Lucene search
K

19 matches found

Packet Storm News
Packet Storm News
added 2025/12/30 12:0 a.m.2 views

SourceBroken: A Large-Scale Analysis on the (Un)Reliability of SourceRank in the PyPI Ecosystem

SourceRank is a scoring system made of 18 metrics that assess the popularity and quality of open-source packages. Despite being used in several recent studies, none has thoroughly analyzed its reliability against evasion attacks aimed at inflating the score of malicious packages, thereby...

6.8AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-1737

Malicious code in bioql PyPI...

6.5CVSS6.4AI score0.00787EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/22 11:29 p.m.5 views

CVE-2022-1233

URL Confusion When Scheme Not Supplied in GitHub repository medialize/uri.js prior to 1.19.11...

6.5CVSS6.7AI score0.00787EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/03/20 12:0 a.m.11 views

EulerOS 2.0 SP12 : git (EulerOS-SA-2025-1295)

According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full...

9.3CVSS7.6AI score0.10047EPSS
Exploits2References3
Cvelist
Cvelist
added 2024/10/24 8:39 p.m.30 views

CVE-2024-47883 Butterfly has path/URL confusion in resource handling leading to multiple weaknesses

The OpenRefine fork of the MIT Simile Butterfly server is a modular web application framework. The Butterfly framework uses the java.net.URL class to refer to what are expected to be local resource files, like images or templates. This works: "opening a connection" to these URLs opens the local...

9.1CVSS0.01602EPSS
Exploits1References2
Schneier on Security
Schneier on Security
added 2023/05/19 11:11 a.m.25 views

Security Risks of New .zip and .mov Domains

Researchers are worried about Googles .zip and .mov domains, because they are confusing. Mistaking a URL for a filename could be a security vulnerability...

6.9AI score
Exploits0
NVD
NVD
added 2022/04/04 8:15 p.m.28 views

CVE-2022-1233

URL Confusion When Scheme Not Supplied in GitHub repository medialize/uri.js prior to 1.19.11...

6.5CVSS0.00787EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/04/04 8:15 p.m.6 views

CVE-2022-1233

URL Confusion When Scheme Not Supplied in GitHub repository medialize/uri.js prior to 1.19.11...

6.5CVSS6.5AI score0.00787EPSS
Exploits1References3
CVE
CVE
added 2022/04/04 7:30 p.m.91 views

CVE-2022-1233

CVE-2022-1233 affects the medialize/uri.js library. When parsing URLs without a scheme and with excessive slashes, the library may treat the hostname as null and set the path to /www.example.com, leading to URL confusion. This issue is fixed in version 1.19.11; prior releases are vulnerable. Affe...

6.5CVSS6.3AI score0.00787EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/04/04 7:30 p.m.31 views

CVE-2022-1233 URL Confusion When Scheme Not Supplied in medialize/uri.js

URL Confusion When Scheme Not Supplied in GitHub repository medialize/uri.js prior to 1.19.11...

6.5CVSS6.5AI score0.00787EPSS
Exploits1References2
OSV
OSV
added 2022/04/04 7:30 p.m.25 views

CVE-2022-1233 URL Confusion When Scheme Not Supplied in medialize/uri.js

URL Confusion When Scheme Not Supplied in GitHub repository medialize/uri.js prior to 1.19.11...

6.5CVSS6.4AI score0.00787EPSS
Exploits1References4
Huntr
Huntr
added 2022/03/15 9:42 a.m.31 views

URL Confusion When Scheme Not Supplied

Description This is a URL confusion vulnerability. When parsing a URL without a scheme and with excessive slashes, like ///www.example.com, URI.js will parse the hostname as null and the path as /www.example.com. Such behaviour is different from that exhibited by browsers, which will parse...

5.8CVSS6.5AI score0.00787EPSS
Exploits1
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.30 views

Mageia: Security Advisory (MGASA-2014-0183)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.5AI score0.01934EPSS
Exploits10References4
OSV
OSV
added 2022/01/16 8:39 p.m.11 views

MGASA-2022-0019 Updated thunderbird packages fix security vulnerability

It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox CVE-2021-4140. Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free causing a potentially exploitable cra...

10CVSS8.6AI score0.0134EPSS
Exploits6References5
Mageia
Mageia
added 2014/04/20 11:43 a.m.65 views

Updated chromium-browser packages fix multiple security vulnerabilities

Updated chromium-browser-stable packages fix security vulnerabilities: Multiple vulnerabilities in the V8 JavaScript library, including a UXSS issue CVE-2014-1716, OOB access CVE-2014-1717, memory corruption CVE-2014-1721, and other vulnerabilities fixed in V8 version 3.24.35.22 CVE-2014-1729...

7.5CVSS7.1AI score0.01934EPSS
Exploits10References2
seebug.org
seebug.org
added 2014/04/11 12:0 a.m.33 views

Google Chrome UnescapeURLWithOffsetsImpl() Function BiDi控制符未转义URL混淆漏洞

CVE ID:CVE-2014-1723 Google Chrome是一款流行的WEB浏览器。 Google Chrome UnescapeURLWithOffsetsImpl函数net/base/escape.cc处理URL中未转义BiDi控制符时,允许攻击者利用漏洞构建恶意WEB页,诱使用户解析,可导致URL混淆。 0 Google Chrome 33.0.1750.154 Google Chrome 33.0.1750.152 Google Chrome 34.0.1847.116版本已修复该漏洞,建议用户下载使用: https://www.google.com/chrome/...

7.5CVSS1AI score0.01369EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2014/04/10 12:0 a.m.28 views

Google Chrome < 34.0.1847.116 Multiple Vulnerabilities

Binary data 8208.pasl...

10CVSS8.9AI score0.0761EPSS
Exploits1References2
FreeBSD
FreeBSD
added 2014/04/08 12:0 a.m.35 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 31 vulnerabilities fixed in this release, including: 354123 High CVE-2014-1716: UXSS in V8. Credit to Anonymous. 353004 High CVE-2014-1717: OOB access in V8. Credit to Anonymous. 348332 High CVE-2014-1718: Integer overflow in compositor. Credit to Aaron Staple...

7.5CVSS3.2AI score0.01934EPSS
Exploits10References1
Tenable Nessus
Tenable Nessus
added 2014/04/08 12:0 a.m.41 views

Google Chrome < 34.0.1847.116 Multiple Vulnerabilities

The version of Google Chrome installed on the remote host is a version prior to 34.0.1847.116. It is, therefore, affected by the following vulnerabilities : - A use-after-free error exists in the included Flash version that could lead to arbitrary code execution. CVE-2014-0506 - A buffer overflow...

10CVSS7.6AI score0.0761EPSS
Exploits14References20
Rows per page
Query Builder