Lucene search
K

649 matches found

Fedora
Fedora
added 2025/12/05 2:11 a.m.7 views

[SECURITY] Fedora 43 Update: libcoap-4.3.5a-1.fc43

The Constrained Application Protocol CoAP is a specialized web transfer protocol for use with constrained nodes and constrained networks in the Inter net of Things. The protocol is designed for machine-to-machine M2M applications such as smart energy and building automation. libcoap implements a...

9.8CVSS7AI score0.00415EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/12/03 7:5 p.m.13 views

CVE-2025-66458

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to 1.35.3, there are multiple XSS due to unsafe use of f-strings in Markup. The issue requires a malicious 3rd party server responding with a JSON document...

6.1CVSS6.4AI score0.00161EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/11/25 12:23 a.m.7 views

SUSE CVE-2025-65501

Null pointer dereference in coapdtlsinfocallback in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a DTLS handshake where SSLgetappdata returns NULL...

4.3CVSS6.8AI score0.00226EPSS
Exploits0References3
OSV
OSV
added 2025/11/24 2:15 p.m.4 views

DEBIAN-CVE-2025-65500

NULL pointer dereference in coapdtlsgeneratecookie in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSLgetSSLCTX to return NULL...

4.3CVSS5.3AI score0.00226EPSS
Exploits0References1
NVD
NVD
added 2025/11/24 2:15 p.m.5 views

CVE-2025-65493

NULL pointer dereference in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS/TLS connection that triggers BIOgetdata to return NULL...

7.5CVSS0.00331EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/11/24 12:0 a.m.4 views

CVE-2025-65500

NULL pointer dereference in coapdtlsgeneratecookie in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSLgetSSLCTX to return NULL...

4.3CVSS6.3AI score0.00226EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/11/24 12:0 a.m.5 views

libcoap 安全漏洞

libcoap is a C implementation of a lightweight application protocol open-sourced by obgm. A security vulnerability exists in libcoap version 4.3.5, which stems from a null pointer dereference in the coapdtlsgeneratecookie function in src/coapopenssl.c, which could lead to a denial of service atta...

4.3CVSS6.2AI score0.00226EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/24 12:0 a.m.6 views

PT-2025-47915

Name of the Vulnerable Software and Affected Versions libcoap version 4.3.5 Description A flaw exists in libcoap where a null pointer dereference in the coap dtls info callback function can occur. This happens during a DTLS handshake when SSL get app data returns NULL, potentially leading to a...

4.3CVSS6.3AI score0.00226EPSS
Exploits0References12
AlpineLinux
AlpineLinux
added 2025/11/24 12:0 a.m.4 views

CVE-2025-65497

NULL pointer dereference in coapdtlsgeneratecookie in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSLgetSSLCTX to return NULL...

4.3CVSS6.3AI score0.00226EPSS
Exploits0References2
CVE
CVE
added 2025/11/24 12:0 a.m.21 views

CVE-2025-65495

CVE-2025-65495 affects libcoap 4.3.5. The issue is a signedness error in tls_verify_call_back() inside src/coap_openssl.c that can allow a remote attacker to trigger a denial of service by sending a crafted TLS certificate, causing i2d_X509() to return -1 and be misused as a malloc() size. Public...

7.5CVSS6.3AI score0.00219EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/11/24 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-65499

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Array index error in tlsverifycallback in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS...

4.3CVSS5.9AI score0.00226EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/11/24 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2025-65495

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer signedness error in tlsverifycallback in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted TLS...

7.5CVSS6AI score0.00219EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/21 12:0 a.m.12 views

PT-2025-47807

Name of the Vulnerable Software and Affected Versions ESF-IDF versions 5.3.4 through 5.5.1 Description ESF-IDF, the Espressif Internet of Things IOT Development Framework, contains a flaw in its hardware JPEG decoder when used with the ESP32-P4. The software parser does not perform adequate...

6.9CVSS6.6AI score0.00313EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/11/19 12:0 a.m.7 views

PT-2025-47450

Name of the Vulnerable Software and Affected Versions Apache Causeway affected versions not specified Description Apache Causeway is susceptible to Java deserialization issues that can lead to remote code execution RCE. Exploitation occurs through user-controllable URL parameters. Authenticated...

6.3CVSS8.6AI score0.09442EPSS
Exploits0References13
Vulnrichment
Vulnrichment
added 2025/11/18 12:0 a.m.4 views

CVE-2025-63258

A remote command execution RCE vulnerability was discovered in all H3C ERG3/ERG5 series routers and XiaoBei series routers, cloud gateways, and wireless access points versions R0162P07, UAP700-WPT330-E2265, UAP672-WPT330-R2262, UAP662E-WPT330-R2262P03, WAP611-WPT330-R1348-OASIS,...

7.2AI score0.00302EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/10/31 9:51 a.m.7 views

WordPress Popup addon for Ninja Forms plugin <= 3.5.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Kim YunJi in WordPress Plugin Popup addon for Ninja Forms versions = 3.5.1...

5.9CVSS6.1AI score0.00144EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/29 11:13 p.m.3 views

CVE-2025-10930 Currency - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-110

Cross-Site Request Forgery CSRF vulnerability in Drupal Currency allows Cross Site Request Forgery.This issue affects Currency: from 0.0.0 before 3.5.0...

6.5AI score0.00121EPSS
Exploits0References1
OSV
OSV
added 2025/10/27 12:5 a.m.4 views

CVE-2025-11974 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.7 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an unauthenticated attacker to create a denial of service condition by uploading large files to specific API endpoints...

6.5CVSS6.5AI score0.00351EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/10/22 12:0 a.m.5 views

Sakai 安全漏洞

Sakai is a freely available, feature-rich technology solution for learning, teaching, research, and collaboration from Apereo Sakai Open Source. A security vulnerability exists in Sakai versions prior to 23.5 and prior to 25.0 that stems from the use of a non-cryptographic pseudo-random number...

5.9CVSS6.3AI score0.00182EPSS
Exploits0References3
NVD
NVD
added 2025/10/21 5:15 p.m.5 views

CVE-2025-62597

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to version 3.5.1, a reflected cross-site scripting XSS vulnerability was identified in the editarinfopessoal.php endpoint of the WeGIA application. This vulnerability allows attackers to inject...

6.9CVSS0.00268EPSS
Exploits1References3
Rows per page
Query Builder