builder