Lucene search
K

2772 matches found

NVD
NVD
added 2025/06/09 9:15 p.m.9 views

CVE-2025-5896

A vulnerability was found in tarojs taro up to 4.1.1. It has been declared as problematic. This vulnerability affects unknown code of the file taro/packages/css-to-react-native/src/index.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely...

7.5CVSS0.00514EPSS
Exploits1References6
Debian CVE
Debian CVE
added 2025/06/09 6:16 p.m.4 views

CVE-2025-5889

A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely...

3.1CVSS3.6AI score0.00459EPSS
Exploits0
Wordfence Blog
Wordfence Blog
added 2025/06/09 3:47 p.m.11 views

33,000 WordPress Sites Affected by Privilege Escalation Vulnerability in RealHomes WordPress Theme

🌞Spring Into Summer Challenge: Critical Threats = Critical Rewards. 🌞 🔥 Now through August 4, 2025, earn 2X bounty rewards for all in-scope submissions from our'High Threat' list in software with fewer than 5 million active installs. Submit bold. Earn big! 🔥 On May 4th, 2025, we received a...

8.8CVSS7.1AI score0.04474EPSS
Exploits1
NVD
NVD
added 2025/06/09 1:15 p.m.10 views

CVE-2025-48053

Discourse is an open-source discussion platform. Prior to version 3.4.4 of the stable branch, version 3.5.0.beta5 of the beta branch, and version 3.5.0.beta6-dev of the tests-passed branch, sending a malicious URL in a PM to a bot user can cause a reduced the availability of a Discourse instance...

8.7CVSS0.00315EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2025/06/09 12:0 a.m.2 views

Fedora: Security Advisory (FEDORA-2025-15220f1411)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.4CVSS6.5AI score0.00493EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/06/08 12:0 a.m.7 views

Fedora 41 : libvpx (2025-15220f1411)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-15220f1411 advisory. Add patch for double free Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...

7.5CVSS7.3AI score0.00357EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/06/06 3:53 p.m.25 views

CVE-2024-56805 QTS, QuTS hero

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS...

5.3CVSS0.00361EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/06 2:52 p.m.11 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to possible denial of service due to rack ( CVE-2024-25126 )

Summary Rack is a modular Ruby web server interface used by IBM Cloud Pak for Data as part of the platform. CVE-2024-25126. Vulnerability Details CVEID:CVE-2024-25126 DESCRIPTION: Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack’s media type parse...

7.5CVSS6.3AI score0.35376EPSS
Exploits1Affected Software1
Positive Technologies
Positive Technologies
added 2025/06/06 12:0 a.m.4 views

PT-2025-24397 · Tenda · Tenda Ac7

Name of the Vulnerable Software and Affected Versions: Tenda AC7 version 15.03.06.44 Description: A critical issue affects the function formSetPPTPUserList of the file /goform/setPptpUserList. The manipulation of the list argument leads to a buffer overflow. The attack may be initiated remotely...

9.8CVSS8.7AI score0.00801EPSS
Exploits1References14
Positive Technologies
Positive Technologies
added 2025/06/06 12:0 a.m.4 views

PT-2025-24007 · Sourcecodester · Sourcecodester Open Source Clinic Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Open Source Clinic Management System version 1.0 Description: A critical vulnerability has been found in the SourceCodester Open Source Clinic Management System. The issue affects an unknown function of the file /login.php. The...

7.5CVSS7.5AI score0.00345EPSS
Exploits1References12
Positive Technologies
Positive Technologies
added 2025/06/05 12:0 a.m.4 views

PT-2025-23916

Name of the Vulnerable Software and Affected Versions PHPGurukul Complaint Management System version 2.0 Description A critical issue was found in the PHPGurukul Complaint Management System, affecting an unknown part of the file /admin/edit-subcategory.php. The manipulation of the subcategory...

8.8CVSS6.4AI score0.00325EPSS
Exploits1References10
OSV
OSV
added 2025/06/04 7:31 p.m.4 views

CVE-2025-48935 Deno has --allow-read / --allow-write permission bypass in `node:sqlite`

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 2.2.0 and prior to versions 2.2.5, it is possible to bypass Deno's permission read/write db permission check by using ATTACH DATABASE statement. Version 2.2.5 contains a patch for the issue...

6.9CVSS6.5AI score0.0041EPSS
Exploits1References4
FreeBSD
FreeBSD
added 2025/06/04 12:0 a.m.9 views

electron{34,35,36} -- Out of bounds read and write in V8

Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2025-5419...

8.8CVSS8.9AI score0.06463EPSS
Exploits3References1
CVE
CVE
added 2025/06/03 8:37 p.m.112 views

CVE-2025-49002

DataEase (open source BI/visualization) contains a vulnerability in versions prior to 2.10.10 where a patch for CVE-2025-32966 can be bypassed due to case-insensitive handling, specifically when INIT and RUNSCRIPT are prohibited. The issue is fixed in v2.10.10. A GitHub exploit post (DataEase_Pos...

9.8CVSS7AI score0.41835EPSS
Exploits2References2Affected Software1
OSV
OSV
added 2025/06/03 8:37 p.m.4 views

CVE-2025-49002 Dataease H2 Database Remote Code Execution (RCE) Bypass Vulnerability

DataEase is an open source business intelligence and data visualization tool. Versions prior to version 2.10.10 have a flaw in the patch for CVE-2025-32966 that allow the patch to be bypassed through case insensitivity because INIT and RUNSCRIPT are prohibited. The vulnerability has been fixed in...

9.2CVSS6.5AI score0.41835EPSS
Exploits2References4
Cvelist
Cvelist
added 2025/06/03 5:41 p.m.66 views

CVE-2025-30360 webpack-dev-server users' source code may be stolen when they access a malicious web site with non-Chromium based browser

webpack-dev-server allows users to use webpack with a development server that provides live reloading. Prior to version 5.2.1, webpack-dev-server users' source code may be stolen when you access a malicious web site with non-Chromium based browser. The Origin header is checked to prevent Cross-si...

6.5CVSS0.00287EPSS
Exploits1References4
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/03 8:19 a.m.8 views

Security Bulletin: IBM Engineering Systems Design Rhapsody affected by CVE-2024-6763

Summary jetty-http-12.0.9.jar, jetty-server-12.0.9.jar was vulnerable and IBM Engineering Systems Design Rhapsodyhas upgraded JARs to org.eclipse.jetty:jetty-http:12.0.12;org.eclipse.jetty:jetty-server:12.0.12 Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty is a lightweight,...

5.3CVSS6.1AI score0.00986EPSS
Exploits1Affected Software1
Positive Technologies
Positive Technologies
added 2025/06/03 12:0 a.m.4 views

PT-2025-23650 · Unknown · Quequnlong Shiyi-Blog

Name of the Vulnerable Software and Affected Versions: quequnlong shiyi-blog versions up to 1.2.1 Description: A vulnerability has been found in quequnlong shiyi-blog, affecting an unknown functionality of the file "/dev-api/api/comment/add". The manipulation of the content argument leads to...

5.1CVSS3.6AI score0.00278EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2025/06/03 12:0 a.m.2 views

PT-2025-29389

Name of the Vulnerable Software and Affected Versions GNU Binutils version 2.45 Description A problematic vulnerability exists in the copy section function within the binutils/objcopy.c file. This manipulation leads to a heap-based buffer overflow, requiring local access for exploitation. The...

7.8CVSS5.7AI score0.01252EPSS
Exploits14References69
NVD
NVD
added 2025/06/02 8:15 p.m.34 views

CVE-2025-48996

HAX open-apis provides microservice apis for HAX webcomponents repo that are shared infrastructure calls. An unauthenticated information disclosure vulnerability exists in the Penn State University deployment of the HAX content management system via the haxPsuUsage API endpoint, related to a flat...

5.3CVSS0.00313EPSS
Exploits0References2
Rows per page
Query Builder