Lucene search
K

2773 matches found

Vulnrichment
Vulnrichment
added 2025/09/15 7:10 p.m.1 views

CVE-2025-59144 [email protected] contains malware after npm account takeover

debug is a JavaScript debugging utility. On 8 September 2025, the npm publishing account for debug was taken over after a phishing attack. Version 4.4.2 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency...

8.8CVSS6.5AI score0.00378EPSS
Exploits0References5
OSV
OSV
added 2025/09/12 11:43 a.m.4 views

BIT-KYVERNO-2025-46342 Kyverno vulnerable to bypass of policy rules that use namespace selectors in match statements

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.13.5 and 1.14.0, it may happen that policy rules using namespace selectors in their match statements are mistakenly not applied during admission review request processing due to a missing error...

8.5CVSS6.8AI score0.00618EPSS
Exploits1References3
OSV
OSV
added 2025/09/04 5:48 p.m.4 views

BIT-POWERSHELL-2020-0951 Windows Defender Application Control Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists in Windows Defender Application Control WDAC which could allow an attacker to bypass WDAC enforcement. An attacker who successfully exploited this vulnerability could execute PowerShell commands that would be blocked by WDAC. To exploit the...

7.2CVSS7.1AI score0.07037EPSS
Exploits0References2
OSV
OSV
added 2025/09/02 5:47 p.m.9 views

USN-7726-4 linux-gke, linux-ibm-5.15, linux-kvm vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - NTFS3 file system; - Network traffic control; CVE-2024-27407, CVE-2024-57996, CVE-2025-37752, CVE-2025-38350...

8.4CVSS6.6AI score0.00295EPSS
Exploits0References5
AlmaLinux
AlmaLinux
added 2025/09/02 12:0 a.m.4 views

Important: postgresql:13 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL executes arbitrary code in restore operation CVE-2025-8715 postgresql: PostgreSQL code execution in restore operation CVE-2025-8714 For more details about the security issues,...

8.8CVSS7.8AI score0.00709EPSS
Exploits1References7
OSV
OSV
added 2025/08/26 10:56 a.m.2 views

ROOT-OS-DEBIAN-12-CVE-2023-46361 CVE-2023-46361 in rootio-jbig2dec - Patched by Root

Root has patched CVE-2023-46361 in the rootio-jbig2dec package for Root:Debian:12. Multiple fixed versions available...

6.5CVSS5.4AI score0.00753EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/08/26 12:0 a.m.3 views

Solaris 10 (i386): 148242-08

SunOS 5.10: SunOS 5.10x86: statd patch. Date this patch was last updated by Sun : Jan/15/24 %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include"compat.inc"; if description scriptid255261; scriptversion"1.1";...

7AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/08/19 8:17 p.m.17 views

screenshot-desktop vulnerable to command Injection via `format` option

Impact This vulnerability is a command injection issue. When user-controlled input is passed into the format option of the screenshot function, it is interpolated into a shell command without sanitization. An attacker can craft malicious input such as: format: "; echo vulnerable /tmp/hello;" This...

9.8CVSS7.5AI score0.01479EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2016-0503

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a...

6.8CVSS7AI score0.03245EPSS
Exploits0References2
NVD
NVD
added 2025/08/13 2:15 p.m.14 views

CVE-2025-54382

Cherry Studio is a desktop client that supports for multiple LLM providers. In version 1.5.1, a remote code execution RCE vulnerability exists in the Cherry Studio platform when connecting to streamableHttp MCP servers. The issue arises from the server’s implicit trust in the oauth auth redirecti...

9.6CVSS0.05449EPSS
Exploits1References1
OSV
OSV
added 2025/08/12 8:23 a.m.2 views

ROOT-OS-ALPINE-319-CVE-2024-24806 CVE-2024-24806 in rootio-libuv - Patched by Root

Root has patched CVE-2024-24806 in the rootio-libuv package for Root:Alpine:3.19. Multiple fixed versions available...

7.3CVSS7.6AI score0.02003EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2025/08/11 9:57 p.m.3 views

CVE-2025-55150 Stirling-PDF SSRF vulnerability on /api/v1/convert/html/pdf

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/html/pdf endpoint to convert HTML to PDF, the backend calls a third-party tool to process it and includes a sanitizer for security sanitization...

8.6CVSS7AI score0.01587EPSS
Exploits0References2
OSV
OSV
added 2025/08/11 2:0 p.m.3 views

BIT-PYTHON-MIN-2025-8194 Tarfile infinite loop during parsing with negative member offset

There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives...

7.5CVSS6.1AI score0.00611EPSS
Exploits0References20
Tenable Nessus
Tenable Nessus
added 2025/08/10 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-8176

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function gethistogram of the file...

7.8CVSS5.3AI score0.00238EPSS
Exploits1References2
CBLMariner
CBLMariner
added 2025/08/07 3:8 p.m.3 views

CVE-2025-5455 affecting package qtbase for versions less than 6.6.3-4

CVE-2025-5455 affecting package qtbase for versions less than 6.6.3-4. A patched version of the package is available...

8.4CVSS6.4AI score0.00309EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/07 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2025-38070

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ASoC: sma1307: Add NULL check in sma1307settingloaded All varibale allocated by kzalloc and devmkzalloc could be NULL. Multiple pointer checks and their cleanup...

5.5CVSS6AI score0.00127EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/07 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2025-37748

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: Fix NULL pointer deference in mtkiommudevicegroup Currently, mtkiommu calls...

5.5CVSS6.1AI score0.0015EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/07 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2024-49573

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix NEXTBUDDY Adam reports that enabling NEXTBUDDY insta triggers a WARN in...

5.5CVSS5.6AI score0.00182EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/07 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2022-50192

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: spi: tegra20-slink: fix UAF in tegraslinkremove After calling spiunregistermaster, the...

7.8CVSS6AI score0.00208EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/07 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2022-48916

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix double listadd when enabling VMD in scalable mode When enabling VMD and IOMM...

5.5CVSS5.8AI score0.0021EPSS
Exploits0References2
Rows per page
Query Builder