CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3197 matches found

Tenable Nessus•added 2025/08/30 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2024-37535

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNOME VTE before 0.76.3 allows an attacker to cause a denial of service memory consumption via a window resize escape sequence, a related issue to CVE-2000-0476...

4.4CVSS5.6AI score0.00016EPSS

Exploits0References4

CNNVD•added 2025/08/29 12:0 a.m.•1 views

tracing 安全漏洞

tracing is an open source application from Tokio. A security vulnerability exists in tracing versions prior to 0.3.20, which stems from ANSI escape sequence injection and could lead to endpoint manipulation...

2.3CVSS6.7AI score0.00112EPSS

Exploits0References3

Tenable Nessus•added 2025/08/27 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2023-40890

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A stack-based buffer overflow vulnerability exists in the lookupsequence function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure...

9.8CVSS7.9AI score0.002EPSS

Exploits0References2

Tenable Nessus•added 2025/08/27 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2025-2999

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in PyTorch 2.6.0. It has been rated as critical. Affected by this issue is the function torch.nn.utils.rnn.unpacksequence. The...

5.3CVSS5.2AI score0.00124EPSS

Exploits0References3

Tenable Nessus•added 2025/08/24 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2009-4487

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly...

6.8CVSS6.2AI score0.017EPSS

Exploits2References2

Tenable Nessus•added 2025/08/24 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2008-3234

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by...

6.5CVSS8.1AI score0.04643EPSS

Exploits1References2

OSV•added 2025/08/22 11:36 a.m.•3 views

OESA-2025-2071 microcode_ctl security update

Security Fixes: Improper buffer restrictions for some IntelR XeonR Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access.CVE-2025-20053 Improper Isolation or Compartmentalization in the stream cache mechanism for some IntelR...

7.9CVSS6.9AI score0.00099EPSS

Exploits0References10

Tenable Nessus•added 2025/08/21 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2019-8321

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::UserInteractionverbose calls say without escaping, escape sequence injection is...

7.5CVSS6.6AI score0.00321EPSS

Exploits0References2

Tenable Nessus•added 2025/08/20 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2022-4245

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtilwriteComment fails to sanitize comments for a -- sequence. This issue means...

4.3CVSS5.5AI score0.0006EPSS

Exploits0References2

SUSE CVE•added 2025/08/19 11:21 p.m.•1 views

SUSE CVE-2025-54881

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 10.9.0-rc.1 to 11.9.0, user supplied input for sequence diagram labels is passed to innerHTML duri...

5.3CVSS6.9AI score0.00029EPSS

Exploits0References3

Snyk•added 2025/08/19 8:16 p.m.•1 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:mermaid is a package for generation of diagrams and flowcharts from text in a similar manner as markdown. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the calculateMathMLDimensions function, which was introduced in 5c69e5f. An attacker...

6.1CVSS5.9AI score0.00029EPSS

Exploits0References2

Snyk•added 2025/08/19 8:16 p.m.•1 views

Cross-site Scripting (XSS)

Overview mermaid is a package for generation of diagrams and flowcharts from text in a similar manner as markdown. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the calculateMathMLDimensions function, which was introduced in 5c69e5f. An attacker can execute...

6.1CVSS5.5AI score0.00029EPSS

Exploits0References2

OSV•added 2025/08/19 8:16 p.m.•0 views

GHSA-7RQQ-PRVP-X9JH Mermaid improperly sanitizes sequence diagram labels leading to XSS

Summary In the default configuration of mermaid 11.9.0, user supplied input for sequence diagram labels is passed to innerHTML during calculation of element size, causing XSS. Details Sequence diagram node labels with KaTeX delimiters are passed through calculateMathMLDimensions. This method pass...

5.3CVSS5.9AI score0.00029EPSS

Exploits0References5