Lucene search
K

22 matches found

Cvelist
Cvelist
added yesterday22 views

CVE-2026-44362 OP-TEE's subkey rollback protection can be bypassed with older subkey versions

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.20.0 and prior to version 4.11.0, a vulnerability in OP-TEE’s subkey rollback protection allows the use of revoked ...

5.5CVSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: ipa: Fixed the issue where the event ring index was not properly programmed for IPA v5.0+. For IPA v5.0+ onwards, the event ring index field has been moved from CHCCNTXT0 to CHCCNTXT1. In IPA v5.0, this field was intended to...

7.5CVSS5.8AI score0.00353EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/19 2:58 a.m.9 views

CVE-2026-25110 Sensors_medical_sensor has a NULL pointer dereference vulnerability

in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS...

3.3CVSS5.8AI score0.0012EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.9 views

OpenHarmony 代码问题漏洞

OpenHarmony is an open-source project for a Harmony operating system developed by the OpenAtom Foundation in China. Versions of OpenHarmony 6.0 and earlier have code vulnerabilities that can be exploited by attackers to cause denial-of-service attacks...

3.3CVSS5.9AI score0.0012EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/08 1:39 p.m.8 views

CVE-2026-43345

In the Linux kernel, the following vulnerability has been resolved: net: ipa: fix event ring index not programmed for IPA v5.0+ For IPA v5.0+, the event ring index field moved from CHCCNTXT0 to CHCCNTXT1. The v5.0 register definition intended to define this field in the CHCCNTXT1 fmask array but...

5.7AI score0.00353EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 6:33 p.m.12 views

Django has an Improper Handling of Length Parameter Inconsistency

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASGI requests with a missing or understated Content-Length header can bypass the FILEUPLOADMAXMEMORYSIZE limit, potentially loading large files into memory and causing service degradation. As a reminder, Django expects a limit to ...

6.3CVSS5.8AI score0.00423EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/17 11:25 p.m.5 views

CVE-2026-40484

ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the database backup restore functionality extracts uploaded archive contents and copies files from the Images/ directory into the web-accessible document root using recursiveCopyDirectory, which performs no file...

9.1CVSS6.3AI score0.00867EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/01 11:0 p.m.1 views

CVE-2026-32929

V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read in VS6ComFile!getmacromemCOM. Opening a crafted V7 file may lead to information disclosure from the affected product...

8.4CVSS5.9AI score0.00193EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/02/26 8:54 a.m.5 views

BIT-SUPERSET-2026-23983 Apache Superset: Sensitive Data Exposure via REST API (disabled by default)

A Sensitive Data Exposure vulnerability exists in Apache Superset allowing authenticated users to retrieve sensitive user information. The Tag endpoint disabled by default allows users to retrieve a list of objects associated with a specific tag. When these associated objects include Users, the A...

6.5CVSS5.7AI score0.004EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/12/04 12:0 a.m.4 views

MongoDB 7.0.x < 7.0.22 / 8.0.x < 8.0.10 / 8.2.0-rc0 (SERVER-101230)

The version of MongoDB installed on the remote host is 7.0 prior to 7.0.22, 8.0 prior to 8.0.10 and 8.2.0-rc0. It is, therefore, affected by a vulnerability as referenced in the SERVER-101230 advisory. - An authorized user may crash the MongoDB server by causing buffer over-read. This can be done...

5.9CVSS6AI score0.00357EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/25 4:52 a.m.6 views

EUVD-2025-199533

Inconsistent object size validation in time series processing logic may result in later processing of oversized BSON documents leading to an assert failing and process termination. This issue impacts MongoDB Server v7.0 versions prior to 7.0.26, v8.0 versions prior to 8.0.16 and MongoDB server v8...

7.1CVSS6.3AI score0.00249EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/22 6:25 p.m.2 views

CVE-2025-53468 WordPress Wp tabber widget Plugin <= 4.0 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in [email protected] Wp tabber widget wp-tabber-widget allows SQL Injection.This issue affects Wp tabber widget: from n/a through = 4.0...

8.5CVSS5.6AI score0.00348EPSS
Exploits0References1
CVE
CVE
added 2025/08/14 1:52 p.m.20 views

CVE-2025-7973

CVE-2025-7973 affects FactoryTalk ViewPoint 14.0 and earlier. The root cause is improper handling of MSI repair operations, allowing an attacker with local access to hijack the cscript.exe console window (which runs with SYSTEM privileges) and spawn an elevated command prompt, enabling full privi...

8.5CVSS7.3AI score0.00129EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/04/24 3:23 a.m.3 views

SUSE CVE-2025-43971

An issue was discovered in GoBGP before 3.35.0. pkg/packet/bgp/bgp.go allows attackers to cause a panic via a zero value for softwareVersionLen...

7.5CVSS6.9AI score0.00458EPSS
Exploits0References4
OSV
OSV
added 2025/04/21 1:15 a.m.1 views

UBUNTU-CVE-2025-43971

An issue was discovered in GoBGP before 3.35.0. pkg/packet/bgp/bgp.go allows attackers to cause a panic via a zero value for softwareVersionLen...

8.6CVSS5.7AI score0.00458EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/02/15 12:0 a.m.8 views

PT-2024-12783 · Dell · Dell Esi

Name of the Vulnerable Software and Affected Versions: DELL ESI Enterprise Storage Integrator for SAP LAMA version 10.0 Description: The issue concerns an information disclosure vulnerability in the EHAC component of DELL ESI Enterprise Storage Integrator for SAP LAMA. A remote unauthenticated...

9.8CVSS7.6AI score0.00491EPSS
Exploits0References6
CNVD
CNVD
added 2018/09/28 12:0 a.m.3 views

IBM WebSphere Portal Cross-Site Scripting Vulnerability (CNVD-2018-20234)

IBM WebSphere Portal is a suite of enterprise portal software from IBM. The software creates a platform that connects the internal and external parts of an organization, allowing employees, customers and suppliers to access internal data through the platform. A cross-site scripting vulnerability...

5.4CVSS5.5AI score0.00968EPSS
Exploits0References1
CNVD
CNVD
added 2018/03/27 12:0 a.m.4 views

BMC Remedy Action Request System Cross-Site Scripting Vulnerability

BMC Remedy Action Request AR System is a suite of mobile digital enterprise management platforms for IT departments from BMC Software, USA. A cross-site scripting vulnerability exists in version 9.0 of the BMC Remedy Action Request AR System prior to 9.0.00 Service Pack 2 hot fix 1. A remote...

6.1CVSS6.1AI score0.00647EPSS
Exploits0References1
CNVD
CNVD
added 2017/08/28 12:0 a.m.3 views

IBM Sametime Meetings Server Denial of Service Vulnerability (CNVD-2017-26409)

IBM Sametime is a suite of next-generation social communication tools from IBM in the United States. The tool helps users realize real-time business collaboration by integrating audio voice, data and video.Sametime Enterprise Meeting Server is one of the enterprise media servers. A security...

6.5CVSS6.5AI score0.00712EPSS
Exploits0References1
CNVD
CNVD
added 2016/06/24 12:0 a.m.4 views

phpMyAdmin Denial of Service Vulnerability

phpmyadmin is an online management tool for MySQL databases. A denial of service vulnerability exists in phpmyadmin versions 4.4.x, 4.6.x, and 4.0.x in loading certain JavaScript files, which can be exploited by an attacker to cause a denial of service attack...

7.5CVSS9.1AI score0.02814EPSS
Exploits0References1
Rows per page
Query Builder