Lucene search
K

13374 matches found

Positive Technologies
Positive Technologies
added 2025/10/08 12:0 a.m.4 views

PT-2025-51135

Name of the Vulnerable Software and Affected Versions golang.org/x/net/html affected versions not specified Description The html.Parse function exhibits quadratic parsing complexity when handling specific inputs. This can result in a denial of service DoS if an attacker submits maliciously crafte...

5.3CVSS6.3AI score0.00502EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/10/08 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2022-50443

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/rockchip: lvds: fix PM usage counter unbalance in poweron pmruntimegetsync will increment pm usage counter even it failed. Forgetting to putting operation...

5.5CVSS6.1AI score0.00145EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/10/07 11:25 p.m.3 views

SUSE CVE-2025-61770

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser buffers the entire multipart preamble bytes before the first boundary in memory without any size limit. A client can send a large preamble followed by a valid boundary, causing...

7.5CVSS6.9AI score0.00848EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2025/10/07 11:25 p.m.3 views

SUSE CVE-2025-61771

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser stores non-file form fields parts without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes or...

7.5CVSS7AI score0.00516EPSS
Exploits0References6
OSV
OSV
added 2025/10/07 3:19 p.m.4 views

CVE-2023-53622 gfs2: Fix possible data races in gfs2_show_options()

In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix possible data races in gfs2showoptions Some fields such as gtlogdsecs of the struct gfs2tune are accessed without holding the lock gtspin in gfs2showoptions: val = sdp-sdtune.gtlogdsecs; if val != 30 seqprintfs,...

7CVSS6.5AI score0.00132EPSS
Exploits0References11
EUVD
EUVD
added 2025/10/07 3:19 p.m.5 views

EUVD-2025-32826

In the Linux kernel, the following vulnerability has been resolved: fs: dlm: fix invalid derefence of sblvbptr I experience issues when putting a lkbsb on the stack and have sblvbptr field to a dangled pointer while not using DLMLKFVALBLK. It will crash with the following kernel message, the...

5.8AI score0.00152EPSS
Exploits0References5
OSV
OSV
added 2025/10/07 3:16 p.m.2 views

DEBIAN-CVE-2025-61771

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser stores non-file form fields parts without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes or...

7.5CVSS5.8AI score0.00516EPSS
Exploits0References1
OSV
OSV
added 2025/10/07 3:16 p.m.2 views

UBUNTU-CVE-2025-61771

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser stores non-file form fields parts without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes or...

7.5CVSS6.7AI score0.00516EPSS
Exploits0References7
OSV
OSV
added 2025/10/07 2:42 p.m.4 views

CVE-2025-61771 Rack's multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser stores non-file form fields parts without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes or...

7.5CVSS6.3AI score0.00516EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/10/07 2:22 p.m.5 views

django: Django SQL injection in FilteredRelation column aliases

An SQL injection flaw has been discovered in the Django web framework. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed QuerySet.annotate or QuerySet.alias...

8.1CVSS7.3AI score0.15602EPSS
Exploits4References7
Snyk
Snyk
added 2025/10/07 4:38 a.m.1 views

Malicious Package

Overview bildgoogl is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2025/10/07 4:38 a.m.2 views

Malicious Package

Overview jupjs1 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2025/10/07 4:34 a.m.2 views

Malicious Package

Overview res-notification is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2025/10/07 4:34 a.m.1 views

Malicious Package

Overview areaclientefront is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2025/10/07 4:33 a.m.1 views

Malicious Package

Overview spayee-micro-frontend is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2025/10/07 4:33 a.m.2 views

Malicious Package

Overview ad-react-wrapper is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2025/10/07 4:29 a.m.1 views

Malicious Package

Overview kios is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2025/10/07 4:28 a.m.3 views

Malicious Package

Overview mapbox-gl-ts is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2025/10/07 4:26 a.m.3 views

Malicious Package

Overview karma-verbose-summary-reporter is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and thi...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2025/10/07 4:26 a.m.1 views

Malicious Package

Overview filecoin-checker-shared is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

9.8CVSS6.8AI score
Exploits0References2
Rows per page
Query Builder