Lucene search
K

24 matches found

CNNVD
CNNVD
added 2026/05/28 12:0 a.m.13 views

AnythingLLM 后置链接漏洞

AnythingLLM is an integrated AI application developed by Mintplex. Versions of AnythingLLM prior to 1.13.0 contained a post-link vulnerability. This vulnerability stemmed from the file system replication tool only verifying the top-level source and target paths. The recursive replication assistan...

2.5CVSS5.8AI score0.00193EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/04/13 9:59 a.m.3 views

cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive

A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the 'cgo pkg-config:' directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a '--log-file' argument to the pkg-config command...

8.6CVSS7.2AI score0.00532EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/04/08 12:41 a.m.6 views

cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive

A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the 'cgo pkg-config:' directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a '--log-file' argument to the pkg-config command...

8.6CVSS7.1AI score0.00532EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/03/26 1:40 p.m.4 views

cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive

A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the 'cgo pkg-config:' directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a '--log-file' argument to the pkg-config command...

8.6CVSS7.2AI score0.00532EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/03/12 5:3 p.m.3 views

CVE-2026-31841

Hyperterse is a tool-first MCP framework for building AI-ready backend surfaces from declarative config. Prior to v2.2.0, the search tool allows LLMs to search for tools using natural language. While returning results, Hyperterse also returned the raw SQL queries, exposing statements which were...

6.5CVSS5.7AI score0.00178EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/01/07 9:16 p.m.4 views

CVE-2026-22184

zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs when a user executes the untgz...

7.8CVSS7.2AI score
Exploits0References5
GithubExploit
GithubExploit
added 2025/10/19 6:8 p.m.312 views

Exploit for CVE-2025-1094

🛠️ CVE-2025-1094 Lab Setup ⚠️ Disclaimer This lab i...

8.1CVSS8.6AI score0.89472EPSS
Exploits10
Tenable Nessus
Tenable Nessus
added 2025/09/04 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2022-45150

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to insufficient sanitization of user-supplied data in policy tool...

6.1CVSS5.6AI score0.00671EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.3 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 : AIDE vulnerabilities (USN-7697-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7697-1 advisory. Rajesh Pangare discovered that AIDE incorrectly handled filenames. A local attacker...

6.2CVSS7.6AI score0.00216EPSS
Exploits2References3
BDU FSTEC
BDU FSTEC
added 2025/07/21 12:0 a.m.9 views

The vulnerability of the fromTraceroutGet() function (/goform/getTraceroute) in the Tenda O3 wireless access point software allows a intruder to execute arbitrary commands.

The vulnerability of the fromNetToolGet function in the file /goform/setPingInfo function of the Tenda O3 wireless access point software is related to the lack of measures to sanitize input data during the processing of the domain parameter. Exploiting this vulnerability allows a remote attacker ...

6.5CVSS7AI score0.1273EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2025/05/13 8:43 a.m.49 views

openjpeg: heap buffer overflow in lib/openjp2/j2k.c

A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opjdecompress utility. This can lead to an application crash or other undefined behavior...

5.6CVSS5.9AI score0.0023EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2025/03/04 12:0 a.m.7 views

The vulnerability of the Intel PROSet/Wireless WiFi networking connectivity tool, related to pointer swapping, allows a hacker to trigger a service failure.

The vulnerability of the Intel PROSet/Wireless WiFi networking connectivity tool is related to pointer aliasing. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

7.4CVSS5.5AI score0.0033EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/02/26 1:22 p.m.9 views

USN-7306-1 binutils vulnerabilities

It was discovered that GNU binutils in nm tool is affected by an incorrect access control. An attacker could possibly use this issue to cause a crash. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 24.10. CVE-2024-57360 It was discovered that GNU binutils incorrectly...

7.5CVSS6.3AI score0.00732EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2024/04/23 2:5 p.m.4 views

less: missing quoting of shell metacharacters in LESSCLOSE handling

A flaw was found in less. The closealtfile function in filename.c omits shellquote calls for LESSCLOSE, a command line to invoke the optional input postprocessor. This issue could lead to an OS command injection vulnerability and arbitrary command execution on the host operating system...

7.8CVSS6.9AI score0.01059EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/03/15 7:58 p.m.24 views

python-werkzeug: high resource usage when parsing multipart form data with many fields

A flaw was found in python-werkzeug. Werkzeug is multipart form data parser, that will parse an unlimited number of parts, including file parts. These parts can be a small amount of bytes, but each requires CPU time to parse, and may use more memory as Python data. If a request can be made to an...

7.5CVSS7AI score0.0142EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 3:47 a.m.3 views

SUSE CVE-2021-20285

A flaw was found in upx canPack in plxelf.cpp in UPX 3.96. This flaw allows attackers to cause a denial of service SEGV or buffer overflow and application crash or possibly have unspecified other impacts via a crafted ELF. The highest threat from this vulnerability is to system availability...

6.6CVSS6.8AI score0.00751EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2022/11/08 9:20 a.m.7 views

wavpack: Heap out-of-bounds read in WavpackPackSamples()

A heap out-of-bounds read flaw was found in WavPacks' WavpackPackSamples function of src/packutils.c and only affects the command-line program of WavPack not libwavpack. This flaw allows an attacker to exploit this flaw for a website that uses the WavPack command-line program on user-provided...

5.5CVSS5.8AI score0.01155EPSS
Exploits1References4
NCSC
NCSC
added 2022/03/11 12:0 a.m.3 views

Vulnerability fixed in F-Secure products

A vulnerability has been fixed in the F-Secure Support tool, which is is used in Business Suite and consumer products. A authenticated malicious person could potentially exploit it to execute arbitrary code under higher privileges. F-Secure has made available an update that fixes the described...

8.5CVSS7.7AI score0.00697EPSS
Exploits0
CNNVD
CNNVD
added 2021/08/12 12:0 a.m.3 views

AT&T Labs Xmill 参数注入漏洞

AT&T Labs Xmill is a new tool for efficient compression of XML data from AT&T Labs, USA. AT&T Labs Xmill suffers from a parameter injection vulnerability that exists due to a boundary error in the command line parsing HandleFileArg function in strlen. A local user can use a specially crafted...

7.8CVSS8.1AI score0.00344EPSS
Exploits1References5
BDU FSTEC
BDU FSTEC
added 2020/12/08 12:0 a.m.3 views

The vulnerability of Adobe InDesign’s computer layout automation tool, related to the execution of operations beyond the buffer in memory, allows attackers to execute arbitrary code.

The vulnerability of Adobe InDesign’s computer layout automation tool is related to the execution of operations beyond the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the current user, using a specially crafted file...

9.3CVSS8AI score0.02713EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder