Lucene search
K

2839 matches found

Debian CVE
Debian CVE
added 2025/07/14 7:31 p.m.5 views

CVE-2025-53015

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0, infinite lines occur when writing during a specific XMP file conversion command. Version 7.1.2-0 fixes the issue...

7.5CVSS5.2AI score0.00707EPSS
Exploits1
NVD
NVD
added 2025/07/11 6:15 p.m.6 views

CVE-2025-53641

Postiz is an AI social media scheduling tool. From 1.45.1 to 1.62.3, the Postiz frontend application allows an attacker to inject arbitrary HTTP headers into the middleware pipeline. This flaw enables a server-side request forgery SSRF condition, which can be exploited to initiate unauthorized...

8.2CVSS0.00247EPSS
Exploits0References2
OSV
OSV
added 2025/07/10 7:45 p.m.3 views

CVE-2025-53628 cpp-httplib does not limit the length of a line

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.20.1, cpp-httplib does not have a limit for a unique line, permitting an attacker to explore this to allocate memory arbitrarily. This vulnerability is fixed in 0.20.1. NOTE: This vulnerability is related...

6.3CVSS6.4AI score0.00442EPSS
Exploits1References5
OSV
OSV
added 2025/07/10 2:58 p.m.10 views

CVE-2025-27613 Gitk can create and truncate files in the user's home directory

Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command arguments, files for which the user has write permission can be created and truncated. The option Support per-file encoding must have been enabled...

3.6CVSS7.2AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/07/10 12:0 a.m.11 views

PT-2025-29092 · Unknown · Allworx System

Name of the Vulnerable Software and Affected Versions: Allworx System Software version 9.1.9.12 Description: A cross-site scripting XSS issue exists in the Admin Login page. Attackers can execute arbitrary web scripts or HTML by injecting a crafted payload into the SessionID parameter at the...

6.1CVSS5.8AI score0.00183EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/07/07 3:30 p.m.8 views

LlamaIndex vulnerable to Path Traversal attack through its encode_image function

A path traversal vulnerability exists in run-llama/llamaindex versions 0.11.23 through 0.12.40, specifically within the encodeimage function in genericutils.py. This vulnerability allows an attacker to manipulate the imagepath input to read arbitrary files on the server, including sensitive syste...

7.5CVSS7.3AI score0.00545EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/07/07 12:30 p.m.12 views

LlamaIndex vulnerability in ArxivReader class can cause MD5 hash collisions

A vulnerability in the ArxivReader class of the run-llama/llamaindex repository allows for MD5 hash collisions when generating filenames for downloaded papers. This can lead to data loss as papers with identical titles but different contents may overwrite each other, preventing some papers from...

5.3CVSS5AI score0.00281EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2025/07/07 9:55 a.m.2 views

CVE-2025-6210 Hardlink-Based Path Traversal in run-llama/llama_index

A vulnerability in the ObsidianReader class of the run-llama/llamaindex repository, specifically in version 0.12.27, allows for hardlink-based path traversal. This flaw permits attackers to bypass path restrictions and access sensitive system files, such as /etc/passwd, by exploiting hardlinks. T...

6.2CVSS6.2AI score0.0029EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/07/07 12:0 a.m.5 views

PT-2025-28271 · Campcodes · Campcodes Advanced Online Voting System

Name of the Vulnerable Software and Affected Versions: Campcodes Advanced Online Voting System version 1.0 Description: A critical issue affects the processing of the file /admin/voters add.php, allowing unrestricted upload through the manipulation of the photo argument. This can be initiated...

8.8CVSS6.4AI score0.00359EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2025/07/05 4:20 p.m.7 views

CVE-2025-53489

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation Mediawiki - GoogleDocs4MW Extension allows Cross-Site Scripting XSS.This issue affects Mediawiki - GoogleDocs4MW Extension: from 1.42.X before 1.42.7, from 1.43.X before...

5.6CVSS6.1AI score0.00219EPSS
Exploits0References1
CVE
CVE
added 2025/07/04 11:17 a.m.20 views

CVE-2025-52830

CVE-2025-52830 describes an SQL injection vulnerability in the WordPress plugin “bSecure – Your Universal Checkout” (versions affected: ≤ 1.7.9). The root cause is improper neutralization of special elements in SQL commands, enabling blind SQL injection. The CVSS 3.1 base score is 9.3 (CRITICAL):...

9.3CVSS5.5AI score0.00291EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/07/04 9:24 a.m.9 views

CVE-2025-24334

The Nokia Single RAN baseband software earlier than 23R2-SR 1.0 MP can be made to reveal the exact software release version by sending a specific HTTP POST request through the Mobile Network Operator MNO internal RAN management network...

3.3CVSS6.4AI score0.00125EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/07/04 12:0 a.m.3 views

PT-2025-27888 · Unknown · Gopiplus Iframe Images Gallery

Name of the Vulnerable Software and Affected Versions: gopiplus iFrame Images Gallery versions prior to 9.0 Description: The issue is related to the improper neutralization of special elements used in an SQL command, which allows for SQL injection. This is a problem where an attacker can inject...

8.5CVSS7.4AI score0.00246EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2025/07/04 12:0 a.m.8 views

CVE-2025-52497

Mbed TLS before 3.6.4 has a PEM parsing one-byte heap-based buffer underflow, in mbedtlspemreadbuffer and two mbedtlspkparse functions, via untrusted PEM input...

4.8CVSS4.6AI score0.00277EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2025/07/02 8:34 a.m.6 views

CVE-2025-24334 The Nokia Single RAN baseband reveals its software version through the MNO internal RAN management network

The Nokia Single RAN baseband software earlier than 23R2-SR 1.0 MP can be made to reveal the exact software release version by sending a specific HTTP POST request through the Mobile Network Operator MNO internal RAN management network...

7.1AI score0.00125EPSS
Exploits0References1
CVE
CVE
added 2025/07/02 8:34 a.m.22 views

CVE-2025-24334

The Nokia Single RAN baseband software before 23R2-SR 1.0 MP is affected. An attacker can reveal the exact software release version by sending a specific HTTP POST request through the MNO internal RAN management network, leading to information disclosure. Remediation: upgrade to 23R2-SR 1.0 MP or...

3.3CVSS6.6AI score0.00125EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/02 8:34 a.m.10 views

CVE-2025-24334 The Nokia Single RAN baseband reveals its software version through the MNO internal RAN management network

The Nokia Single RAN baseband software earlier than 23R2-SR 1.0 MP can be made to reveal the exact software release version by sending a specific HTTP POST request through the Mobile Network Operator MNO internal RAN management network...

0.00125EPSS
Exploits0References1
NVD
NVD
added 2025/07/02 8:15 a.m.8 views

CVE-2025-24328

Sending a crafted SOAP "set" operation message within the Mobile Network Operator MNO internal Radio Access Network RAN management network can cause Nokia Single RAN baseband OAM service component restart with software versions earlier than release 24R1-SR 1.0 MP. This issue has been corrected to...

4.2CVSS0.00168EPSS
Exploits0References1
OSV
OSV
added 2025/06/30 8:5 p.m.5 views

CVE-2025-52997 File Browser Insecurely Handles Passwords

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.34.1, a missing password policy and brute-force protection makes the authentication process insecure. Attackers could mount a...

5.9CVSS6.7AI score0.00472EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/06/29 2:26 p.m.16 views

CVE-2025-53268

Cross-Site Request Forgery CSRF vulnerability in ryanpcmcquen Import external attachments import-external-attachments allows Cross Site Request Forgery.This issue affects Import external attachments: from n/a through = 1.5.12...

4.3CVSS5.9AI score0.00132EPSS
Exploits0References1
Rows per page
Query Builder