Lucene search
K

13364 matches found

RedHat Linux
RedHat Linux
added 2025/11/11 8:21 a.m.2 views

kernel: wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy()

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmsmac: add gain range check to wlcphyiqcalgainparamsnphy In 'wlcphyiqcalgainparamsnphy', add gain range check to WARN instead of possible out-of-bounds 'tbliqcalgainparamsnphy' access. Compile tested only. Found by Linux...

7.1CVSS6.8AI score0.00192EPSS
Exploits0References5
Snyk
Snyk
added 2025/11/11 2:3 a.m.0 views

Malicious Package

Overview transform-es2015-block-scoping is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and thi...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2025/11/11 12:7 a.m.2 views

Malicious Package

Overview supports-validation-checkerlib is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and thi...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2025/11/11 12:7 a.m.1 views

Malicious Package

Overview grumpy-squidward is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2025/11/11 12:4 a.m.2 views

Malicious Package

Overview vite-plugin-postcss-tools is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2025/11/10 11:46 p.m.1 views

Malicious Package

Overview @walletwave/core is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2025/11/10 11:41 p.m.0 views

Malicious Package

Overview read-async is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.8AI score
Exploits0References2
OSV
OSV
added 2025/11/10 9:46 p.m.8 views

CVE-2025-64509 Bugsink vulnerable to unauthenticated remote DoS via crafted Brotli input (via CPU)

Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.6, a specially crafted Brotli-compressed envelope can cause Bugsink to spend excessive CPU time in decompression, leading to denial of service. This can be done if the DSN is known, which it is in many common setups JavaScript...

7.5CVSS6.3AI score0.00279EPSS
Exploits0References3
Snyk
Snyk
added 2025/11/10 7:11 a.m.1 views

Malicious Package

Overview karemv1 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.8AI score
Exploits0References2
Veracode
Veracode
added 2025/11/10 6:49 a.m.10 views

Parameter-parsing Bypass

Rack is vulnerable to a parameter-parsing Bypass. The vulnerability is due to Rack::QueryParser enforcing its paramslimit only for parameters separated by & while still splitting on both & and ;, which allows an attacker to bypass the parameter count limit by using ; separators to submit excessiv...

7.5CVSS6.4AI score0.00535EPSS
Exploits0References4Affected Software2
Snyk
Snyk
added 2025/11/10 5:52 a.m.3 views

Malicious Package

Overview web-vitals-help is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2025/11/10 5:52 a.m.1 views

Malicious Package

Overview @mts-ds/icons is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2025/11/10 5:50 a.m.2 views

Malicious Package

Overview le-front-monitor is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2025/11/10 3:41 a.m.1 views

Malicious Package

Overview synqroomkit is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS6.8AI score
Exploits0References2
Fedora
Fedora
added 2025/11/10 12:47 a.m.5 views

[SECURITY] Fedora 43 Update: rust-get-size2-0.7.1-1.fc43

Determine the size in bytes an object occupies inside RAM...

7AI score
Exploits0
CNNVD
CNNVD
added 2025/11/10 12:0 a.m.3 views

Bugsink 安全漏洞

Bugsink is a self-hosted bug tracking software from Bugsink Open Source. A security vulnerability exists in Bugsink versions prior to 2.0.6, which stems from a specially crafted Brotli compressed envelope that may lead to excessive CPU time consumption, possibly resulting in a denial of service...

7.5CVSS6.3AI score0.00279EPSS
Exploits0References2
Rosalinux
Rosalinux
added 2025/11/09 1:37 p.m.4 views

Advisory ROSA-SA-2025-3048

Software: libxml2 2.9.7 OS: ROSA Virtualization 3.1 unaffected versions = libxml2-2.9.7-21.0.1.rv31.3 affected versions libxml2-2.9.7-21.0.1.1.rv31.3 CVE-ID: CVE-2016-3709 BDU-ID: CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Libxml2 library is related to the failure to take measures to...

9.8CVSS8.3AI score0.22791EPSS
Exploits13
RedhatCVE
RedhatCVE
added 2025/11/08 12:55 a.m.14 views

CVE-2025-63690

In pig-mesh Pig versions 3.8.2 and below, when setting up scheduled tasks in the Quartz management function under the system management module, it is possible to execute any Java class with a parameterless constructor and its methods with parameter type String through reflection. At this time, th...

9.1CVSS8.3AI score0.00859EPSS
Exploits1References1
NVD
NVD
added 2025/11/07 4:15 p.m.7 views

CVE-2025-63690

In pig-mesh Pig versions 3.8.2 and below, when setting up scheduled tasks in the Quartz management function under the system management module, it is possible to execute any Java class with a parameterless constructor and its methods with parameter type String through reflection. At this time, th...

9.1CVSS0.00859EPSS
Exploits1References2
Snyk
Snyk
added 2025/11/07 3:25 p.m.2 views

Cross-site Scripting (XSS)

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Scripting XSS via the replaceCommandWithText function, by allowing user-controlled HTML from a prompt body to be passed to tempDiv.innerHTML without proper sanitization. An attacker can execute...

8.7CVSS6.2AI score0.0046EPSS
Exploits2References2
Rows per page
Query Builder