Lucene search
K

592 matches found

Cvelist
Cvelist
added 2025/09/09 10:31 p.m.9 views

CVE-2025-59044 Himmelblau vulnerable to GID collision via group name-derived mapping (privilege escalation)

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Himmelblau 0.9.x derives numeric GIDs for Entra ID groups from the group display name when himmelblau.conf idattrmap = name the default configuration. Because Microsoft Entra ID allows multiple groups with the same...

4.4CVSS0.00132EPSS
Exploits0References3
OSV
OSV
added 2025/09/09 10:31 p.m.5 views

CVE-2025-59044 Himmelblau vulnerable to GID collision via group name-derived mapping (privilege escalation)

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Himmelblau 0.9.x derives numeric GIDs for Entra ID groups from the group display name when himmelblau.conf idattrmap = name the default configuration. Because Microsoft Entra ID allows multiple groups with the same...

4.4CVSS6.8AI score0.00132EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/08/19 3:33 p.m.15 views

Stored XSS in n8n Form Trigger allows Account Takeover via injected iframe and video/source

Impact A stored Cross-Site Scripting XSS vulnerability was identified in n8n, specifically in the Form Trigger node's HTML form element. An authenticated attacker can inject malicious HTML via an with a srcdoc payload that includes arbitrary JavaScript execution. The attacker can also inject...

8.7CVSS5.8AI score0.00347EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/08/14 9:5 a.m.6 views

CVE-2025-54472 Apache bRPC: Redis Parser Remote Denial of Service

Unlimited memory allocation in redis protocol parser in Apache bRPC all versions 1.14.1 on all platforms allows attackers to crash the service via network. Root Cause: In the bRPC Redis protocol parser code, memory for arrays or strings of corresponding sizes is allocated based on the integers re...

7.5CVSS6.2AI score0.01198EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/08/13 12:0 a.m.6 views

EulerOS 2.0 SP11 : vim (EulerOS-SA-2025-1945)

According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Vim is a greatly improved version of the good old UNIX editor Vi. Vim allows to redirect screen messages using the :redir ex command to register,...

4.2CVSS5.5AI score0.00223EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2025/08/08 5:38 a.m.175 views

Exploit for Code Injection in Xwiki

📜 Description A critical RCE vulnerability exists in...

9.8CVSS8.1AI score0.99898EPSS
Exploits51
RedhatCVE
RedhatCVE
added 2025/08/06 5:32 p.m.5 views

CVE-2025-8518

A vulnerability was found in givanz Vvveb 1.0.5. It has been rated as critical. Affected by this issue is the function Save of the file admin/controller/editor/code.php of the component Code Editor. The manipulation leads to code injection. The attack may be launched remotely. The exploit has bee...

7.2CVSS5.3AI score0.01406EPSS
Exploits6References1
OSV
OSV
added 2025/08/04 4:2 p.m.6 views

CVE-2025-8517 givanz Vvveb session fixiation

A vulnerability was detected in givanz Vvveb 1.0.6.1. Impacted is an unknown function. The manipulation results in session fixiation. The attack can be launched remotely. The exploit is now public and may be used. Upgrading to version 1.0.7 is recommended to address this issue. The patch is...

5.3CVSS6.3AI score0.00664EPSS
Exploits1References11
CVE
CVE
added 2025/07/28 2:47 p.m.31 views

CVE-2025-54418

CodeIgniter4 (PHP) vulnerability: ImageMagick handler (imagick) allows command injection when processing uploads with user-controlled filenames (resize()) or text operations (text()) in versions prior to 4.6.2. Root cause is unsafe handling of user input in ImageMagick workflows, enabling shell m...

9.8CVSS6.9AI score0.01508EPSS
Exploits0References4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/23 4:15 p.m.15 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to command injection due to the lodash package (CVE-2021-23337)

Summary Lodash is used by DataStage on Cloud Pak for Data as part of data manipulation. Vulnerability Details CVEID:CVE-2021-23337 DESCRIPTION: Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. CWE:CWE-94: Improper Control of Generation of Code 'Code...

7.2CVSS7.5AI score0.2241EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/23 4:11 p.m.6 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to a null pointer dereference due to the libarchive package (CVE-2024-48615)

Summary libarchive is used by DataStage on Cloud Pak for Data as part of data formatting. Vulnerability Details CVEID:CVE-2024-48615 DESCRIPTION: Null Pointer Dereference vulnerability in libarchive 3.7.6 and earlier when running program bsdtar in function headerpaxextension at...

7.5CVSS7.4AI score0.00502EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/23 1:33 p.m.12 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to unwanted disconnects due to the gRPC package (CVE-2023-33953)

Summary gRPC is used by DataStage on Cloud Pak for Data as part of service communication. Vulnerability Details CVEID:CVE-2023-33953 DESCRIPTION: gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional...

7.5CVSS7.7AI score0.00412EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/23 1:28 p.m.5 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to out of bounds memory access due to the libssh2 package (CVE-2020-22218)

Summary libssh2 is used by DataStage on Cloud Pak for Data as part of secure communications. Vulnerability Details CVEID:CVE-2020-22218 DESCRIPTION: An issue was discovered in function libssh2packetadd in libssh2 1.10.0 allows attackers to access out of bounds memory. CWE:CWE-787: Out-of-bounds...

7.5CVSS6.6AI score0.00914EPSS
Exploits0Affected Software1
OSV
OSV
added 2025/07/17 4:15 p.m.4 views

CVE-2025-7338

Multer is a node.js middleware for handling multipart/form-data. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.2 allows an attacker to trigger a Denial of Service DoS by sending a malformed multi-part upload request. This request causes an unhandled...

7.5CVSS7AI score
Exploits0References3
Cvelist
Cvelist
added 2025/07/17 3:47 p.m.10 views

CVE-2025-7339 on-headers vulnerable to http response header manipulation

on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions 1.1.0 may result in response headers being inadvertently modified when an array is passed to response.writeHead. Users should upgrade to version 1.1.0 to receive a patch. Uses are...

3.4CVSS0.00174EPSS
Exploits0References5
CVE
CVE
added 2025/07/17 3:26 p.m.77 views

CVE-2025-7338

CVE-2025-7338 affects Multer (Node.js middleware for multipart/form-data) and can trigger a DoS via a malformed multipart upload. The issue exists in versions 1.4.4-lts.1 through prior to 2.0.2, causing an unhandled exception and process crash. The recommended fix is to upgrade to Multer 2.0.2 ; ...

7.5CVSS6.6AI score0.00644EPSS
Exploits0References3
OSV
OSV
added 2025/07/14 11:8 p.m.22 views

CVE-2025-53836 XWiki Rendering is vulnerable to RCE attacks when processing nested macros

XWiki Rendering is a generic rendering system that converts textual input in a given syntax wiki syntax, HTML, etc into another syntax XHTML, etc. Starting in version 4.2-milestone-1 and prior to versions 13.10.11, 14.4.7, and 14.10, the default macro content parser doesn't preserve the restricte...

9.9CVSS6.6AI score0.00525EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2025/07/14 9:40 p.m.10 views

XWiki Rendering is vulnerable to XSS attacks through insecure XHTML syntax

Impact The XHTML syntax depended on the xdom+xml/current syntax which allows the creation of raw blocks that permit the insertion of arbitrary HTML content including JavaScript. This allows XSS attacks for users who can edit a document like their user profile enabled by default. The attack works ...

9CVSS5.8AI score0.00325EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/07/11 12:0 a.m.7 views

CBL Mariner 2.0 Security Update: coredns (CVE-2025-47950)

The version of coredns installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-47950 advisory. - CoreDNS is a DNS server that chains plugins. In versions prior to 1.12.2, a Denial of Service DoS...

7.5CVSS7.8AI score0.01132EPSS
Exploits0References2
NVD
NVD
added 2025/07/04 3:15 a.m.4 views

CVE-2025-7053

A vulnerability was found in Cockpit up to 2.11.3. It has been rated as problematic. This issue affects some unknown processing of the file /system/users/save. The manipulation of the argument name/email leads to cross site scripting. The attack may be initiated remotely. Upgrading to version...

6.1CVSS0.00289EPSS
Exploits1References5
Rows per page
Query Builder