Lucene search
K

170 matches found

GithubExploit
GithubExploit
added 2025/12/11 5:8 a.m.143 views

Exploit for Deserialization of Untrusted Data in Facebook React

$$\ $$\ $$$$$$$\ $$\ $$\ $$$$$$$$\ $$\ $...

10CVSS8.1AI score0.99562EPSS
Exploits374
RedHat Linux
RedHat Linux
added 2025/12/08 1:37 a.m.8 views

firefox: thunderbird: Mitigation bypass in the DOM: Core & HTML component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Core & HTML component...

6.1CVSS5.7AI score0.00198EPSS
Exploits0References5
Circl
Circl
added 2025/12/03 2:14 p.m.3 views

CVE-2023-52491

creationtimestamp| type| source ---|---|--- 2025-12-03 14:14:49+00:00| seen| https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8...

7.8CVSS6.5AI score0.00276EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/12/03 12:0 a.m.7 views

RHEL 7 : bind (RHSA-2025:22205)

"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:22205 advisory. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named %NASLMINLEVEL...

8.6CVSS6.5AI score0.00509EPSS
Exploits1References4
Snyk
Snyk
added 2025/11/24 4:24 p.m.6 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

9.8CVSS6.8AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.5 views

Siemens SIMATIC S7-1500 Buffer Copy without Checking Size of Input (CVE-2023-0687)

A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246...

9.8CVSS6.3AI score0.01103EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/10/29 12:11 a.m.6 views

CVE-2025-54605

Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption issue 2 of 2...

7.5CVSS6.9AI score0.00394EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/10/27 8:15 p.m.6 views

CVE-2025-61102

FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the showvtyextlinkadjsid function at ospfext.c. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted OSPF packet...

7.5CVSS5.9AI score0.00457EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2025/10/21 6:53 p.m.6 views

uv has differential in tar extraction with PAX headers

Impact In versions 0.9.4 and earlier of uv, tar archives containing PAX headers with file size overrides were not handled properly. As a result, an attacker could contrive a source distribution as a tar archive that would extract differently when installed via uv versus other Python package...

8.1CVSS7.6AI score0.00688EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
added 2025/10/14 12:0 a.m.4 views

PT-2025-46654

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to Transport Layer Security TLS asynchronous decryption. Specifically, if the tls strp msg hold function fails to allocate a clone of the input...

5.5CVSS7.7AI score0.00183EPSS
Exploits0
OpenVAS
OpenVAS
added 2025/09/30 12:0 a.m.5 views

Ubuntu: Security Advisory (USN-7783-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS6.8AI score0.00739EPSS
Exploits2References2
NVD
NVD
added 2025/09/26 9:15 a.m.4 views

CVE-2025-60139

Cross-Site Request Forgery CSRF vulnerability in Joovii Sendle Shipping official-sendle-shipping-method allows Cross Site Request Forgery.This issue affects Sendle Shipping: from n/a through = 6.02...

4.3CVSS0.00131EPSS
Exploits0References1
CERT
CERT
added 2025/09/22 12:0 a.m.9 views

Cross-site scripting vulnerability in Lectora course navigation

Overview Lectora Desktop versions 21.0–21.3 and Lectora Online versions 7.1.6 and older contained a cross-site scripting XSS vulnerability in courses published with Seamless Play Publish SPP enabled and Web Accessibility disabled. The vulnerability was initially patched in Lectora Desktop version...

6.2AI score
Exploits0References1
CVE
CVE
added 2025/09/18 11:56 a.m.16 views

CVE-2024-13151

CVE-2024-13151 is a SQL injection (CWE-89) vulnerability in ESBI Information and Telecommunication Industry and Trade Limited Company Auto Service Software. All available sources describe the issue as stemming from improper neutralization of special elements in SQL commands, affecting Auto Servic...

9.8CVSS5.9AI score0.0034EPSS
Exploits0References2
NVD
NVD
added 2025/09/17 6:15 p.m.6 views

CVE-2025-58767

REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXML gem 3.4.2 or later include the patches to fix these...

5.3CVSS0.00231EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/16 11:39 a.m.14 views

CVE-2024-12913 SQLi in Megatek Communication System's Azora Wireless Network Management

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Megatek Communication System Azora Wireless Network Management allows SQL Injection. This issue affects Azora Wireless Network Management: through 20250916. NOTE: The vendor did not inform about th...

8.8CVSS0.00161EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/04 5:59 p.m.5 views

CVE-2025-38705

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix null pointer access Writing a string without delimiters ' ', '\n', '\0' to the under gpuod/fanctrl sysfs or pppowerprofilemode for the CUSTOM profile will result in a null pointer dereference...

5.5CVSS5.8AI score0.00145EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/08/30 6:19 p.m.4 views

CVE-2025-54543

QuickCMS is vulnerable to Stored XSS via sDescriptionMeta parameter in page editor SEO functionality. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. By default admin user is not able to add...

5.3CVSS6AI score0.00182EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/08/14 11:0 p.m.7 views

WordPress B Slider - Gutenberg Slider Block for WP plugin <= 2.0.0 - Authenticated (Subscriber+) Server-Side Request Forgery vulnerability

WordPress B Slider - Gutenberg Slider Block for WP plugin = 2.0.0 - Authenticated Subscriber+ Server-Side Request Forgery vulnerability discovered by wesley wcraft in WordPress Plugin B Slider versions = 2.0.0...

4.3CVSS6.8AI score0.00326EPSS
Exploits0References1Affected Software1
SUSE CVE
SUSE CVE
added 2025/07/28 11:36 p.m.5 views

SUSE CVE-2023-53158

The gix-transport crate before 0.36.1 for Rust allows command execution via the "gix clone 'ssh://-oProxyCommand=open$IFS" substring. NOTE: this was discovered before CVE-2024-32884, a similar vulnerability involving a username field that is more difficult to exploit...

4.1CVSS7.3AI score0.00171EPSS
Exploits0References3
Rows per page
Query Builder