Lucene search
K

3873 matches found

EUVD
EUVD
added 2025/11/12 6:31 p.m.4 views

EUVD-2025-131921

If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request f...

8.6CVSS6.1AI score0.00406EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/11/12 6:1 p.m.5 views

python-kdcproxy: Unauthenticated SSRF via Realm‑Controlled DNS SRV

If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request f...

8.6CVSS5.9AI score0.00406EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/11/12 4:35 p.m.3 views

CVE-2025-59088

If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request f...

8.6CVSS6.6AI score0.00406EPSS
Exploits0References4
NVD
NVD
added 2025/11/12 8:15 a.m.7 views

CVE-2025-12018

The MembershipWorks – Membership, Events & Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS0.00209EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/11/12 6:59 a.m.10 views

CVE-2025-6298

ACAP applications can gain elevated privileges due to improper input validation, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim ...

6.7CVSS7AI score0.00122EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/12 4:29 a.m.7 views

CVE-2025-12901 Asgaros Forum <= 3.2.1 - Cross-Site Request Forgery to Subscription Settings Update

The Asgaros Forum plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.1. This is due to missing nonce validation on the setsubscriptionlevel function. This makes it possible for unauthenticated attackers to modify the subscription settings of...

4.3CVSS0.00136EPSS
Exploits0References5
Packet Storm News
Packet Storm News
added 2025/11/12 12:0 a.m.7 views

Framing the Hacker: Media Representations and Public Discourse in Germany

This paper examines how the figure of the hacker is portrayed in German mainstream media and explores the impact of media framing on public discourse. Through a longitudinal content analysis of 301 articles from four of the most widely circulated German newspapers Die Zeit, S�ddeutsche Zeitung,...

6.8AI score
Exploits0
EUVD
EUVD
added 2025/11/11 6:30 a.m.6 views

EUVD-2025-60977

The Shelf Planner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several REST API endpoints in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to modify several of the plugin's settings li...

5.3CVSS4.9AI score0.00244EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/10 9:40 p.m.9 views

CVE-2025-64502 Parse Server allows public `explain` queries which may expose sensitive database performance information and schema details

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. The MongoDB explain method provides detailed information about query execution plans, including index usage, collection scanning behavior, and performance metrics. Prior to version 8.5.0-alpha....

6.9CVSS0.00372EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/11/09 2:28 a.m.3 views

SUSE CVE-2016-11073

An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a Legal or Support setting...

6.1CVSS6.2AI score0.00685EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2025/11/09 12:0 a.m.19 views

Enhancing Deep Learning-Based Rotational-XOR Attacks on Lightweight Block Ciphers Simon32/64 and Simeck32/64

At CRYPTO 2019, Gohr pioneered neural cryptanalysis by introducing differential-based neural distinguishers to attack Speck32/64, establishing a novel paradigm combining deep learning with differential cryptanalysis.Since then, constructing neural distinguishers has become a significant approach ...

6.8AI score
Exploits0
NVD
NVD
added 2025/11/06 11:15 p.m.3 views

CVE-2025-12636

The Ubia camera ecosystem fails to adequately secure API credentials, potentially enabling an attacker to connect to backend services. The attacker would then be able to gain unauthorized access to available cameras, enabling the viewing of live feeds or modification of settings...

7.1CVSS0.00229EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2025/11/06 10:15 p.m.3 views

CVE-2025-12636

The Ubia camera ecosystem fails to adequately secure API credentials, potentially enabling an attacker to connect to backend services. The attacker would then be able to gain unauthorized access to available cameras, enabling the viewing of live feeds or modification of settings...

7.1CVSS5.9AI score0.00229EPSS
Exploits0References3
NCSC
NCSC
added 2025/11/06 12:36 p.m.6 views

Vulnerability fixed in Cisco Identity Services Engine

Cisco has fixed a vulnerability in Cisco Identity Services Engine. The vulnerability is located in the RADIUS setting of Cisco Identity Services Engine, which can be exploited by unauthenticated remote attackers. This vulnerability allows attackers to cause a logic error, potentially leading to a...

8.6CVSS6.9AI score0.00673EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/06 10:13 a.m.13 views

CVE-2025-12192

The Events Calendar plugin for WordPress is vulnerable to information disclosure in versions up to, and including, 6.15.9. The sysinfo REST endpoint compares the provided key to the stored opt-in key using a loose comparison, allowing unauthenticated attackers to send a boolean value and obtain t...

5.3CVSS5.8AI score0.00228EPSS
Exploits0References1
CNVD
CNVD
added 2025/11/05 12:0 a.m.4 views

Tenda AX-1803 Buffer Overflow Vulnerability

The Tenda AX-1803 is a wireless router from Tenda, a Chinese company. A buffer overflow vulnerability exists in the Tenda AX-1803 v1.0.0.1, which originates from the timeZone parameter in the formfastsettingwifiset function that fails to correctly validate the length of the input data, and can be...

7.5CVSS8.3AI score0.00362EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/11/05 12:0 a.m.7 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989776)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989776 advisory. In the Linux kernel, the following vulnerability has been resolved: ACPI: scan: Fix a memory leak in an error handling path If 'acpidevicesetname' fails, we must fre...

5.5CVSS5.9AI score0.00249EPSS
Exploits0References4
OSV
OSV
added 2025/11/04 7:15 a.m.4 views

CVE-2025-20732

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege when OceReducedNeighborReport is disabled. User interaction is not needed for exploitation...

5.3CVSS5.8AI score0.00103EPSS
Exploits0References1
NVD
NVD
added 2025/11/04 5:16 a.m.8 views

CVE-2025-12389

The Import Export For WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updatesetting function in all versions up to, and including, 1.6.2. This makes it possible for authenticated attackers, with Subscriber-level access a...

4.3CVSS0.00168EPSS
Exploits0References2
OSV
OSV
added 2025/11/04 2:15 a.m.3 views

CVE-2025-43496

The issue was addressed by adding additional logic. This issue is fixed in watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Sequoia 15.7.2, visionOS 26.1. Remote content may be loaded even when the 'Load Remote Images' setting is turned off...

7.5CVSS5.8AI score0.0046EPSS
Exploits0References6
Rows per page
Query Builder