Lucene search
K

35 matches found

Snyk
Snyk
added 2026/05/20 3:31 p.m.18 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview diffusers is a State-of-the-art diffusion in PyTorch and JAX. Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition in the frompretrained flow. An attacker can execute arbitrary code by exploiting a race condition between two repository fetch...

7.5CVSS6.2AI score0.00048EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 8:42 a.m.28 views

CVE-2022-31044

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. The Key Storage converter plugin mechanism was not enabled correctly in Rundeck 4.2.0 and 4.2.1, resulting in use of the encryption layer for Key Storage possibly not working. Any credentials created...

7.5CVSS7AI score0.0063EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-29641

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.01186EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-30440

Malicious code in bioql PyPI...

6.3CVSS6.5AI score0.01065EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-0700

Malicious code in bioql PyPI...

7.5CVSS4.1AI score0.00695EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-0037

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.65176EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-7378

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.01234EPSS
Exploits0References4
NVD
NVD
added 2025/08/03 10:15 a.m.6 views

CVE-2024-41177

Incomplete Blacklist to Cross-Site Scripting vulnerability in Apache Zeppelin. This issue affects Apache Zeppelin: before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue...

6.1CVSS0.00562EPSS
Exploits1References4
NVD
NVD
added 2025/06/19 12:15 a.m.15 views

CVE-2025-23171

The Versa Director SD-WAN orchestration platform provides an option to upload various types of files. The Versa Director does not correctly limit file upload permissions. The UI appears not to allow file uploads but uploads still succeed. In addition, the Versa Director discloses the full filenam...

7.2CVSS0.00463EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/06/18 12:0 a.m.3 views

PT-2025-26170

Name of the Vulnerable Software and Affected Versions open5gs versions 2.7.2 and earlier Description A missing length check in the ogs pfcp dev add function from the PFCP library allows a local attacker to cause a Buffer Overflow by changing the session.dev field with a value with length greater...

7.1CVSS6.3AI score0.00186EPSS
Exploits1References13
Positive Technologies
Positive Technologies
added 2025/06/18 12:0 a.m.3 views

PT-2025-26198

Name of the Vulnerable Software and Affected Versions urllib3 versions prior to 2.5.0 Description The issue affects how urllib3 handles redirects and retries, controlled by the Retry object. Normally, redirects can be disabled at the request level or by instantiating a PoolManager with specific...

6.1CVSS6.2AI score0.004EPSS
Exploits1References76
OSV
OSV
added 2025/06/04 7:15 p.m.8 views

CVE-2025-48888 Deno run with --allow-read and --deny-read flags results in allowed

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.41.3 and prior to versions 2.1.13, 2.2.13, and 2.3.2, deno run --allow-read --deny-read main.ts results in allowed, even though 'deny' should be stronger. The result is the same with all global unary permissions give...

6.9CVSS6.5AI score0.00342EPSS
Exploits1References8
CVE
CVE
added 2025/05/22 12:23 p.m.64 views

CVE-2025-3937

The CVE-2025-3937 issue affects Tridium Niagara Framework and Niagara Enterprise Security. Vulnerable component: password hash with insufficient computational effort, enabling cryptanalysis. Affected software versions: Niagara Framework before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterp...

9.8CVSS7.6AI score0.00316EPSS
Exploits0References2Affected Software2
OSV
OSV
added 2025/05/14 11:16 a.m.8 views

PYSEC-2025-60

Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in the OpenIdAuthorizer of Apache IoTDB. This issue affects Apache IoTDB: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2. Users are recommended to upgrade to version...

7.5CVSS7.1AI score0.00709EPSS
Exploits0References4
SonicWall
SonicWall
added 2025/04/08 8:58 p.m.10 views

SonicWall NetExtender Windows Client Multiple Vulnerabilities

1 CVE-2025-23008 - SonicWall NetExtender Improper Privilege Management VulnerabilityAn improper privilege management vulnerability in the SonicWall NetExtender Windows 32 and 64 bit client allows a low privileged attacker to modify configurations. CVSS Score: 7.2 CVSS Vector:...

7.2CVSS7.2AI score0.00385EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 12:24 a.m.14 views

CVE-2024-31448

Combodo iTop is a simple, web based IT Service Management tool. By filling malicious code in a CSV content, an Cross-site Scripting XSS attack can be performed when importing this content. This issue has been fixed in versions 3.1.2 and 3.2.0. All users are advised to upgrade. Users unable to...

8.8CVSS6.1AI score0.00329EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2024/12/09 3:31 p.m.21 views

Apache Superset: Error verbosity exposes metadata in analytics databases

Generation of Error Message Containing analytics metadata Information in Apache Superset. This issue affects Apache Superset: before 4.1.0. Users are recommended to upgrade to version 4.1.0, which fixes the issue...

5.3CVSS6.8AI score0.00771EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/11/25 2:15 p.m.11 views

CVE-2024-11498

There exists a stack buffer overflow in libjxl. A specifically-crafted file can cause the JPEG XL decoder to use large amounts of stack space up to 256mb is possible, maybe 512mb, potentially exhausting the stack. An attacker can craft a file that will cause excessive memory usage. We recommend...

7.5CVSS7AI score
Exploits0References1
OSV
OSV
added 2024/11/15 4:46 p.m.16 views

CVE-2024-52518 Nextcloud Server is missing password confirmation when changing external storage options

Nextcloud Server is a self hosted personal cloud system. After an attacker got access to the session of a user or administrator, the attacker would be able to create, change or delete external storages without having to confirm the password. It is recommended that the Nextcloud Server is upgraded...

4.4CVSS6.3AI score0.00529EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/09/10 12:0 a.m.6 views

PT-2024-30664

Name of the Vulnerable Software and Affected Versions Express.js versions prior to 4.20.0 Description The issue concerns the execution of untrusted code when passing untrusted user input to the response.redirect function in Express.js, even after sanitizing the input. This can occur when an...

5CVSS6.9AI score0.00458EPSS
Exploits0References25
Rows per page
Query Builder