Lucene search
K

2772 matches found

OPENSUSE Linux
OPENSUSE Linux
added 2025/07/07 12:0 a.m.7 views

apache2-mod_security2-2.9.11-1.1 on GA media (moderate)

apache2-modsecurity2-2.9.11-1.1 on GA media Announcement ID: openSUSE-SU-2025:15313-1 Rating: moderate Cross-References: CVE-2025-52891 CVSS scores: CVE-2025-52891 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-52891 SUSE : 8.2...

8.2CVSS9.5AI score0.00346EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/07/04 2:22 p.m.18 views

CVE-2025-53106

Graylog is a free and open log management platform. In versions 6.2.0 to before 6.2.4 and 6.3.0-alpha.1 to before 6.3.0-rc.2, Graylog users can gain elevated privileges by creating and using API tokens for the local Administrator or any other user for whom the malicious user knows the ID. For the...

8.8CVSS6.2AI score0.005EPSS
Exploits0References1
OSV
OSV
added 2025/07/04 1:37 p.m.5 views

CVE-2025-38206 exfat: fix double free in delayed_free

In the Linux kernel, the following vulnerability has been resolved: exfat: fix double free in delayedfree The double free could happen in the following path. exfatcreateupcasetable exfatcreateupcasetable : return error exfatfreeupcasetable : free -volutbl exfatloaddefaultupcasetable : return erro...

7.8CVSS6.6AI score0.00156EPSS
Exploits0References8
HackRead
HackRead
added 2025/07/04 10:20 a.m.4 views

Cisco Issues Emergency Fix for Critical Root Credential Flaw in Unified CM

Cisco fixes critical root credential vulnerability in Unified CM rated CVSS 10 urging users to patch now to stop remote admin takeovers...

7.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/07/04 12:0 a.m.4 views

PT-2025-27882 · Woocommerce · Zoomit Woocommerce Shop Page Builder

Name of the Vulnerable Software and Affected Versions: ZoomIt WooCommerce Shop Page Builder versions 2.27.7 and earlier Description: The issue is related to a Missing Authorization vulnerability in ZoomIt WooCommerce Shop Page Builder, which allows exploiting incorrectly configured access control...

4.3CVSS6.3AI score0.00183EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/07/03 9:7 p.m.4 views

CVE-2025-53367 DjVuLibre OOB-Write Vulnerability in MMRDecoder

DjVuLibre is a GPL implementation of DjVu, a web-centric format for distributing documents and images. Prior to version 3.5.29, the MMRDecoder::scanruns method is affected by an OOB-write vulnerability, because it does not check that the xr pointer stays within the bounds of the allocated buffer...

8.4CVSS7.3AI score0.00741EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/07/02 2:22 p.m.6 views

CVE-2025-53006 Dataease PostgreSQL & Redshift Data Source JDBC Connection Parameters Bypass Vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, in both PostgreSQL and Redshift, apart from parameters like "socketfactory" and "socketfactoryarg", there are also "sslfactory" and "sslfactoryarg" with similar functionality. The difference li...

9.3CVSS0.00543EPSS
Exploits1References1
NVD
NVD
added 2025/07/01 7:15 p.m.7 views

CVE-2025-27153

Escalade GLPI plugin is a ticket escalation process helper for GLPI. Prior to version 2.9.11, there is an improper access control vulnerability. This can lead to data exposure and workflow disruptions. This issue has been patched in version 2.9.11...

6.5CVSS0.00242EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/07/01 6:2 p.m.3 views

CVE-2025-53103 JUnit OpenTestReportGeneratingListener can leak Git credentials

JUnit is a testing framework for Java and the JVM. From version 5.12.0 to 5.13.1, JUnit's support for writing Open Test Reporting XML files can leak Git credentials. The impact depends on the level of the access token exposed through the OpenTestReportGeneratingListener. If these test reports are...

5.8CVSS6.9AI score0.00099EPSS
Exploits0References2
CVE
CVE
added 2025/07/01 5:49 p.m.21 views

CVE-2025-53100

The CVE-2025-53100 entry concerns RestDB codehooks-mcp-server (Codehooks.io MCP Server). Before version 0.2.2, the MCP Server tools definition/implementation allow user-initiated remote command injection, enabling a potential attacker to execute commands on a running MCP Server. The issue is stat...

8.6CVSS7.1AI score0.01297EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2025/07/01 4:16 p.m.8 views

CVE-2025-6297

It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and...

8.2CVSS8AI score0.00347EPSS
Exploits0
Cvelist
Cvelist
added 2025/07/01 2:7 a.m.9 views

CVE-2024-49364 tiny-secp256k1 vulnerable to private key extraction when signing a malicious JSON-stringifyable message in bundled environment

tiny-secp256k1 is a tiny secp256k1 native/JS wrapper. Prior to version 1.1.7, a private key can be extracted on signing a malicious JSON-stringifiable object, when global Buffer is the buffer package. This affects only environments where require'buffer' is the NPM buffer package. The...

9.1CVSS0.00317EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/07/01 1:22 a.m.10 views

CVE-2025-53003 Janssen Config API returns results without scope verification

The Janssen Project is an open-source identity and access management IAM platform. Prior to version 1.8.0, the Config API returns results without scope verification. This has a large internal surface attack area that exposes all sorts of information from the IDP including clients, users, scripts...

8.2CVSS0.00343EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/07/01 12:33 a.m.14 views

CVE-2025-53005 Dataease PostgreSQL Data Source JDBC Connection Parameters Bypass Vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's PostgreSQL Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigger a bypass vulnerability. This issue has...

9.3CVSS0.00522EPSS
Exploits1References1
OSV
OSV
added 2025/07/01 12:33 a.m.5 views

CVE-2025-53005 Dataease PostgreSQL Data Source JDBC Connection Parameters Bypass Vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's PostgreSQL Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigger a bypass vulnerability. This issue has...

9.3CVSS6.7AI score0.00522EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/07/01 12:0 a.m.4 views

PT-2025-27530 · Unknown · Campcodes Employee Management System

Name of the Vulnerable Software and Affected Versions: Campcodes Employee Management System version 1.0 Description: A critical vulnerability has been found in the Campcodes Employee Management System, affecting an unknown functionality of the file /applyleave.php. The manipulation of the ID...

9.8CVSS7.5AI score0.00399EPSS
Exploits1References11
OSV
OSV
added 2025/06/30 8:18 p.m.5 views

CVE-2025-53004 Dataease Redshift Data Source JDBC Connection Parameters Bypass Vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's Redshift Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigger a bypass vulnerability. This issue has...

9.3CVSS6.7AI score0.00522EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/06/29 12:0 a.m.4 views

PT-2025-27387 · Sourcecodester · Sourcecodester Best Pos Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Best Salon Management System version 1.0 Description: A critical issue has been discovered, affecting an unknown functionality of the file /panel/edit-subscription.php. The manipulation of the editid argument leads to SQL...

8.8CVSS8.1AI score0.00361EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2025/06/28 12:0 a.m.3 views

SUSE SLES15 / openSUSE 15 Security Update : google-osconfig-agent (SUSE-SU-2025:02149-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:02149-1 advisory. - Update to version 20250416.02 bsc1244304, bsc1244503 defaultSleeper: tolerate 10% difference to reduce test flakiness Add...

7.1CVSS7.3AI score0.00281EPSS
Exploits0References6
CVE
CVE
added 2025/06/27 8:0 p.m.23 views

CVE-2025-6775

The CVE-2025-6775 entry concerns xiaoyunjie openvpn-cms-flask (versions

9.8CVSS7AI score0.03516EPSS
Exploits1References7Affected Software1
Rows per page
Query Builder