Lucene search
K

82 matches found

EUVD
EUVD
added 2025/10/16 5:16 p.m.7 views

EUVD-2025-34793

Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, when creating an invalid reference, such as a reference to null, dereferencing results in a segmentation fault. This can be used by any API user with access to an API endpoint that allows specifying a...

7.1CVSS6.3AI score0.00487EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-23927

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00446EPSS
Exploits0References1
NVD
NVD
added 2025/10/03 6:15 p.m.4 views

CVE-2025-33039

An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We hav...

7.1CVSS0.0034EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/03 6:14 p.m.2 views

CVE-2025-52867 Qsync Central

An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: Qsync Centra...

6CVSS6.5AI score0.00387EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/03 6:9 p.m.3 views

CVE-2025-47210 Qsync Central

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.2...

5.3CVSS6.5AI score0.0046EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/03 12:0 a.m.10 views

PT-2025-40576

Name of the Vulnerable Software and Affected Versions QNAP versions prior to 5.2.6.3195 build 20250715 QNAP QuTS hero versions prior to 5.2.6.3195 build 20250715 Description A flaw exists where a remote attacker with administrator privileges can trigger a denial-of-service DoS condition due to a...

5.1CVSS6.4AI score0.00356EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/09/16 2:22 a.m.5 views

podman: Podman kube play command may overwrite host files

There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the targ...

8.1CVSS5.8AI score0.01008EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/08/29 10:6 p.m.3 views

CVE-2025-57752 Next.js Affected by Cache Key Confusion for Image Optimization API Routes

Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization API routes are affected by cache key confusion. When images returned from API routes vary based on request headers such as Cookie or...

6.2CVSS6.3AI score0.00325EPSS
Exploits0References4
OSV
OSV
added 2025/07/11 12:30 p.m.1 views

GHSA-37MW-44QP-F5JM Transformers is vulnerable to ReDoS attack through its DonutProcessor class

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically within the DonutProcessor class's token2json method. This vulnerability affects versions 4.51.3 and earlier, and is fixed in version 4.52.1. The issue arises from the...

5.3CVSS6.7AI score0.00431EPSS
Exploits1References5
OSV
OSV
added 2025/06/20 5:44 a.m.3 views

BIT-GRAFANA-2025-1088 Very long unicode dashboard title or panel name can hang the frontend

In Grafana, an excessively long dashboard title or panel name will cause Chromium browsers to become unresponsive due to Improper Input Validation vulnerability in Grafana. This issue affects Grafana: before 11.6.2 and is fixed in 11.6.2 and higher...

2.7CVSS3.5AI score0.00394EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/06/08 4:1 p.m.16 views

CVE-2025-33031

An improper certificate validation vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: File Station ...

8.8CVSS6.7AI score0.00224EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:59 a.m.7 views

CVE-2023-51650

Hertzbeat is an open source, real-time monitoring system. Prior to version 1.4.1, Spring Boot permission configuration issues caused unauthorized access vulnerabilities to three interfaces. This could result in disclosure of sensitive server information. Version 1.4.1 fixes this issue...

7.5CVSS6.8AI score0.00865EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 10:6 a.m.8 views

CVE-2019-13144

myTinyTodo 1.3.3 through 1.4.3 allows CSV Injection. This is fixed in 1.5...

9.8CVSS6.8AI score0.01837EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/02 9:9 p.m.48 views

CVE-2025-31479 canonical/get-workflow-version-action can leak a partial GITHUB_TOKEN in exception output

canonical/get-workflow-version-action is a GitHub composite action to get commit SHA that GitHub Actions reusable workflow was called with. Prior to 1.0.1, if the get-workflow-version-action step fails, the exception output may include the GITHUBTOKEN. If the full token is included in the excepti...

8.2CVSS0.00589EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/04/02 2:23 p.m.5 views

WordPress Residential Address Detection plugin <= 2.5.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika in WordPress Plugin Residential Address Detection versions = 2.5.4...

6.5CVSS8.4AI score0.00364EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/03/21 4:23 p.m.10 views

CVE-2025-30152

The Syliud PayPal Plugin is the Sylius Core Team’s plugin for the PayPal Commerce Platform. Prior to 1.6.2, 1.7.2, and 2.0.2, a discovered vulnerability allows users to modify their shopping cart after completing the PayPal Checkout process and payment authorization. If a user initiates a PayPal...

6.5CVSS6.8AI score0.00323EPSS
Exploits0References1
NVD
NVD
added 2025/03/11 4:15 p.m.16 views

CVE-2025-27617

Pimcore is an open source data and experience management platform. Prior to version 11.5.4, authenticated users can craft a filter string used to cause a SQL injection. Version 11.5.4 fixes the issue...

8.8CVSS0.00449EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/03/07 4:13 p.m.17 views

CVE-2024-53695 HBS 3 Hybrid Backup Sync

A buffer overflow vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to modify memory or crash processes. We have already fixed the vulnerability in the following version: HBS 3 Hybrid Backup Sync 25.1.4.952 and later...

6.3CVSS0.00483EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 6:0 a.m.10 views

CVE-2024-49754

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the API-Access page allows authenticated users to inject arbitrary JavaScript through the "token" parameter when creating a new API token. This vulnerability can result i...

7.5CVSS5.4AI score0.69818EPSS
Exploits1References1
CVE
CVE
added 2025/01/08 6:25 p.m.62 views

CVE-2025-22140

WeGIA (web manager for charitable institutions) has a SQL Injection in the endpoint /html/funcionario/dependente_listar_um.php, in the id_dependente parameter. The vulnerability allows arbitrary SQL execution with high impact to confidentiality, integrity, and availability. Affected versions are ...

9.4CVSS8AI score0.00673EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder