Lucene search
K

365 matches found

Packet Storm
Packet Storm
added 2025/07/16 12:0 a.m.104 views

📄 PivotX 3.0.0 RC3 Remote Code Execution / Cross Site Scripting

PivotX version 3.0.0 RC3 suffers from a persistent cross site scripting vulnerability that can assist an attacker in achieving remote code execution once privileges are escalated. Exploit Title: PivotX v3.0.0 RC3 - Stored XSS to Remote Code Execution RCE Date: July 2025 Exploit Author: HayToN...

7.4AI score0.04253EPSS
Exploits6
SUSE CVE
SUSE CVE
added 2025/07/08 11:35 p.m.2 views

SUSE CVE-2025-7067

A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5FSsinfoserializenodecb of the file src/H5FScache.c. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed ...

5.5CVSS3.6AI score0.00215EPSS
Exploits1References3
OSV
OSV
added 2025/07/04 6:15 p.m.8 views

AZL-65208 CVE-2025-7067 affecting package hdf5 for versions less than 1.14.6-1

A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5FSsinfoserializenodecb of the file src/H5FScache.c. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed ...

5.5CVSS5AI score0.00215EPSS
Exploits1References1
OSV
OSV
added 2025/07/04 6:15 p.m.1 views

DEBIAN-CVE-2025-7067

A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5FSsinfoserializenodecb of the file src/H5FScache.c. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed ...

5.5CVSS4AI score0.00215EPSS
Exploits1References1
Snyk
Snyk
added 2025/07/04 6:2 p.m.1 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the H5FSsinfoserializenodecb function. An attacker can cause a denial of service by triggering a heap-based buffer overflow through local access. Remediation A fix was pushed into the master branch but not...

5.5CVSS4.2AI score0.00215EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/01 10:22 a.m.6 views

Security Bulletin: IBM Event Endpoint Management is vulnerable to a Cross-site scripting (XSS) attack (CVE-2024-11831).

Summary IBM Event Endpoint Management is vulnerable to a Cross-site scripting XSS attack due to a flaw in npm-serialize-javascript. It is used for safely serialize complex JavaScript objects for storage or transmission. Vulnerability Details CVEID:CVE-2024-11831 DESCRIPTION: A flaw was found in...

5.4CVSS6.1AI score0.01006EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2025/05/15 12:0 a.m.3 views

NI Circuit Design Suite 安全漏洞

NI Circuit Design Suite is a circuit design suite from National Instruments NI that provides a complete set of tools for circuit design, simulation, verification, and layout. A security vulnerability exists in NI Circuit Design Suite version 14.3.0 and earlier, which stems from a stack buffer...

8.5CVSS6.7AI score0.0017EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2025/04/28 12:0 p.m.2 views

GSL (>=0.4.25 <=0.4.26), IMAPServer (=0.0.0) +4478 more potentially affected by unknown CVE via rustc-serialize (>=0.1.5 <=0.3.25)

rustc-serialize CARGO version =0.1.5, =0.4.25, =0.1.0, =0.1.7, =0.2.0-beta.4, =0.0.6, =0.1.0, =0.2.1, =0.1.4, =0.1.1, =0.3.0 - ace-test-lib =0.1.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0025...

5.7AI score
Exploits0
OSV
OSV
added 2025/04/28 12:0 p.m.10 views

RUSTSEC-2025-0025 rustc-serialize is unmaintained

rustc-serialize will no longer be maintained as declared by the developer. By fuzzing the package, we can identify multiple vulnerabilities. The project has been archived and cannot submit issues. The developer has recommended using the serde crate instead...

7.2AI score
Exploits0References3
RustSec
RustSec
added 2025/04/28 12:0 p.m.8 views

rustc-serialize is unmaintained

rustc-serialize will no longer be maintained as declared by the developer. By fuzzing the package, we can identify multiple vulnerabilities. The project has been archived and cannot submit issues. The developer has recommended using the serde crate instead...

7.2AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/04/28 12:0 a.m.7 views

PT-2025-19690 · Crates.Io · Rustc-Serialize

rustc-serialize will no longer be maintained as declared by the developer. By fuzzing the package, we can identify multiple vulnerabilities. The project has been archived and cannot submit issues. The developer has recommended using the serde crate instead...

7.3AI score
Exploits0References4
SUSE CVE
SUSE CVE
added 2025/04/01 1:43 a.m.1 views

SUSE CVE-2025-2914

A vulnerability classified as problematic has been found in HDF5 up to 1.14.6. This affects the function H5FSsinfoSrializeSctcb of the file src/H5FScache.c. The manipulation of the argument sect leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has...

4.8CVSS3.7AI score0.00255EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2025/04/01 1:43 a.m.5 views

SUSE CVE-2025-2926

A vulnerability was found in HDF5 up to 1.14.6 and classified as problematic. This issue affects the function H5Ocachechkserialize of the file src/H5Ocache.c. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public a...

5.5CVSS3.3AI score0.00233EPSS
Exploits1References3
OSV
OSV
added 2025/03/28 8:15 p.m.8 views

AZL-59347 CVE-2025-2926 affecting package hdf5 for versions less than 1.14.6-1

A vulnerability was found in HDF5 up to 1.14.6 and classified as problematic. This issue affects the function H5Ocachechkserialize of the file src/H5Ocache.c. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public a...

5.5CVSS4.4AI score0.00233EPSS
Exploits1References1
OSV
OSV
added 2025/03/28 8:15 p.m.6 views

AZL-59397 CVE-2025-2926 affecting package hdf5 for versions less than 1.14.6-1

A vulnerability was found in HDF5 up to 1.14.6 and classified as problematic. This issue affects the function H5Ocachechkserialize of the file src/H5Ocache.c. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public a...

5.5CVSS4.7AI score0.00233EPSS
Exploits1References1
OSV
OSV
added 2025/03/28 8:15 p.m.3 views

UBUNTU-CVE-2025-2926

A vulnerability was found in HDF5 up to 1.14.6 and classified as problematic. This issue affects the function H5Ocachechkserialize of the file src/H5Ocache.c. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public a...

5.5CVSS4.6AI score0.00233EPSS
Exploits1References6
AlpineLinux
AlpineLinux
added 2025/03/28 8:0 p.m.4 views

CVE-2025-2926

A vulnerability was found in HDF5 up to 1.14.6 and classified as problematic. This issue affects the function H5Ocachechkserialize of the file src/H5Ocache.c. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public a...

5.5CVSS7.2AI score0.00233EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/03/28 12:0 a.m.4 views

HDF5 安全漏洞

HDF5 is an HDF open source library. A security vulnerability exists in HDF5 1.14.6 and earlier versions, which stems from a null pointer dereference in the H5Ocachechkserialize function that requires local access...

5.5CVSS3.9AI score0.00233EPSS
Exploits1References5
vulnersOsv
vulnersOsv
added 2025/02/10 6:30 p.m.6 views

@aadarshjr/reweb-js (>=1.0.7 <=1.0.17), @acentswap/ace-core-trial (>=10.4.0 <=10.7.0) +1728 more potentially affected by CVE-2024-11831 via serialize-javascript (>=6.0.0 <=6.0.1)

serialize-javascript NPM version =6.0.0, =1.0.7, =10.4.0, =9.0.0, =10.0.0, =10.0.0, =10.5.0, =10.4.0, =1.1.8, =0.4.10, =5.0.0, =6.0.0 and more Source cves: CVE-2024-11831 Source advisory: OSV:GHSA-76P7-773F-R4Q5...

5.4CVSS7.1AI score0.01006EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2025/02/10 6:30 p.m.13 views

Cross-site Scripting (XSS) in serialize-javascript

A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by...

5.4CVSS5.2AI score0.01006EPSS
Exploits0References27Affected Software1
Rows per page
Query Builder