Lucene search
K

461 matches found

RedhatCVE
RedhatCVE
added 2025/08/02 8:23 p.m.7 views

CVE-2025-8376

A vulnerability classified as critical has been found in code-projects Vehicle Management 1.0. Affected is an unknown function of the file /updatebal.php. The manipulation of the argument company leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed ...

9.8CVSS7.5AI score0.0052EPSS
Exploits1References1
Circl
Circl
added 2025/07/30 7:7 a.m.14 views

CVE-2025-8322

creationtimestamp| type| source ---|---|--- 2025-07-30 07:07:27+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lv62qppgcw2l...

8.8CVSS4.8AI score0.00373EPSS
Exploits0References1
Gitee
Gitee
added 2025/07/27 3:38 a.m.1899 views

Exploit for CVE-2007-6750

ReconScan The purpose of this project is to develop scripts that can be useful in the pentesting workflow, be it for VulnHub VMs, CTFs, hands-on certificates, or real-world targets. The project currently consists of two major components: a script invoking and aggregating the results of existing...

10CVSS8.8AI score0.98945EPSS
Exploits95
Hacker One
Hacker One
added 2025/07/21 3:17 p.m.13 views

curl: on the implications of permitting procedural culling

Good day. My name is Lorentso Youriévitch Bogdanov. It has come to my attention that you are in need of higher-quality code review. Rest assured that you are not alone in noticing a certain degree of brain-drain in this field. As you can perhaps imagine, the recent shortage of qualified hackers a...

6.7AI score
Exploits0
Circl
Circl
added 2025/07/16 3:26 a.m.6 views

GHSA-C4R9-R8FH-9VJ2

creationtimestamp| type| source ---|---|--- 2025-07-16 03:26:38+00:00| seen| https://gist.github.com/safer-bot/c2216b5d3e2d6726f802333827d83269 2025-07-16 03:58:10+00:00| seen| https://gist.github.com/safer-bot/f17dd9ec05eaa98cd94e7e32cd52f5f8 2025-07-16 05:00:07+00:00| seen|...

7.3AI score
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/07/15 7:27 p.m.3 views

CVE-2025-50089

...

4.9CVSS7.6AI score0.00592EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/15 7:27 p.m.3 views

CVE-2025-50063

...

7.3CVSS7.6AI score0.00245EPSS
Exploits0References1
Hacker One
Hacker One
added 2025/07/13 1:42 p.m.25 views

curl: HTTP Request Smuggling Vulnerability Analysis - cURL Security Report

HTTP Request Smuggling Vulnerability Report - cURL Summary: cURL does not explicitly reject HTTP requests that contain both Transfer-Encoding and Content-Length headers, which can lead to HTTP request smuggling vulnerabilities CWE-444 when the request passes through intermediary systems proxies,...

7.5CVSS7.8AI score0.51798EPSS
Exploits0
Circl
Circl
added 2025/07/08 3:56 p.m.7 views

CVE-2025-47999

creationtimestamp| type| source ---|---|--- 2025-07-08 15:56:31+00:00| seen| https://www.thezdi.com/blog/2025/7/8/the-july-2025-security-update-review...

6.8CVSS4.7AI score0.00366EPSS
Exploits0References1
Gitee
Gitee
added 2025/07/06 2:38 a.m.849 views

Exploit for Out-of-bounds Write in F5 Nginx

Disclosures Zero-day and N-day security vulnerability notes, analysis, and proof-of-concepts URL: https://github.com/badd1e/Disclosures List CVE-2009-2629: nginx http module Buffer Underflow Remote Code Execution Vulnerability Patch analysis, testcase, notes CVE-2013-0007: Microsoft XML Core...

9.3CVSS8.4AI score0.75079EPSS
Exploits6
Vulnrichment
Vulnrichment
added 2025/06/27 11:52 a.m.3 views

CVE-2025-49321 WordPress Eventin plugin <= 4.0.28 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Arraytics Eventin wp-event-solution allows Reflected XSS.This issue affects Eventin: from n/a through = 4.0.28...

7.1CVSS5.2AI score0.00223EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/06/23 12:0 a.m.6 views

Towards Provable (In)Secure Model Weight Release Schemes

Recent secure weight release schemes claim to enable open-source model distribution while protecting model ownership and preventing misuse. However, these approaches lack rigorous security foundations and provide only informal security guarantees. Inspired by established works in cryptography, we...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/22 12:0 a.m.6 views

LLM Embedding-Based Attribution (LEA): Quantifying Source Contributions to Generative Model'S Response for Vulnerability Analysis

Security vulnerabilities are rapidly increasing in frequency and complexity, creating a shifting threat landscape that challenges cybersecurity defenses. Large Language Models LLMs have been widely adopted for cybersecurity threat analysis. When querying LLMs, dealing with new, unseen...

7AI score
Exploits0
Github Security Blog
Github Security Blog
added 2025/06/20 4:37 p.m.15 views

chi Allows Host Header Injection which Leads to Open Redirect in RedirectSlashes

Summary The RedirectSlashes function in middleware/strip.go is vulnerable to host header injection which leads to open redirect. We consider this a lower-severity open redirect, as it can't be exploited from browsers or email clients requires manipulation of a Host header. Details The...

7.1AI score
Exploits0References3Affected Software1
Gitee
Gitee
added 2025/06/15 4:41 p.m.95 views

tidos-framework

The TIDoS Framework is an open-source, Python-based web application penetration testing framework. It is designed to cover various phases of a penetration test, including reconnaissance, scanning and enumeration, vulnerability analysis, and exploitation. The framework is built on top of the SQLit...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/07 12:0 a.m.7 views

Ai-Driven Vulnerability Analysis in Smart Contracts: Trends, Challenges and Future Directions

Smart contracts, integral to blockchain ecosystems, enable decentralized applications to execute predefined operations without intermediaries. Their ability to enforce trustless interactions has made them a core component of platforms such as Ethereum. Vulnerabilities such as numerical overflows,...

7.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/05 12:0 a.m.5 views

Comprehensive Vulnerability Analysis Is Necessary for Trustworthy LLM-MAS

This paper argues that a comprehensive vulnerability analysis is essential for building trustworthy Large Language Model-based Multi-Agent Systems LLM-MAS. These systems, which consist of multiple LLM-powered agents working collaboratively, are increasingly deployed in high-stakes applications bu...

7.1AI score
Exploits0
Github Security Blog
Github Security Blog
added 2025/05/28 6:2 p.m.12 views

Potential Timing Side-Channel Vulnerability in vLLM’s Chunk-Based Prefix Caching

This issue arises from the prefix caching mechanism, which may expose the system to a timing side-channel attack. Description When a new prompt is processed, if the PageAttention mechanism finds a matching prefix chunk, the prefill process speeds up, which is reflected in the TTFT Time to First...

2.6CVSS6.5AI score0.00247EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 11:35 a.m.11 views

CVE-2025-0459

A vulnerability, which was classified as problematic, has been found in libretro RetroArch up to 1.19.1 on Windows. Affected by this issue is some unknown functionality in the library profapi.dll of the component Startup. The manipulation leads to untrusted search path. An attack has to be...

5.3CVSS6.7AI score0.00185EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:47 a.m.10 views

CVE-2024-52479

Cross-Site Request Forgery CSRF vulnerability in Astoundify Jobify jobify allows Cross Site Request Forgery.This issue affects Jobify: from n/a through 4.3.0...

8.8CVSS7.2AI score0.00187EPSS
Exploits0References1
Rows per page
Query Builder