Lucene search
K

36 matches found

Nuclei
Nuclei
added yesterday52 views

Ray Static File - Local File Inclusion

LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication. id: CVE-2023-6020 info: name: Ray Static File - Local File Inclusion author: byt3bl33d3r severity: high description: | LFI in Ray's /static/ directory allows attackers to read any file on the...

7.5CVSS7.3AI score0.14652EPSS
Exploits3References2
Nuclei
Nuclei
added 3 days ago128 views

Mongo-Express - Remote Code Execution

Mongo-Express before 1.0.0 is susceptible to remote code execution because it uses safer-eval to validate user supplied javascript. Unfortunately safer-eval sandboxing capabilities are easily bypassed leading to remote code execution in the context of the node server. id: CVE-2020-24391 info: nam...

9.8CVSS7.9AI score0.75088EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/01/27 12:0 a.m.7 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005115)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005115 advisory. In the Linux kernel, the following vulnerability has been resolved: net/iucv: fix use after free in iucvsockclose iucvseverpath is called from process context and fr...

7.8CVSS6.6AI score0.00235EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/25 2:18 p.m.4 views

EUVD-2025-205380

Malicious code in aiogram-sever-patch PyPI...

6.6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/12/25 2:18 p.m.9 views

Malicious code in aiogram-sever-patch (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0be41c08090971a10e54930628353748c82ed55c0f9795b26a932f806852fd4f During installation or importing the module, the package starts a reverse shell to hardcoded locatiom --- Category: MALICIOUS - The campaign has clearly...

7.7AI score
Exploits0References1
OSV
OSV
added 2025/12/25 2:18 p.m.12 views

MAL-2025-192931 Malicious code in aiogram-sever-patch (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0be41c08090971a10e54930628353748c82ed55c0f9795b26a932f806852fd4f During installation or importing the module, the package starts a reverse shell to hardcoded locatiom --- Category: MALICIOUS - The campaign has clearly...

7.6AI score
Exploits0References1
OSV
OSV
added 2025/08/14 6:52 p.m.3 views

MAL-2025-39034 Malicious code in webpack-sever-render-middleware (npm)

The package webpack-sever-render-middleware was found to contain malicious code...

7.2AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/10/24 12:0 a.m.5 views

The vulnerability of the iucv_sever_path() function in the IUCV driver of the Linux operating system on the s/390 platform allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the iucvseverpath function in the net/iucv/afiucv.c driver of the Linux operating system’s IUCV kernel on the s/390 platform is related to the repeated use of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality,...

7.8CVSS6.6AI score0.00235EPSS
Exploits0References28Affected Software6
SUSE CVE
SUSE CVE
added 2024/08/18 2:2 a.m.7 views

SUSE CVE-2024-42271

In the Linux kernel, the following vulnerability has been resolved: net/iucv: fix use after free in iucvsockclose iucvseverpath is called from process context and from bh context. iucv-path is used as indicator whether somebody else is taking care of severing the path or it is already removed /...

7CVSS6.4AI score0.00235EPSS
Exploits0References22
OSV
OSV
added 2024/08/17 9:15 a.m.7 views

DEBIAN-CVE-2024-42271

In the Linux kernel, the following vulnerability has been resolved: net/iucv: fix use after free in iucvsockclose iucvseverpath is called from process context and from bh context. iucv-path is used as indicator whether somebody else is taking care of severing the path or it is already removed /...

7.8CVSS5.6AI score0.00235EPSS
Exploits0References1
OSV
OSV
added 2024/08/17 9:15 a.m.4 views

AZL-47853 CVE-2024-42271 affecting package kernel for versions less than 5.15.167.1-1

In the Linux kernel, the following vulnerability has been resolved: net/iucv: fix use after free in iucvsockclose iucvseverpath is called from process context and from bh context. iucv-path is used as indicator whether somebody else is taking care of severing the path or it is already removed /...

7.8CVSS6.3AI score0.00235EPSS
Exploits0References1
OSV
OSV
added 2024/08/17 9:15 a.m.5 views

AZL-47808 CVE-2024-42271 affecting package kernel for versions less than 6.6.47.1-1

In the Linux kernel, the following vulnerability has been resolved: net/iucv: fix use after free in iucvsockclose iucvseverpath is called from process context and from bh context. iucv-path is used as indicator whether somebody else is taking care of severing the path or it is already removed /...

7.8CVSS6.3AI score0.00235EPSS
Exploits0References1
Oracle linux
Oracle linux
added 2024/05/02 12:0 a.m.36 views

xorg-x11-server-Xwayland security update

21.1.9-5 Fix for CVE-2023-6816, CVE-2024-0229, CVE-2024-21885, CVE-2024-21886, CVE-2024-0408, CVE-2024-0409 21.1.9-4 - Fix for CVE-2023-6377, CVE-2023-6478 22.1.9-3 - Fix for CVE-2023-5367...

9.8CVSS7.4AI score0.02106EPSS
Exploits0
Nginx
Nginx
added 2024/02/14 4:30 p.m.426 views

NULL pointer dereference in HTTP/3

NULL pointer dereference in HTTP/3 Severity: major CVE-2024-24989 Not vulnerable: 1.25.4+ Vulnerable: 1.25.3...

7.5CVSS7.1AI score0.01061EPSS
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/11/15 12:0 a.m.4 views

The vulnerability of the monitoring software for V-Sever and V-Sever Lite lies in buffer overflow attacks, allowing attackers to execute arbitrary code.

The vulnerability of the monitoring software for V-Sever and V-Sever Lite devices is related to buffer overflow attacks. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially crafted file...

7.8CVSS8AI score0.00287EPSS
Exploits0References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2023/11/15 12:0 a.m.5 views

The vulnerability of the monitoring software for PLK V-Sever and V-Sever Lite lies in the recording of data beyond the buffer boundaries in memory, allowing a hacker to execute arbitrary code.

The vulnerability of the monitoring software for V-Sever and V-Sever Lite lies in the writing of data beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially crafted file...

7.8CVSS7.9AI score0.00265EPSS
Exploits0References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2023/11/15 12:0 a.m.3 views

The vulnerability of the monitoring software for PLK V-Sever and V-Sever Lite lies in the ability to write beyond the buffer boundaries, allowing a hacker to execute arbitrary code.

The vulnerability of the monitoring software for V-Sever and V-Sever Lite lies in the fact that it allows data to be written beyond the buffer boundaries. Exploiting this vulnerability enables a remote attacker to execute arbitrary code using a specially crafted file...

7.8CVSS7.9AI score0.00265EPSS
Exploits0References4Affected Software2
Code423n4
Code423n4
added 2023/01/20 12:0 a.m.7 views

## Significant roundoff error in melt() function

Lines of code Vulnerability details Significant roundoff error in melt function Significant roundoff error is caused when calculating numPeriods. Also frequent calling of this function caused sever error. Proof of Concept 70 function melt external notPausedOrFrozen 71 if uint48block.timestamp 0...

6.8AI score
Exploits0
NVD
NVD
added 2022/05/24 3:15 a.m.14 views

CVE-2022-0910

A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware...

6.5CVSS0.00657EPSS
Exploits0References1
Prion
Prion
added 2022/04/21 7:15 p.m.19 views

Design/Logic Flaw

A vulnerability in the automatic decryption process in Cisco Umbrella Secure Web Gateway SWG could allow an authenticated, adjacent attacker to bypass the SSL decryption and content filtering policies on an affected system. This vulnerability is due to how the decryption function uses the TLS Sev...

2.7CVSS4.5AI score0.00176EPSS
Exploits0References1
Rows per page
Query Builder