Lucene search
K

2323 matches found

EUVD
EUVD
added 2025/12/08 6:30 p.m.8 views

EUVD-2025-201751

In rebootWipeUserData of RecoverySystem.java, there is a possible way to factory reset the device while in DSU mode due to a missing permission check. This could lead to physical denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

4.6CVSS5.6AI score0.00097EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/08 4:57 p.m.24 views

CVE-2025-48614

In rebootWipeUserData of RecoverySystem.java, there is a possible way to factory reset the device while in DSU mode due to a missing permission check. This could lead to physical denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

0.00097EPSS
Exploits0References2
Amazon
Amazon
added 2025/12/08 12:0 a.m.6 views

Medium: postgresql15

Issue Overview: Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail...

5.9CVSS6.7AI score0.00332EPSS
Exploits0
Amazon
Amazon
added 2025/12/08 12:0 a.m.13 views

Medium: aws-cfn-bootstrap

Issue Overview: Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc...

5.3CVSS6.6AI score0.00815EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/11/18 12:11 a.m.13 views

CVE-2025-64046

OpenRapid RapidCMS 1.3.1 is vulnerable to Cross Site Scripting XSS in /system/update-run.php...

6.1CVSS6.2AI score0.00158EPSS
Exploits0References1
NVD
NVD
added 2025/11/17 4:15 p.m.5 views

CVE-2025-64046

OpenRapid RapidCMS 1.3.1 is vulnerable to Cross Site Scripting XSS in /system/update-run.php...

6.1CVSS0.00158EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/17 12:0 a.m.8 views

CVE-2025-64046

OpenRapid RapidCMS 1.3.1 is vulnerable to Cross Site Scripting XSS in /system/update-run.php...

0.00158EPSS
Exploits0References1
OSV
OSV
added 2025/11/17 12:0 a.m.5 views

CVE-2025-64046

OpenRapid RapidCMS 1.3.1 is vulnerable to Cross Site Scripting XSS in /system/update-run.php...

6.1CVSS6.2AI score0.00158EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/17 12:0 a.m.2 views

CVE-2025-64046

OpenRapid RapidCMS 1.3.1 is vulnerable to Cross Site Scripting XSS in /system/update-run.php...

5.8AI score0.00158EPSS
Exploits0References1
Amazon
Amazon
added 2025/11/10 12:0 a.m.6 views

Low: firefox

Issue Overview: No CVE associated with this advisory Affected Packages: firefox Note: This advisory is applicable to Amazon Linux 2 - Firefox Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories...

6.7AI score
Exploits0
Amazon
Amazon
added 2025/11/10 12:0 a.m.3 views

Critical: lasso

Issue Overview: A denial of service vulnerability exists in the lassoproviderverifysamlsignature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability. CVE-2025-4640...

9.8CVSS7.8AI score0.00824EPSS
Exploits3
Amazon
Amazon
added 2025/11/05 12:0 a.m.12 views

Low: runc

Issue Overview: No CVE associated with this advisory Affected Packages: runc Note: This advisory is applicable to Amazon Linux 2 - Docker Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue...

8.4CVSS7AI score0.0067EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2025/11/05 12:0 a.m.3 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989301)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989301 advisory. In the Linux kernel, the following vulnerability has been resolved: mlxsw: thermal: Fix out-of-bounds memory accesses Currently, mlxsw allows cooling states to be se...

7.3CVSS6AI score0.00236EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/11/04 1:15 a.m.1 views

CVE-2025-43439

A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, visionOS 26.1. An app may be able to fingerprint the user...

5.6AI score0.00179EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/04 1:15 a.m.5 views

CVE-2025-43350

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.1 and iPadOS 26.1. An attacker may be able to view restricted content from the lock screen...

5.6AI score0.00187EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/03 12:0 a.m.4 views

PT-2025-44850

Name of the Vulnerable Software and Affected Versions macOS versions prior to 15.7.2 Description A permissions issue existed due to insufficient sandbox restrictions, potentially allowing an application to access sensitive user data. Recommendations Update to macOS version 15.7.2 to address the...

5.5CVSS6.6AI score0.00186EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/03 12:0 a.m.5 views

PT-2025-50995

Name of the Vulnerable Software and Affected Versions macOS versions prior to 26.1 Description A flaw exists in how the operating system parses directory paths, potentially allowing an application to access sensitive user data. The issue was resolved through enhanced path validation...

5.5CVSS6.5AI score0.00177EPSS
Exploits0References5
Amazon
Amazon
added 2025/10/27 12:0 a.m.9 views

Important: 7zip

Issue Overview: This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handlin...

7.8CVSS7.5AI score0.27017EPSS
Exploits11
Amazon
Amazon
added 2025/10/27 12:0 a.m.7 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: scsi: target: targetcoreconfigfs: Add length check to avoid buffer overflow CVE-2025-39998 In the Linux kernel, the following vulnerability has been resolved: ipvs: Defer ipvsftp unregister during netns cleanup...

6.6AI score0.0024EPSS
Exploits0
Amazon
Amazon
added 2025/10/14 12:0 a.m.2 views

Medium: cuda-nvcc-12-9

Issue Overview: NVIDIA nvJPEG library contains a vulnerability where an attacker can cause an out-of-bounds read by means of a specially crafted JPEG file. A successful exploit of this vulnerability might lead to information disclosure or denial of service. CVE-2025-23272 Affected Packages:...

5.7CVSS6.5AI score0.00141EPSS
Exploits0
Rows per page
Query Builder