Lucene search
K

12640 matches found

Microsoft CVE
Microsoft CVE
added 2025/07/17 7:0 a.m.7 views

Apache HTTP Server: HTTP/2 DoS by Memory Increase

...

7.5CVSS7AI score0.04409EPSS
Exploits1
Packet Storm News
Packet Storm News
added 2025/07/17 12:0 a.m.2 views

Backscattering-Based Security in Wireless Power Transfer Applied to Battery-Free BLE Sensors

The integration of security and energy efficiency in Internet of Things systems remains a critical challenge, particularly for battery-free and resource-constrained devices. This paper explores the scalability and protocol-agnostic nature of a backscattering-based security mechanism by integratin...

6.9AI score
Exploits0
CNNVD
CNNVD
added 2025/07/17 12:0 a.m.10 views

WordPress plugin Stop User Enumeration 安全漏洞

WordPress Stop User Enumeration plugin is a security plugin for WordPress, mainly used to detect and prevent hackers from scanning website usernames user enumeration attack to get the login name, which is the pre-detection behavior of brute force password cracking attack. A security vulnerability...

5.3CVSS6.7AI score0.00847EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/07/17 12:0 a.m.2 views

Motorola Smart Connect Android Application 安全漏洞

The Motorola Smart Connect Android Application is an Android application from Motorola, Inc. that is used to seamlessly interconnect devices. A security vulnerability exists in the Motorola Smart Connect Android Application version 1.0, which stems from mishandling of the Bluetooth transfer...

5.1CVSS6.7AI score0.00112EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/07/16 9:26 p.m.3 views

CVE-2025-34129

A command injection vulnerability exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 due to insufficient sanitization of the FTP and NTP Server fields in the service configuration. An attacker with access to the configuration interface can upload a malicio...

8.7CVSS5.8AI score0.01077EPSS
Exploits0References4
Veracode
Veracode
added 2025/07/16 4:59 p.m.3 views

HTTP Desynchronisation Attack

Apache HTTP Server modssl is vulnerable to an HTTP desynchronisation Attack. The vulnerability is due to the use of SSLEngine optional for enabling TLS upgrades, which allows a man-in-the-middle attacker to exploit request desynchronisation and hijack an active HTTP session during the TLS upgrade...

7.4CVSS7.3AI score0.00516EPSS
Exploits0References10Affected Software1
RedHat Linux
RedHat Linux
added 2025/07/16 3:25 p.m.5 views

tomcat: Apache Tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame

A flaw was found in Apache Tomcat. This vulnerability allows an application-level denial of service DoS, causing it to become unresponsive or slow via maliciously crafted HTTP/2 prioritization headers. It performs an incomplete cleanup of failed requests, which triggers a memory leak...

7.5CVSS7.1AI score0.66933EPSS
Exploits5References5
CNNVD
CNNVD
added 2025/07/15 12:0 a.m.2 views

LabF WinaXe FTP Client 安全漏洞

LabF WinaXe FTP Client is a tool for file transfer on Windows systems from LabF Corporation. A security vulnerability exists in LabF WinaXe FTP Client version 7.7, which stems from improper boundary checking by the FTP banner parsing function, which could result in a buffer overflow...

8.7CVSS7AI score0.00757EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/07/15 12:0 a.m.3 views

ColoradoFTP Server 安全漏洞

ColoradoFTP Server is a Java FTP server software from Colorado Open Source. A security vulnerability exists in ColoradoFTP Server version 1.3 Build 8, which stems from improper path cleanup in the FTP GET and PUT commands, which could lead to directory traversal...

9.3CVSS6.4AI score0.013EPSS
Exploits0References5
OSV
OSV
added 2025/07/15 12:0 a.m.5 views

ALSA-2025:11042 Moderate: socat security update

The socat utility establishes bi-directional byte streams and transfers data between them. The utility can establish streams between a large set of channels, such as files, pipes, devices, and sockets. Security Fixes: socat: arbitrary file overwrite via predictable /tmp directory CVE-2024-54661 F...

9.8CVSS6.4AI score0.00794EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/07/14 12:25 a.m.4 views

kernel: net: atm: fix use after free in lec_send()

In the Linux kernel, the following vulnerability has been resolved: net: atm: fix use after free in lecsend The -send operation frees skb so save the length before calling -send to avoid a use after free...

7.8CVSS6.8AI score0.00181EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2025/07/14 12:0 a.m.8 views

The vulnerability of the graphical SFTP and SCP client for the Windows operating system, WinSCP, arises from incorrect path name restrictions for access-controlled directories. This allows attackers to create a special file and control its path on a remote server.

The vulnerability of the graphical SFTP and SCP client programs for the Windows operating system is related to incorrect path name restrictions for access to restricted directories. Exploiting this vulnerability allows an attacker to create a special file and control its path on a remote server...

6.8CVSS5.6AI score
Exploits0References1Affected Software1
SUSE CVE
SUSE CVE
added 2025/07/11 11:29 p.m.3 views

SUSE CVE-2025-5992

When passing values outside of the expected range to QColorTransferGenericFunction it can cause a denial of service, for example, this can happen when passing a specifically crafted ICC profile to QColorSpace::fromICCProfile.This issue affects Qt from 6.6.0 through 6.8.3, from 6.9.0 through 6.9.1...

3.1CVSS6.9AI score0.00278EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/07/11 11:22 p.m.8 views

SUSE CVE-2025-38264

In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: sanitize request list handling Validate the request in nvmetcphandler2t to ensure it's not part of any list, otherwise a malicious R2T PDU might inject a loop in request list processing...

5.5CVSS7.9AI score0.00136EPSS
Exploits0References17
OSV
OSV
added 2025/07/11 7:15 a.m.2 views

UBUNTU-CVE-2025-5992

When passing values outside of the expected range to QColorTransferGenericFunction it can cause a denial of service, for example, this can happen when passing a specifically crafted ICC profile to QColorSpace::fromICCProfile.This issue affects Qt from 6.6.0 through 6.8.3, from 6.9.0 through 6.9.1...

2.3CVSS5.8AI score0.00278EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2025/07/11 7:0 a.m.5 views

Ruby WEBrick read_header HTTP Request Smuggling Vulnerability

...

7.7CVSS6.6AI score0.00422EPSS
Exploits0
FreeBSD
FreeBSD
added 2025/07/11 12:0 a.m.3 views

qt6-base -- DoS in QColorTransferGenericFunction

Andy Shaw reports: When passing values outside of the expected range to QColorTransferGenericFunction it can cause a denial of service, for example, this can happen when passing a specifically crafted ICC profile to QColorSpace::fromICCProfile...

2.3CVSS6.3AI score0.00278EPSS
Exploits0References1
Snyk
Snyk
added 2025/07/10 8:42 p.m.2 views

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling through the processing of chunked encoded requests in parseheader function. An attacker can manipulate request boundaries by injecting conflicting Content-Length or Transfer-Encoding headers via trailers which can...

8.8CVSS6.8AI score0.00442EPSS
Exploits1References2
OSV
OSV
added 2025/07/10 8:15 p.m.1 views

DEBIAN-CVE-2025-53629

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.23.0, incoming requests using Transfer-Encoding: chunked in the header can allocate memory arbitrarily in the server, potentially leading to its exhaustion. This vulnerability is fixed in 0.23.0. NOTE: Th...

7.5CVSS5.2AI score0.00505EPSS
Exploits1References1
OSV
OSV
added 2025/07/10 8:15 p.m.2 views

DEBIAN-CVE-2025-53506

Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1...

7.5CVSS8.5AI score0.01898EPSS
Exploits0References1
Rows per page
Query Builder