Lucene search
+L

119 matches found

OSV
OSV
added 2025/05/30 1:48 p.m.4 views

OESA-2025-1568 libpq security update

PostgreSQL is a powerful, open source object-relational database system that uses and extends the SQL language combined with many features that safely store and scale the most complicated data workloads. This package provides the essential shared library for any PostgreSQL client program or...

5.9CVSS7.5AI score0.00637EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/21 9:2 p.m.7 views

CVE-2009-5009

Double free vulnerability in OpenConnect before 1.40 might allow remote AnyConnect SSL VPN servers to cause a denial of service application crash or possibly have unspecified other impact via a crafted DTLS Cipher option during a reconnect operation...

5CVSS7.7AI score0.0098EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/14 12:0 a.m.19 views

iTop 安全漏洞

iTop is a simple, web-based IT service management tool from Combodo Open Source. A security vulnerability exists in iTop versions prior to 3.2.1 that stems from a regular expression denial of service that may affect the server...

5.3CVSS6.6AI score0.00265EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/05/07 7:4 a.m.4 views

libsoup: Double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" GHashTable value

A use-after-free type vulnerability was found in libsoup, in the soupmessageheadersgetcontentdisposition function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server...

9CVSS7.3AI score0.0091EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2025/04/16 2:35 a.m.7 views

SUSE CVE-2025-32911

A use-after-free type vulnerability was found in libsoup, in the soupmessageheadersgetcontentdisposition function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server...

8.1CVSS7AI score0.0091EPSS
Exploits0References16
ATTACKERKB
ATTACKERKB
added 2025/04/15 4:16 p.m.3 views

CVE-2025-32911

A use-after-free type vulnerability was found in libsoup, in the soupmessageheadersgetcontentdisposition function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server...

9CVSS7.3AI score0.0091EPSS
Exploits0References16
OSV
OSV
added 2025/04/14 3:15 p.m.1 views

DEBIAN-CVE-2025-32909

A flaw was found in libsoup. SoupContentSniffer may be vulnerable to a NULL pointer dereference in the sniffmp4 function. The HTTP server may cause the libsoup client to crash...

5.3CVSS6AI score0.00494EPSS
Exploits0References1
OSV
OSV
added 2025/03/25 2:29 p.m.4 views

USN-7371-1 freerdp2 vulnerabilities

Evgeny Legerov discovered that FreeRDP incorrectly handled certain memory operations. If a user were tricked into connecting to a malicious server, a remote attacker could possibly use this issue to cause FreeRDP to crash, resulting in a denial of service. CVE-2024-32458 Evgeny Legerov discovered...

9.8CVSS7.3AI score0.0375EPSS
Exploits0References5
Snyk
Snyk
added 2025/03/20 12:32 p.m.3 views

Allocation of Resources Without Limits or Throttling

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the api/v1/utils/code/format endpoint. An attacker can cause the server to become unresponsive or experience significant degradation by sending a...

8.7CVSS7AI score0.00886EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2015-4913

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors...

4CVSS6.7AI score0.03919EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2025/02/28 10:15 p.m.3 views

CVE-2025-26466

A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to ...

5.9CVSS7.1AI score0.38474EPSS
Exploits4References5Affected Software6
OSV
OSV
added 2025/01/14 6:15 p.m.11 views

AZL-55682 CVE-2024-12087 affecting package rsync for versions less than 3.4.1-1

A path traversal vulnerability exists in rsync. It stems from behavior enabled by the --inc-recursive option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the --inc-recursive option, a lack of proper...

7.5CVSS7.3AI score0.02262EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/01/07 12:0 a.m.6 views

WeGIA 代码问题漏洞

WeGIA is a web manager for welfare organizations by the individual developer Nilson Lazarin. A code issue vulnerability exists in WeGIA versions prior to 3.2.6, which stems from a lack of proper validation of the /WeGIA/html/socio/sistema/controller/controlaxlsx.php endpoint when accepting file...

9.9CVSS6.6AI score0.00722EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/08/28 12:0 a.m.4 views

NetIQ Advanced Authentication 安全漏洞

NetIQ Advanced Authentication is an application from NetIQ UK. It provides a more secure way to protect your sensitive information by moving away from usernames and passwords. A brute force vulnerability exists in NetIQ Advanced Authentication versions prior to 6.3.5.1, which stems from not...

9.9CVSS6.5AI score0.00215EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/08/12 1:38 p.m.5 views

CVE-2024-7694

ThreatSonar Anti-Ransomware from TeamT5 does not properly validate the content of uploaded files. Remote attackers with administrator privileges on the product platform can upload malicious files, which can be used to execute arbitrary system command on the server...

7.2CVSS6AI score0.01807EPSS
In wildExploits0References3
CNNVD
CNNVD
added 2024/08/12 12:0 a.m.7 views

Apache MINA SSHD 安全漏洞

Apache MINA SSHD is a pure Java library from the U.S. Apache Apache Foundation that supports both client-side and server-side SSH protocols. A security bypass vulnerability exists in Apache MINA SSHD versions prior to 2.12.0, which can be exploited by an attacker to drop certain packets from a...

5.9CVSS6.8AI score0.00581EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/06/11 12:0 a.m.5 views

Hitachi FOXMAN-UN Security Vulnerability

Hitachi FOXMAN-UN is a powerful toolset in a comprehensive NMS suite from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi FOXMAN-UN and UNEM that can be exploited by an attacker to execute unintended commands or code on the server to read or modify sensitive data...

9.8CVSS7.3AI score0.00601EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/05/03 12:0 a.m.4 views

PT-2024-11516 · Ibm · Ibm Cognos Controller

Name of the Vulnerable Software and Affected Versions: IBM Cognos Controller versions 10.4.1 through 11.0.0 Description: The issue is caused by improper validation of user-supplied input, allowing a remote attacker to induce the application to perform server-side DNS lookups or HTTP requests to...

5.3CVSS9.5AI score0.00539EPSS
Exploits0References5
OSV
OSV
added 2024/03/25 7:45 p.m.53 views

GHSA-2GRW-MC9R-822R phpMyFAQ SQL injections at insertentry & saveentry

Summary A SQL injection vulnerability has been discovered in the insertentry & saveentry when modifying records due to improper escaping of the email address. This allows any authenticated user with the rights to add/edit FAQ news to exploit this vulnerability to exfiltrate data, take over accoun...

8.8CVSS9.2AI score0.00968EPSS
Exploits1References4
OSV
OSV
added 2024/02/26 4:27 p.m.1 views

DEBIAN-CVE-2024-22201

Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to st...

7.5CVSS6.9AI score0.01433EPSS
Exploits0References1
Rows per page
Query Builder