Lucene search
K

62 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mmc: davincimmc: Prevents the transmitted data size from exceeding the length of sgm. No check is performed on the size of the data to be transmitted. This can lead to a kernel panic when the transmitted data size exceeds the...

5.5CVSS5.6AI score0.00246EPSS
Exploits0References2
OSV
OSV
added 2026/05/14 6:25 p.m.10 views

GHSA-JJ54-R8GM-2FCF dbt MCP Server Transmits All MCP Tool Arguments Including Raw SQL and --vars Credentials to dbt Labs Telemetry by Default Without Redaction

Discovered through manual source code review. Verified by PoC execution against a local dbt-mcp v1.15.1 installation. Summary DefaultUsageTracker.emittoolcalledevent in src/dbtmcp/tracking/tracking.py serializes the complete arguments dictionary of every MCP tool call and transmits it verbatim to...

3.1CVSS6AI score0.00042EPSS
Exploits0References3
CVE
CVE
added 2026/02/15 10:58 a.m.12 views

CVE-2026-2539

The CVE-2026-2539 affects the Micca KE700 car alarm system where the RF protocol transmits data frames in cleartext. The vulnerability arises because random numbers and counters used for authentication are captured via radio interception, enabling an attacker to obtain sensitive authentication-re...

7.1CVSS5.5AI score0.00128EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.5 views

PT-2025-51711

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The CAN driver within the Linux kernel contains an issue in the gs usb xmit callback function related to the handling of failed transmitted URBs. The driver does not properly clean up...

5.3AI score0.00161EPSS
Exploits0
Cvelist
Cvelist
added 2025/12/09 11:41 p.m.26 views

CVE-2025-64898 ColdFusion | Insufficiently Protected Credentials (CWE-522)

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could result in limited unauthorized write access. An attacker could leverage this vulnerability to gain unauthorized access by exploiting improperly stored or...

5.3CVSS0.00388EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-28560

Malicious code in bioql PyPI...

9.1CVSS5.1AI score0.0019EPSS
Exploits0References1
CVE
CVE
added 2025/09/23 6:0 a.m.32 views

CVE-2025-39873

CVE-2025-39873 (Linux kernel) : The vulnerability concerns the xilinx_can driver where xcan_write_frame() may use a previously freed skb. The root cause is that can_put_echo_skb() can take ownership of the SKB, which may be freed during or after the call, while xcan_write_frame() continues to tou...

7.8CVSS6.5AI score0.00148EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2025/09/23 6:0 a.m.10 views

CVE-2025-39873 can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB

In the Linux kernel, the following vulnerability has been resolved: can: xilinxcan: xcanwriteframe: fix use-after-free of transmitted SKB canputechoskb takes ownership of the SKB and it may be freed during or after the call. However, xilinxcan xcanwriteframe keeps using SKB after the call. Fix th...

0.00148EPSS
Exploits0References6
NVD
NVD
added 2025/08/11 1:15 p.m.5 views

CVE-2025-8863

YugabyteDB diagnostic information was transmitted over HTTP, which could expose sensitive data during transmission...

7CVSS0.00219EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/07/07 12:0 a.m.5 views

The vulnerability of the Segnetics SMConfig system configuration tool lies in the lack of protection for transmitted data, which allows attackers to disclose the protected information.

The vulnerability of the Segnetics SMConfig system configuration tool is related to the lack of protection for transmitted data. Exploiting this vulnerability allows a malicious actor to disclose sensitive information by reading the HTTP cookie header...

6.1CVSS5.4AI score
Exploits0Affected Software1
CNNVD
CNNVD
added 2025/05/28 12:0 a.m.5 views

Netwrix Directory Manager 安全漏洞

Netwrix Directory Manager is a group and user management software from Netwrix. A security vulnerability exists in Netwrix Directory Manager v.11.0.0.0 and earlier and later v.11.1.25134.03, which originates from the insertion of sensitive information in sent data...

9.1CVSS6.4AI score0.00375EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/02/27 12:0 a.m.4 views

Trivision NC227WF 安全漏洞

Trivision NC227WF is a webcam from Trivision. A security vulnerability exists in Trivision NC227WF version v5.8.0, which stems from a password being transmitted via a query string...

6.2CVSS6.9AI score0.00163EPSS
Exploits2References2
BDU FSTEC
BDU FSTEC
added 2025/01/28 12:0 a.m.5 views

The vulnerability of the Drupal CMS system’s Image Sizes module, related to the insertion of confidential information into the transmitted data, allows attackers to circumvent security restrictions and execute a Forceful Browsing attack.

The vulnerability of the Image Sizes module in Drupal systems is related to the insertion of confidential information into the transmitted data. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and execute a Forceful Browsing attack...

7.8CVSS5.5AI score0.00473EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/07/29 3:15 p.m.27 views

CVE-2024-41026

In the Linux kernel, the following vulnerability has been resolved: mmc: davincimmc: Prevent transmitted data size from exceeding sgm's length No check is done on the size of the data to be transmiited. This causes a kernel panic when this size exceeds the sgmiter's length. Limit the number of...

5.5CVSS0.00246EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/07/29 2:31 p.m.12 views

CVE-2024-41026 mmc: davinci_mmc: Prevent transmitted data size from exceeding sgm's length

In the Linux kernel, the following vulnerability has been resolved: mmc: davincimmc: Prevent transmitted data size from exceeding sgm's length No check is done on the size of the data to be transmiited. This causes a kernel panic when this size exceeds the sgmiter's length. Limit the number of...

6.7AI score0.00246EPSS
Exploits0References2
OSV
OSV
added 2024/07/29 2:31 p.m.20 views

CVE-2024-41026 mmc: davinci_mmc: Prevent transmitted data size from exceeding sgm's length

In the Linux kernel, the following vulnerability has been resolved: mmc: davincimmc: Prevent transmitted data size from exceeding sgm's length No check is done on the size of the data to be transmiited. This causes a kernel panic when this size exceeds the sgmiter's length. Limit the number of...

5.5CVSS5.5AI score0.00246EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/07/29 2:31 p.m.33 views

CVE-2024-41026 mmc: davinci_mmc: Prevent transmitted data size from exceeding sgm's length

In the Linux kernel, the following vulnerability has been resolved: mmc: davincimmc: Prevent transmitted data size from exceeding sgm's length No check is done on the size of the data to be transmiited. This causes a kernel panic when this size exceeds the sgmiter's length. Limit the number of...

0.00246EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/07/24 12:0 a.m.5 views

The vulnerability of the syslog system for software used in managing SAN networks by Brocade SANnav allows a intruder to gain unauthorized access to protected information.

The vulnerability of the syslog system for SAN management software like Brocade SANnav lies in the fact that data is transmitted in an open manner. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

8.6CVSS5.5AI score0.0047EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/06/13 6:15 p.m.16 views

CVE-2024-38284

Transmitted data is logged between the device and the backend service. An attacker could use these logs to perform a replay attack to replicate calls...

8.7CVSS0.00342EPSS
Exploits0References1
CVE
CVE
added 2024/06/13 5:22 p.m.40 views

CVE-2024-38284

CVE-2024-38284 affects Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600), with versions up to 3.1.171.9. The root cause is that transmitted data is logged between the device and the backend, enabling an attacker to perform a replay attack to replicate calls. In the ICS context, mitiga...

8.7CVSS6.5AI score0.00342EPSS
Exploits0References1
Rows per page
Query Builder