Lucene search
K

3875 matches found

NVD
NVD
added 2025/10/24 4:18 p.m.3 views

CVE-2025-60550

D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formEasySetTimezone...

7.5CVSS0.0034EPSS
Exploits0References1
OSV
OSV
added 2025/10/23 3:30 p.m.5 views

GHSA-64W3-5Q9M-68XF Keycloak does not invalidate sessions when "Remember Me" is disabled

A flaw was found in Keycloak. Keycloak does not immediately enforce the disabling of the "Remember Me" realm setting on existing user sessions. Sessions created while "Remember Me" was active retain their extended session lifetime until they expire, overriding the administrator's recent security...

5.4CVSS5.8AI score0.00214EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/23 3:30 p.m.5 views

EUVD-2025-35689

Keycloak does not invalidate sessions when "Remember Me" is disabled...

5.4CVSS6.4AI score0.00214EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/10/23 3:30 p.m.13 views

Keycloak does not invalidate sessions when "Remember Me" is disabled

A flaw was found in Keycloak. Keycloak does not immediately enforce the disabling of the "Remember Me" realm setting on existing user sessions. Sessions created while "Remember Me" was active retain their extended session lifetime until they expire, overriding the administrator's recent security...

5.4CVSS6.4AI score0.00214EPSS
Exploits0References10Affected Software1
RedhatCVE
RedhatCVE
added 2025/10/23 6:19 a.m.14 views

CVE-2025-10651

The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ordermail' setting in versions up to, and including, 2.11.22. This is due to insufficient sanitization on the ordermail field and a lack of escaping on output. This makes it possible for authenticate...

5.5CVSS5AI score0.00226EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/22 6:30 p.m.4 views

EUVD-2025-35614

Tenda AC6 V2.0 15.03.06.50 was discovered to contain a stack overflow in the ssid parameter in the fastsettingwifiset function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

7.1AI score0.00362EPSS
Exploits1References2
OSV
OSV
added 2025/10/22 6:15 p.m.5 views

CVE-2025-60341

Tenda AC6 V2.0 15.03.06.50 was discovered to contain a stack overflow in the ssid parameter in the fastsettingwifiset function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

7.5CVSS5.9AI score0.00362EPSS
Exploits1References1
CVE
CVE
added 2025/10/22 5:27 a.m.14 views

CVE-2025-10651

CVE-2025-10651: Welcart e-Commerce (WordPress)

5.5CVSS4.7AI score0.00226EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/10/22 12:12 a.m.16 views

CVE-2025-52079

The administrator password setting of the D-Link DIR-820L 1.06B02 is has Improper Access Control and is vulnerable to Unverified Password Change via crafted POST request to /getset.ccp...

8.8CVSS7.1AI score0.00493EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/10/22 12:0 a.m.3 views

CVE-2025-60341

Tenda AC6 V2.0 15.03.06.50 was discovered to contain a stack overflow in the ssid parameter in the fastsettingwifiset function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

7.2AI score0.00362EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/10/22 12:0 a.m.5 views

Tenda AC6 安全漏洞

Tenda AC6 is a dual-band wireless router from Tenda, designed for 100 Gigabit fiber optic home users. The Tenda AC6 suffers from a stack buffer overflow vulnerability, which originates from the ssid parameter in the fastsettingwifiset function failing to properly validate the length of the input...

7.5CVSS7.3AI score0.00362EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/10/22 12:0 a.m.5 views

aiomysql 安全漏洞

aiomysql is a MySQL access library from aio-libs open source. A security vulnerability exists in aiomysql versions prior to 0.3.0, which stems from an unchecked client-side setting that could lead to a malicious server obtaining arbitrary client-side files...

8.2CVSS6.4AI score0.00354EPSS
Exploits0References4
CVE
CVE
added 2025/10/22 12:0 a.m.14 views

CVE-2025-60341

Summary: CVE-2025-60341 affects Tenda AC6 V2.0 firmware 15.03.06.50. The issue is a stack overflow in the ssid parameter of the fast_setting_wifi_set function, caused by improper input length validation. This vulnerability can be exploited by a crafted input over the network to cause a Denial of ...

7.5CVSS7.2AI score0.00362EPSS
Exploits1References1Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/10/20 3:52 a.m.8 views

Malicious code in tailwind-setting (npm)

The package tailwind-setting was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 850a3c165ca8ecb1060d82506ab99a36786c8a41575310ee91507065a46d313d Any computer that has this package installed or running should be considered fully...

6.9AI score
Exploits0References1
EUVD
EUVD
added 2025/10/20 3:52 a.m.2 views

EUVD-2025-35032

Malicious code in tailwind-setting npm...

6.6AI score
Exploits0References1
OSV
OSV
added 2025/10/20 3:52 a.m.2 views

MAL-2025-48524 Malicious code in tailwind-setting (npm)

The package tailwind-setting was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 850a3c165ca8ecb1060d82506ab99a36786c8a41575310ee91507065a46d313d Any computer that has this package installed or running should be considered fully...

6.9AI score
Exploits0References1
Snyk
Snyk
added 2025/10/20 3:52 a.m.2 views

Malicious Package

Overview tailwind-setting is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/19 10:19 a.m.10 views

CVE-2025-11926

The Related Posts Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissio...

4.4CVSS5AI score0.00279EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/10/18 5:45 a.m.4 views

CVE-2025-55099

In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in uxhostclassaudioalternatesettinglocate when parsing a descriptor with attacker-controlled frequency fields...

6.1CVSS6.8AI score0.00347EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/10/18 2:32 a.m.2 views

CVE-2025-6893

An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers. A flaw in broken access control has been identified in the /api/v1/setting/data endpoint of the affected device. This flaw allows a low-privileged authenticated user to ca...

9.3CVSS6.6AI score0.00623EPSS
Exploits0References1
Rows per page
Query Builder