Lucene search
K

65 matches found

CVE
CVE
added 2026/03/20 2:23 a.m.13 views

CVE-2026-32889

Tinytag (Python) version 2.2.0 is affected by a Denial of Service via a non-terminating SYLT frame parsing loop when processing attacker-supplied MP3s. The root cause is in _parse_synced_lyrics/_find_string_end_pos where an absent string terminator can cause the parser to reset its offset and nev...

6.5CVSS5.7AI score0.0041EPSS
Exploits1References4Affected Software1
SUSE CVE
SUSE CVE
added 2026/01/30 12:24 a.m.4 views

SUSE CVE-2026-24413

Icinga 2 is an open source monitoring system. Starting in version 2.3.0 and prior to versions 2.13.14, 2.14.8, and 2.15.2, the Icinga 2 MSI did not set appropriate permissions for the %ProgramData%\icinga2\var folder on Windows. This resulted in the its contents - including the private key of the...

5.5CVSS5.9AI score0.00068EPSS
Exploits0References3
CVE
CVE
added 2026/01/29 5:21 p.m.26 views

CVE-2026-24413

CVE-2026-24413 involves the Icinga 2 Windows ACL issue where the folder at C:\ProgramData\icinga2\var could be readable by all local users, potentially exposing the private key and synced configuration. Affected range: Icinga 2 versions starting with 2.3.0 up to 2.13.14, 2.14.8, and 2.15.2 (these...

6.8CVSS5.9AI score0.00068EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 9:4 a.m.5 views

CVE-2024-41144

Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5, 9.8.x = 9.8.1 fail to properly validate synced posts, when shared channels are enabled, which allows a malicious remote to create/update/delete arbitrary posts in arbitrary channels...

7.1CVSS7AI score0.00362EPSS
Exploits0References1
SUSE Linux
SUSE Linux
added 2025/12/11 7:5 p.m.4 views

Security update for postgresql14

This update for postgresql14 fixes the following issues: Upgraded to 14.20: CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS bsc1253332 CVE-2025-12818: Fixed integer overflow in allocation-size calculations within libpq bsc1253333 Other fixes: Use...

8.8CVSS7.2AI score0.00301EPSS
Exploits0References8
The Hacker News
The Hacker News
added 2025/10/15 11:30 a.m.6 views

How Attackers Bypass Synced Passkeys

TLDR Even if you take nothing else away from this piece, if your organization is evaluating passkey deployments, it is insecure to deploy synced passkeys. Synced passkeys inherit the risk of the cloud accounts and recovery processes that protect them, which creates material enterprise exposure...

5.9AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2024-45495

Malicious code in bioql PyPI...

7.1CVSS8.7AI score0.00259EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-2662

Malicious code in bioql PyPI...

7.1CVSS6.3AI score0.00362EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.2 views

Malicious code in synced-plus-agent (npm)

The package synced-plus-agent was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.0 views

MAL-2025-34336 Malicious code in synced-plus-agent (npm)

The package synced-plus-agent was found to contain malicious code...

7.2AI score
Exploits0
OSV
OSV
added 2025/07/25 5:35 p.m.1 views

SUSE-SU-2025:02529-1 Security update for MozillaFirefox, MozillaFirefox-branding-SLE

This update for MozillaFirefox, MozillaFirefox-branding-SLE fixes the following issues: MozillaFirefox is updated to the 140ESR series. Firefox Extended Support Release 140.0esr ESR: General - Reader View now has an enhanced Text and Layout menu with new options for character spacing, word spacin...

9.8CVSS6.9AI score0.03057EPSS
Exploits1References31
SUSE CVE
SUSE CVE
added 2025/07/03 11:28 p.m.3 views

SUSE CVE-2025-34075

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Initially assigned to document an issues that allows guest VM to modify the host's Vagrantfile via default synced folder, leading to host-side code execution. Rejected as CVE due to documented, intended behavior that does...

6.6AI score
Exploits0References3
OSV
OSV
added 2025/07/02 9:32 p.m.4 views

GHSA-HQP6-MJW3-F586 HashiCorp Vagrant has code injection vulnerability through default synced folders

An authenticated virtual machine escape vulnerability exists in HashiCorp Vagrant versions 2.4.6 and below when using the default synced folder configuration. By design, Vagrant automatically mounts the host system’s project directory into the guest VM under /vagrant or C:\vagrant on Windows. Thi...

5.4CVSS6.7AI score
Exploits0References11
Github Security Blog
Github Security Blog
added 2025/07/02 9:32 p.m.14 views

HashiCorp Vagrant has code injection vulnerability through default synced folders

An authenticated virtual machine escape vulnerability exists in HashiCorp Vagrant versions 2.4.6 and below when using the default synced folder configuration. By design, Vagrant automatically mounts the host system’s project directory into the guest VM under /vagrant or C:\vagrant on Windows. Thi...

7.3AI score
Exploits0References10Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 10:12 a.m.11 views

CVE-2024-29977

Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6 fail to properly validate synced reactions, when shared channels are enabled, which allows a malicious remote to create arbitrary reactions on arbitrary posts...

4.3CVSS7AI score0.00276EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 3:16 a.m.4 views

CVE-2024-51695

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Yes We Work Fabrica Synced Pattern Instances fabrica-reusable-block-instances allows Reflected XSS.This issue affects Fabrica Synced Pattern Instances: from n/a through = 1.0.8...

7.1CVSS7.2AI score0.00259EPSS
Exploits0References1
NVD
NVD
added 2024/11/09 1:15 p.m.7 views

CVE-2024-51695

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Yes We Work Fabrica Synced Pattern Instances fabrica-reusable-block-instances allows Reflected XSS.This issue affects Fabrica Synced Pattern Instances: from n/a through = 1.0.8...

7.1CVSS0.00259EPSS
Exploits0References1
CVE
CVE
added 2024/11/09 12:40 p.m.38 views

CVE-2024-51695

CVE-2024-51695 describes a reflected XSS in Fabrica Synced Pattern Instances (Fabrica Synced Pattern Instances plugin) caused by improper input neutralization during web page generation. Affected: Fabrica Synced Pattern Instances from n/a through 1.0.8. The connected documents corroborate the vul...

7.1CVSS7.2AI score0.00259EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/09 12:40 p.m.12 views

CVE-2024-51695 WordPress Fabrica Synced Pattern Instances plugin <= 1.0.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Yes We Work Fabrica Synced Pattern Instances fabrica-reusable-block-instances allows Reflected XSS.This issue affects Fabrica Synced Pattern Instances: from n/a through = 1.0.8...

7.1CVSS7.2AI score0.00259EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/09 12:40 p.m.17 views

CVE-2024-51695 WordPress Fabrica Synced Pattern Instances plugin <= 1.0.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Yes We Work Fabrica Synced Pattern Instances fabrica-reusable-block-instances allows Reflected XSS.This issue affects Fabrica Synced Pattern Instances: from n/a through = 1.0.8...

7.1CVSS0.00259EPSS
Exploits0References1
Rows per page
Query Builder