Lucene search
K

2772 matches found

OSV
OSV
added 2025/07/28 6:42 p.m.5 views

PSF-2025-11

There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives...

7.5CVSS7.1AI score0.00611EPSS
Exploits0References11
Patchstack
Patchstack
added 2025/07/28 12:0 a.m.6 views

WordPress Bricks Builder Theme <= 1.12.4 is vulnerable to SQL Injection

Software Bricks Builder Type Theme Vulnerable versions = 1.12.4 Fixed in 2.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2025-6495 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID a75c4498f744 Credits Jamie Burchell Required privilege Unauthenticated...

7.5CVSS6.5AI score0.00436EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/07/28 12:0 a.m.12 views

PT-2025-31145

Name of the Vulnerable Software and Affected Versions CPython versions affected versions not specified Description A defect exists in the CPython “tarfile” module, impacting the “TarFile” extraction and entry enumeration APIs. The tar implementation processes tar archives with negative offsets...

9.4CVSS7AI score0.01479EPSS
Exploits18References215
OPENSUSE Linux
OPENSUSE Linux
added 2025/07/26 12:0 a.m.4 views

python311-starlette-0.47.2-1.1 on GA media (moderate)

python311-starlette-0.47.2-1.1 on GA media Announcement ID: openSUSE-SU-2025:15381-1 Rating: moderate Cross-References: CVE-2025-54121 CVSS scores: CVE-2025-54121 SUSE : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2025-54121 SUSE : 6.9...

6.9CVSS7.3AI score0.00526EPSS
Exploits0
OSV
OSV
added 2025/07/24 6:1 a.m.2 views

BELL-CVE-2025-54090

Bulletin has no description...

6.3CVSS6AI score0.00691EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/22 3:32 a.m.10 views

CVE-2025-7953 Sanluan PublicCMS viewer.html redirect

A vulnerability, which was classified as problematic, has been found in Sanluan PublicCMS up to 5.202506.a. This issue affects some unknown processing of the file publiccms-parent/publiccms/src/main/webapp/resource/plugins/pdfjs/viewer.html. The manipulation of the argument File leads to open...

5.1CVSS0.0032EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/07/22 1:32 a.m.3 views

CVE-2025-7949 Sanluan PublicCMS preview.html redirect

A vulnerability was found in Sanluan PublicCMS up to 5.202506.a. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file publiccms-parent/publiccms/src/main/resources/templates/admin/cmsDiy/preview.html. The manipulation of the argument url lead...

5.1CVSS4AI score0.00297EPSS
Exploits1References5
Oracle linux
Oracle linux
added 2025/07/22 12:0 a.m.10 views

redis security update

6.2.19-1 - rebase to 6.2.19 for CVE-2025-32023 and CVE-2025-48367 6.2.18-1 - rebase to 6.2.18 for CVE-2025-21605 6.2.17-1 -- rebase to 6.2.17 for CVE-2024-46981 6.2.16-1 - rebase to 6.2.16 RHEL-26627...

7.5CVSS7.3AI score0.07802EPSS
Exploits6
CVE
CVE
added 2025/07/20 3:2 a.m.36 views

CVE-2025-7865

CVE-2025-7865 affects thinkgem JeeSite up to version 5.12.0. The XSS Filter component’s EncodeUtils.java xssFilter function mishandles the text parameter, enabling cross-site scripting via remote manipulation. Exploit has been publicly disclosed; remediation involves applying patch 3585737d21fe49...

5.4CVSS3.6AI score0.00304EPSS
Exploits1References6Affected Software1
Vulnrichment
Vulnrichment
added 2025/07/20 2:14 a.m.3 views

CVE-2025-7863 thinkgem JeeSite ServletUtils.java redirectUrl

A vulnerability was found in thinkgem JeeSite up to 5.12.0 and classified as problematic. Affected by this issue is the function redirectUrl of the file src/main/java/com/jeesite/common/web/http/ServletUtils.java. The manipulation of the argument url leads to open redirect. The attack may be...

5.1CVSS3.7AI score0.00348EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/07/19 6:58 p.m.11 views

CVE-2025-54068

Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is...

9.8CVSS6.9AI score0.95376EPSS
Exploits5References1
CBLMariner
CBLMariner
added 2025/07/18 3:8 p.m.12 views

CVE-2024-25178 affecting package sysbench for versions less than 1.0.20-6

CVE-2024-25178 affecting package sysbench for versions less than 1.0.20-6. A patched version of the package is available...

9.1CVSS6.4AI score0.00536EPSS
Exploits1
CBLMariner
CBLMariner
added 2025/07/18 3:8 p.m.3 views

CVE-2024-25176 affecting package sysbench for versions less than 1.0.20-6

CVE-2024-25176 affecting package sysbench for versions less than 1.0.20-6. A patched version of the package is available...

9.8CVSS6.4AI score0.00483EPSS
Exploits1
CBLMariner
CBLMariner
added 2025/07/18 3:7 p.m.7 views

CVE-2024-12718 affecting package python3 for versions less than 3.9.19-14

CVE-2024-12718 affecting package python3 for versions less than 3.9.19-14. A patched version of the package is available...

5.3CVSS5.7AI score0.00607EPSS
Exploits1
NVD
NVD
added 2025/07/17 7:15 p.m.14 views

CVE-2025-54068

Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is...

9.8CVSS0.95376EPSS
Exploits5References5
OSV
OSV
added 2025/07/17 10:4 a.m.5 views

RHSA-2025:11321 Red Hat Security Advisory: iputils security update

Bulletin has no description...

6.5CVSS7.2AI score0.01344EPSS
Exploits1References9
CVE
CVE
added 2025/07/16 7:55 p.m.27 views

CVE-2025-53908

RomM is affected by an authenticated path traversal vulnerability in the /api/raw endpoint. Versions prior to 3.10.3 and prior to 4.0.0-beta.3 are vulnerable. The issue can allow leakage of passwords and user data on systems with multiple users (including unprivileged users such as the kiosk user...

8.3CVSS6.7AI score0.00445EPSS
Exploits0References4
OSV
OSV
added 2025/07/16 7:55 a.m.6 views

BIT-APACHE-2024-42516 Apache HTTP Server: HTTP response splitting

HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP response. This vulnerability was described as CVE-2023-38709 but the patch included in Apache HTTP...

7.5CVSS6.8AI score0.00679EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/07/15 7:27 p.m.3 views

CVE-2025-50086

...

4.9CVSS7.2AI score0.00517EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/07/15 12:0 a.m.3 views

Oracle Linux 8 : lz4 (ELSA-2025-11035)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-11035 advisory. - Fix CVE-2019-17543 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not tested fo...

8.1CVSS7.6AI score0.09116EPSS
Exploits0References2
Rows per page
Query Builder