Lucene search
K

12658 matches found

CNNVD
CNNVD
added 2025/05/16 12:0 a.m.2 views

FreeFloat FTP Server 安全漏洞

FreeFloat FTP Server is an FTP service from Freefloat. A buffer overflow vulnerability exists in FreeFloat FTP Server that stems from the LCD Command Handler component failing to properly validate the length size of the input data, no details of the vulnerability are provided at this time...

9.8CVSS7.3AI score0.00601EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2025/05/15 3:17 p.m.5 views

jetty-http2-common: Jetty HTTP/2 Header List Size Vulnerability

A flaw was found in Eclipse Jetty. This vulnerability allows denial of service attack via an HTTP/2 client specifying a very large value for the SETTINGSMAXHEADERLISTSIZE parameter...

7.5CVSS7AI score0.00625EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/05/14 6:12 p.m.34 views

CVE-2025-0136 PAN-OS: Unencrypted Data Transfer when using AES-128-CCM on Intel-based hardware devices

Using the AES-128-CCM algorithm for IPSec on certain Palo Alto Networks PAN-OS® firewalls PA-7500, PA-5400, PA-5400f, PA-3400, PA-1600, PA-1400, and PA-400 Series leads to unencrypted data transfer to devices that are connected to the PAN-OS firewall through IPSec. This issue does not affect Clou...

5.3CVSS0.00129EPSS
Exploits0References1
OSV
OSV
added 2025/05/14 5:35 p.m.4 views

GHSA-MJFQ-3QR2-6G84 Cosmos EVM Allows Partial Precompile State Writes

Impact Setting lower EVM call gas allows users to partially execute precompiles and error at specific points in the precompile code without reverting the partially written state. If executed on the distribution precompile when claiming funds, it could cause funds to be transferred to a user witho...

8.3CVSS7AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/05/14 5:35 p.m.28 views

Cosmos EVM Allows Partial Precompile State Writes

Impact Setting lower EVM call gas allows users to partially execute precompiles and error at specific points in the precompile code without reverting the partially written state. If executed on the distribution precompile when claiming funds, it could cause funds to be transferred to a user witho...

7AI score
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2025/05/14 12:43 p.m.20 views

CVE-2023-53146

In the Linux kernel, the following vulnerability has been resolved: media: dw2102: Fix null-ptr-deref in dw2102i2ctransfer In dw2102i2ctransfer, msg is controlled by user. When msgi.buf is null and msgi.len is zero, former checks on msgi.buf would be passed. Malicious data finally reach...

5.5CVSS5.6AI score0.0015EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/14 12:0 a.m.4 views

Correlating Account on Ethereum Mixing Service Via Domain-Invariant Feature Learning

The untraceability of transactions facilitated by Ethereum mixing services like Tornado Cash poses significant challenges to blockchain security and financial regulation. Existing methods for correlating mixing accounts suffer from limited labeled data and vulnerability to noisy annotations, whic...

6.6AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/05/14 12:0 a.m.9 views

Palo Alto Networks PAN-OS 10.1.x < 10.1.14-h14 / 10.2.x < 10.2.11 / 11.0.x < 11.0.7 / 11.1.x < 11.1.5 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 10.1.x prior to 10.1.14-h14, 10.2.x prior to 10.2.11, 11.0.x prior to 11.0.7, or 11.1.x prior to 11.1.5. It is, therefore, affected by a vulnerability. Using the AES-128-CCM algorithm for IPSec on certain Palo Alto Networks...

5.3CVSS5.5AI score0.00129EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/05/13 5:18 p.m.5 views

php: Header parser of http stream wrapper does not handle folded headers

A flaw was found in PHP. This vulnerability allows misinterpretation of HTTP response headers, potentially leading to incorrect usage of headers, MIME types, and other response attributes via incorrect parsing of folded headers in the HTTP request module...

6.3CVSS5.8AI score0.00547EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2025/05/13 3:59 p.m.4 views

libsoup: Denial of service on libsoup through HTTP/2 server

A flaw was found in libsoup. The HTTP/2 server in libsoup may not fully validate the values of pseudo-headers :scheme, :authority, and :path, which may allow a user to cause a denial of service DoS...

7.5CVSS5.7AI score0.00502EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/05/13 2:0 p.m.2 views

php: Configuring a proxy in a stream context might allow for CRLF injection in URIs

A flaw was found in PHP. In affected versions of PHP, when using streams with configured proxy and "requestfulluri" option, the URI is not properly sanitized, which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the...

7.2CVSS5.8AI score0.01132EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2025/05/13 1:59 p.m.1 views

php: Streams HTTP wrapper does not fail for headers with invalid name and no colon

A flaw was found in PHP. This vulnerability allows applications to accept invalid headers via malformed HTTP headers missing a colon :, which may confuse applications into processing them as valid headers...

6.3CVSS5.7AI score0.00481EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/05/13 12:0 a.m.3 views

FreeBSD : www/varnish7 -- Request Smuggling Attack (89c668d5-2f80-11f0-9632-641c67a117d8)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 89c668d5-2f80-11f0-9632-641c67a117d8 advisory. The Varnish Development Team reports: A client-side desync vulnerability can be triggered in Varnish...

5.7AI score
Exploits0References2
Amazon
Amazon
added 2025/05/13 12:0 a.m.3 views

Important: amazon-cloudwatch-agent

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

9.1CVSS7.9AI score0.00724EPSS
Exploits0
OSV
OSV
added 2025/05/12 3:15 p.m.3 views

CVE-2024-56523

Radware Cloud Web Application Firewall WAF before 2025-05-07 allows remote attackers to bypass firewall filters by placing random data in the HTTP request body when using the HTTP GET method...

9.1CVSS7.6AI score0.00543EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/05/12 12:0 a.m.9 views

PT-2025-33: Security restriction bypass in macOS Shortcuts

The vulnerability was identified in macOS Shortcuts, versions to macOS Sequoia 15.5. The discovered vulnerability allows an attacker to bypass security restrictions and execute arbitrary code delivered via an FTP or SMB server. Vulnerability status: Confirmed by vendor Date of vulnerability...

8.6CVSS6.2AI score
Exploits0References2
FreeBSD
FreeBSD
added 2025/05/12 12:0 a.m.11 views

www/varnish7 -- Request Smuggling Attack

The Varnish Development Team reports: A client-side desync vulnerability can be triggered in Varnish Cache and Varnish Enterprise. This vulnerability can be triggered under specific circumstances involving malformed HTTP/1 requests. An attacker can abuse a flaw in Varnish's handling of chunked...

7.1AI score
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/05/11 12:0 a.m.5 views

Revealing Weaknesses in Text Watermarking through Self-Information Rewrite Attacks

Text watermarking aims to subtly embed statistical signals into text by controlling the Large Language Model LLM's sampling process, enabling watermark detectors to verify that the output was generated by the specified model. The robustness of these watermarking algorithms has become a key factor...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/10 12:0 a.m.4 views

POISONCRAFT: Practical Poisoning of Retrieval-Augmented Generation for Large Language Models

Large language models LLMs have achieved remarkable success in various domains, primarily due to their strong capabilities in reasoning and generating human-like text. Despite their impressive performance, LLMs are susceptible to hallucinations, which can lead to incorrect or misleading outputs...

6.9AI score
Exploits0
OSV
OSV
added 2025/05/09 7:16 a.m.1 views

DEBIAN-CVE-2025-37882

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix isochronous Ring Underrun/Overrun event handling The TRB pointer of these events points at enqueue at the time of error occurrence on xHCI 1.1+ HCs or it's NULL on older ones. By the time we are handling the event,...

7.8CVSS5.8AI score0.00237EPSS
Exploits0References1
Rows per page
Query Builder