Lucene search
K

3867 matches found

SUSE CVE
SUSE CVE
added 2025/12/31 12:27 a.m.2 views

SUSE CVE-2023-54252

In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings My previous commit introduced a memory leak where the item allocated from tlmisetting was not freed. This commit also renames it to avoid confusion...

4.7CVSS6.5AI score0.00168EPSS
Exploits0References7
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Image Photo Gallery Final Tiles Grid plugin <= 3.6.8 - Authenticated (Author+) Stored Cross-Site Scripting via 'Custom Scripts' Setting vulnerability

Authenticated Author+ Stored Cross-Site Scripting via 'Custom Scripts' Setting vulnerability discovered by WordFence in WordPress Plugin Image Photo Gallery Final Tiles Grid versions = 3.6.8...

6.4CVSS5.9AI score0.00197EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/12/31 12:0 a.m.2 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992769)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992769 advisory. In the Linux kernel, the following vulnerability has been resolved: spufs: fix a leak in spufscreatecontext Leak fixes back in 2008 missed one case - if we are tryin...

5.5CVSS6.2AI score0.00174EPSS
Exploits0References4
Snyk
Snyk
added 2025/12/30 8:44 p.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the system.enableCrossNamespaceCommands when it is enabled on by default. An attacker can perform unauthorized actions in a different namespace by submitting workflow task commands that target namespaces othe...

6.3CVSS7AI score0.00358EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/30 8:41 p.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization when the frontend.enableExecuteMultiOperation is enabled. An attacker can circumvent namespace-specific validation and feature gates by setting the embedded StartWorkflowExecutionRequest's namespace field to a...

5.3CVSS6.8AI score0.00415EPSS
Exploits0References2
NVD
NVD
added 2025/12/30 1:16 p.m.10 views

CVE-2023-54252

In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings My previous commit introduced a memory leak where the item allocated from tlmisetting was not freed. This commit also renames it to avoid confusion...

0.00168EPSS
Exploits0References4
OSV
OSV
added 2025/12/30 1:16 p.m.2 views

UBUNTU-CVE-2023-54252

In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings My previous commit introduced a memory leak where the item allocated from tlmisetting was not freed. This commit also renames it to avoid confusion...

5.7AI score0.00168EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/12/30 12:15 p.m.24 views

CVE-2023-54252 platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings

In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings My previous commit introduced a memory leak where the item allocated from tlmisetting was not freed. This commit also renames it to avoid confusion...

0.00168EPSS
Exploits0References4
CVE
CVE
added 2025/12/30 12:15 p.m.10 views

CVE-2023-54252

CVE-2023-54252 refers to a Linux kernel issue in the x86 ThinkStation WMI handling (platform/x86: think-lmi). The root cause is a memory leak where the tlmi_setting item allocated during WMI string parsing was not freed, with an accompanying renaming to avoid confusion with a similarly named vari...

6.1AI score0.00168EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/30 12:0 a.m.6 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an improper setting of pagelen in the NFSv2 GETACL result encoder, which could lead to a memory content leak...

5.9AI score0.002EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/12/29 11:55 p.m.5 views

CVE-2025-15161

A vulnerability was found in Tenda WH450 1.0.0.18. Affected is an unknown function of the file /goform/PPTPUserSetting. Performing a manipulation of the argument delno results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could...

8.6CVSS7.4AI score0.01002EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/29 2:3 p.m.7 views

CVE-2025-15128

A vulnerability was detected in ZKTeco BioTime up to 9.0.3/9.0.4/9.5.2. This affects an unknown part of the file /base/safesetting/ of the component Endpoint. Performing a manipulation of the argument backupencryptionpassworddecrypt/exportencryptionpassworddecrypt results in unprotected storage o...

6.9CVSS5.5AI score0.00272EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/29 12:30 a.m.4 views

EUVD-2025-205534

A vulnerability was found in Tenda WH450 1.0.0.18. Affected is an unknown function of the file /goform/PPTPUserSetting. Performing manipulation of the argument delno results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could b...

8.6CVSS6.5AI score0.01002EPSS
Exploits1References7
CVE
CVE
added 2025/12/29 12:0 a.m.15 views

CVE-2025-68706

CVE-2025-68706 affects KuWFi 4G LTE AC900 devices running firmware 1.0.13, in the GoAhead-Webs HTTP daemon. The vulnerability is in the /goform/formMultiApnSetting handler, which copies the user-provided pincode into a fixed 132-byte stack buffer using sprintf() without bounds checking. This stac...

9.8CVSS7.8AI score0.04193EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2025/12/28 11:15 p.m.4 views

CVE-2025-15161

A vulnerability was found in Tenda WH450 1.0.0.18. Affected is an unknown function of the file /goform/PPTPUserSetting. Performing a manipulation of the argument delno results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could...

8.6CVSS0.01002EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/12/28 11:2 p.m.4 views

CVE-2025-15161 Tenda WH450 PPTPUserSetting stack-based overflow

A vulnerability was found in Tenda WH450 1.0.0.18. Affected is an unknown function of the file /goform/PPTPUserSetting. Performing a manipulation of the argument delno results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could...

8.6CVSS7.4AI score0.01002EPSS
Exploits1References5
CVE
CVE
added 2025/12/28 11:2 p.m.10 views

CVE-2025-15161

CVE-2025-15161 affects Tenda WH450 1.0.0.18. The vulnerability is in an unknown function of the file /goform/PPTPUserSetting, where manipulation of the delno argument leads to a stack-based buffer overflow. Remote exploitation is possible, and PoCs have been published. Multiple sources corroborat...

8.6CVSS7.4AI score0.01002EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2025/12/28 8:32 a.m.4 views

CVE-2025-15128

A vulnerability was detected in ZKTeco BioTime up to 9.0.3/9.0.4/9.5.2. This affects an unknown part of the file /base/safesetting/ of the component Endpoint. Performing a manipulation of the argument backupencryptionpassworddecrypt/exportencryptionpassworddecrypt results in unprotected storage o...

6.9CVSS5.1AI score0.00272EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/28 8:32 a.m.3 views

CVE-2025-15128 ZKTeco BioTime Endpoint safe_setting credentials storage

A vulnerability was detected in ZKTeco BioTime up to 9.0.3/9.0.4/9.5.2. This affects an unknown part of the file /base/safesetting/ of the component Endpoint. Performing a manipulation of the argument backupencryptionpassworddecrypt/exportencryptionpassworddecrypt results in unprotected storage o...

6.9CVSS5.5AI score0.00272EPSS
Exploits0References6
CVE
CVE
added 2025/12/28 8:32 a.m.22 views

CVE-2025-15128

ZKTeco BioTime Endpoint (affected: up to 9.0.3/9.0.4/9.5.2) contains a vulnerability in the file /base/safe_setting/ within the Endpoint component. Manipulating the arguments backup_encryption_password_decrypt/export_encryption_password_decrypt can lead to unprotected storage of credentials. Remo...

6.9CVSS5.5AI score0.00272EPSS
Exploits0References6
Rows per page
Query Builder