Lucene search
K
CertMost viewed

3702 matches found

CERT
CERT
added 2002/09/06 12:0 a.m.10 views

HP Tru64 UNIX "lprm" contains buffer overflow (SSRT2260)

Overview The HP Tru64 UNIX implementation of "lprm" contains a locally exploitable buffer overflow. Description "lprm" is used to remove requests from a printer spool queue. A locally exploitable buffer overflow in "lprm" may permit a local attacker to gain elevated privileges and execute arbitra...

8.2AI score
Exploits0References1
CERT
CERT
added 2002/09/05 12:0 a.m.10 views

HP Tru64 UNIX "ypmatch" contains buffer overflow (SSRT2277)

Overview The HP Tru64 UNIX implementation of "ypmatch" contains a locally exploitable buffer overflow. Description "ypmatch" is used to print the value of keys from an NIS map. A locally exploitable buffer overflow in ypmatch may permit a local attacker to gain elevated privileges and execute...

8.3AI score
Exploits0References3
CERT
CERT
added 2026/06/22 12:0 a.m.9 views

Microsoft WinRE allows for bypass of UEFI/BIOS password enforcement

Overview Microsoft Windows Recovery Environment WinRE provides a mechanism for recovering and repairing Windows systems using an alternate boot environment. Under certain platform implementations, access to WinRE may allow an attacker to bypass firmware security controls, including...

6.8CVSS7.4AI score0.01249EPSS
Exploits2References6
CERT
CERT
added 2026/06/11 12:0 a.m.9 views

crypton-x509-validation Haskell libraries do not enforce X.509 NameConstraints

Overview A vulnerability has been discovered in the Haskell TLS software stack, commonly used by applications built in the Haskell programming language to securely connect to servers over the internet. Specifically, the libraries "crypton-x509-validation" fail to enforce a key security feature...

9.1CVSS5.3AI score0.00223EPSS
Exploits0References5
CERT
CERT
added 2026/04/21 12:0 a.m.9 views

Radware Alteon has a reflected XSS vulnerability that can execute JavaScript in the host browser

Overview Radware Alteon has a reflected Cross-Site Scripting XSS vulnerability in the parameter ReturnTo of the route /protected/login. This vulnerability allows an attacker to execute JavaScript in the host browser. Description CVE-2026-5754: Reflected Cross-Site Scripting XSS vulnerability in...

6.1CVSS6.5AI score0.00209EPSS
Exploits0
CERT
CERT
added 2026/03/12 12:0 a.m.9 views

SGLang (sglang) is vulnerable to code execution attacks via unsafe pickle deserialization

Overview Two unsafe pickle deserialization vulnerabilities have been discovered in the SGLang open-source project, one within the tool's multimodal generation module and another within the Encoder Parallel Disaggregation system. SGLang is a serving framework for large language models LLMs and...

9.8CVSS7.5AI score0.01534EPSS
Exploits2References10
CERT
CERT
added 2026/03/09 12:0 a.m.9 views

Retraction of "Antivirus and Endpoint Detection and Response Archive Scanning Engines may not properly scan malformed ZIP archives"

Overview Malformed ZIP headers can be used to obfuscate malicious content in ZIP files from antivirus detection tools. Despite the presence of malformed headers, custom extraction software can decompress the ZIP archive, allowing potentially malicious payloads to be recovered after successful...

7.5CVSS6.2AI score0.15059EPSS
Exploits4References2
CERT
CERT
added 2026/03/05 12:0 a.m.9 views

A flawed TLS handshake implementation affects Viber Proxy in multiple platforms

Overview The Rakuten Viber messaging app for Android V25.7.2.0g and Windows V25.6.0.0-V25.8.1.0, has a flaw in its TLS handshake implementation when using the Cloak proxy configuration. This flaw allows for easy identification of proxy usage, potentially compromising user anonymity. Description...

9.8CVSS5.9AI score0.00345EPSS
Exploits0References2
CERT
CERT
added 2026/03/02 12:0 a.m.9 views

MS-Agent does not properly sanitize commands sent to its shell tool, allowing for RCE

Overview A command injection vulnerability was identified in the MS-Agent framework that can be triggered through unsanitized prompt-derived input. An attacker can craft untrusted input introduced via a chat prompt or other external content sources, resulting in arbitrary command execution on the...

6.5CVSS6.4AI score0.01611EPSS
Exploits2References2
CERT
CERT
added 2026/01/06 12:0 a.m.9 views

TOTOLINK EX200 firmware-upload error handling can activate an unauthenticated root telnet service

Overview A flaw in the firmware-upload error-handling logic of the TOTOLINK EX200 extender can cause the device to unintentionally start an unauthenticated root-level telnet service. This condition may allow a remote authenticated attacker to gain full system access. Description In the End-of-Lif...

7.2AI score
Exploits0
CERT
CERT
added 2025/09/22 12:0 a.m.9 views

Cross-site scripting vulnerability in Lectora course navigation

Overview Lectora Desktop versions 21.0–21.3 and Lectora Online versions 7.1.6 and older contained a cross-site scripting XSS vulnerability in courses published with Seamless Play Publish SPP enabled and Web Accessibility disabled. The vulnerability was initially patched in Lectora Desktop version...

6.2AI score
Exploits0References1
CERT
CERT
added 2025/09/12 12:0 a.m.9 views

Langchaingo supports jinja2 and gonja for syntax parsing, allowing for arbitrary file read

Overview LangChainGo, the Go implementation of LangChain, a large language model LLM application building framework, has been discovered to contain an arbitrary file read vulnerability. The vulnerability, tracked as CVE-2025-9556, allows for arbitrary file read through the Gonja template engine...

9.8CVSS7.5AI score0.00666EPSS
Exploits0References2
CERT
CERT
added 2025/08/15 12:0 a.m.9 views

SMM Memory Corruption Vulnerability in the AMI Aptio's SMM Module Across Multiple Devices

Overview System Management Mode SMM memory corruption vulnerabilities have been identified in UEFI modules present in AMI Aptio UEFI firmware. An attacker could exploit this vulnerability to elevate privileges and execute arbitrary code in the highly privileged SMM environment. Users should apply...

6.1CVSS8.1AI score0.00174EPSS
Exploits0References12
CERT
CERT
added 2025/05/02 12:0 a.m.9 views

Digigram PYKO-OUT audio-over-IP (AoIP) does not require a password by default

Overview Digigrams PYKO-OUT audio-over-IP AoIP product is used for audio decoding and intended for various uses such as paging, background music, live announcements and others. It has hardware compatibility with two analog mono outputs and a USB port for storing local playlists. The product does...

9.8CVSS6.5AI score0.00522EPSS
Exploits0References3
CERT
CERT
added 2005/09/02 12:0 a.m.9 views

UMN Gopher vulnerable to buffer overflow via overly long "+VIEWS:"

Overview The University of Minnesota Gopher client may be vulnerable to a buffer overflow when handling overly long "+VIEWS:" reply messages sent from a malicious server. Description The UMN Gopher suite includes a Gopher client for navigating Gopherspace. However, the Gopher client may incorrect...

8.5AI score
Exploits0References1
CERT
CERT
added 2005/01/21 12:0 a.m.9 views

Cisco IOS embedded call processing solutions contain unspecified DoS vulnerability

Overview An unspecified error in Cisco Internetwork Operating System IOS could allow a remote attacker to cause a denial of service. Description Cisco IOS is a very widely deployed network operating system. IOS release trains 12.1YD, 12.2T, 12.3, and 12.3T, when configured for the IOS Telephony...

7.2AI score
Exploits0References2
CERT
CERT
added 2002/09/13 12:0 a.m.9 views

HP Tru64 UNIX "dxpause" contains buffer overflow (SSRT2275)

Overview The HP Tru64 UNIX implementation of "dxpause" contains a locally exploitable buffer overflow. Description "dxpause" is used to lock a display. A locally exploitable buffer overflow in "dxpause" may permit a local attacker to gain elevated privileges and execute arbitrary code on a...

8.2AI score
Exploits0References1
CERT
CERT
added 2026/06/22 12:0 a.m.8 views

Multiple file parsing vulnerabilities in FastStone Image Viewer 8.3.0.0

Overview Two vulnerabilities have been identified in FastStone Image Viewer 8.3 that may allow remote code execution or control-flow corruption when processing specially crafted image files. The affected components include the JPEG 2000 JP2 parser and the PSD file parser. An attacker can exploit...

7.5CVSS7.2AI score0.00571EPSS
Exploits0References6
CERT
CERT
added 2026/03/24 12:0 a.m.8 views

Hard coded credentials vulnerability in GoHarbor's Harbor

Overview GoHarbor's Harbor default admin password presents a security risk because it does not require change upon initial deployment. Description GoHarbor's Harbor is an open-source OCI-compliant container registry project that stores, signs, and manages container images. Harbor initializes with...

9.4CVSS6.5AI score0.00498EPSS
Exploits0References4
CERT
CERT
added 2026/03/12 12:0 a.m.8 views

Graphql-upload-minimal has a prototype pollution vulnerability.

Overview Version 1.6.1 of the Flash Payments package graphql-upload-minimal is vulnerable to prototype pollution. This vulnerability, located in the processRequest function, allows an attacker to inject special property names into the operations.variables object and pollute global object...

5.8AI score
Exploits0References1
CERT
CERT
added 2026/02/10 12:0 a.m.8 views

CASL Ability contains a prototype pollution vulnerability

Overview A prototype pollution vulnerability present in CASL Ability versions 2.4.0 through 6.7.4 is triggered through the rulesToFields function in the extra module. The program’s library contains a method called setByPath that does not properly sanitize property names, allowing attackers to add...

9.8CVSS6.2AI score0.00624EPSS
Exploits0References3
CERT
CERT
added 2026/01/20 12:0 a.m.8 views

dr_flac contains an integer overflow vulnerability that allows for DoS when provided a crafted file

Overview drflac, an open-source FLAC audio decoder, part of the drlibs audio decoder toolset, contains an integer overflow vulnerability allowing for denial of service DoS when provided a specific crafted file. An attacker can exploit this vulnerability through providing a tool that uses drflac a...

5.5CVSS5.8AI score0.00147EPSS
Exploits0References1
CERT
CERT
added 2026/01/20 12:0 a.m.8 views

Code injection vulnerability in binary-parser library

Overview The binary-parser library for Node.js contains a code injection vulnerability that may allow arbitrary JavaScript code execution if untrusted input is used to construct parser definitions. Versions prior to 2.3.0 are affected. The issue has been resolved by the developer in a public...

6.5CVSS7AI score0.00505EPSS
Exploits0References3
CERT
CERT
added 2026/01/06 12:0 a.m.8 views

Vulnerable Python version used in Forcepoint One DLP Client

Overview A vulnerability in the Forcepoint One DLP Client allows bypass of the vendor-implemented Python restrictions designed to prevent arbitrary code execution. By reconstructing the ctypes FFI environment and applying a version-header patch to the ctypes.pyd module, an attacker can restore...

7.8CVSS8AI score0.00178EPSS
Exploits0References1
CERT
CERT
added 2025/12/16 12:0 a.m.8 views

Siemens Gridscale X Prepay username enumeration and account lock bypass vulnerability

Overview Vulnerabilities have been identified in Siemens Gridscale X Prepay that allows unauthenticated username enumeration and enables an attacker to bypass account lock functionality. These issues may permit unauthorized access or prolonged access to protected resources, even after an account...

6.9CVSS7AI score0.00393EPSS
Exploits0
CERT
CERT
added 2025/12/09 12:0 a.m.8 views

Vulnerabilities identified in PCIe Integrity and Data Encryption (IDE) protocol specification

Overview PCI Express Integrity and Data Encryption PCIe IDE, introduced in the PCIe 6.0 standard, provides link-level encryption and integrity protection for data transferred across PCIe connections. Several issues were identified in the IDE specification that could allow an attacker with local...

6.5CVSS5.8AI score0.00205EPSS
Exploits0References6
CERT
CERT
added 2025/11/24 12:0 a.m.8 views

Fluent Bit contains five vulnerabilities, including stack buffer overflow, auth bypass, and path traversal

Overview Fluent Bit is a logging and metrics processor and forwarder that is used in a variety of cloud and container networking environments. Several vulnerabilities in Fluent Bit have been discovered that could allow for authentication bypass, remote code execution RCE and denial of service DoS...

9.1CVSS8.8AI score0.00806EPSS
Exploits0References2
CERT
CERT
added 2025/11/11 12:0 a.m.8 views

Unprotected temporary directories in Wolfram Cloud version 14.2 may result in privilege escalation

Overview Wolfram Cloud version 14.2 allows Java Virtual Machine JVM unrestricted access to temporary resources in the /tmp/ directory of the cloud environment which may result in privilege escalation, information exfiltration, and remote code execution. In the same cloud instance, temporary...

9.6CVSS7.6AI score0.004EPSS
Exploits0References1
CERT
CERT
added 2025/11/07 12:0 a.m.8 views

Vulnerability in expr-eval JavaScript library can lead to arbitrary code execution

Overview The npm package expr-eval is a JavaScript library that evaluates mathematical expressions and is used in various applications, including NLP and AI. A vulnerability in this library has been disclosed that could allow arbitrary code execution by an attacker using maliciously crafted input...

9.8CVSS7.8AI score0.02285EPSS
Exploits1References6
CERT
CERT
added 2025/10/17 12:0 a.m.8 views

Multiple Password Managers Vulnerable to Clickjacking Attacks

Overview Browser-extension password managers, which autofill sensitive information on websites, can be exposed to various clickjacking attacks. These attacks exploit the trust relationship between a web page and the user-interface elements injected by the extension. Recent studies show that...

6.4AI score
Exploits0References5
CERT
CERT
added 2025/07/29 12:0 a.m.8 views

TP-Link Archer C50 router is vulnerable to configuration-file decryption

Overview The TP-Link Archer C50 router, which has reached End-of-Life EOL, contains a hardcoded encryption key in its firmware, enabling decryption of sensitive configuration files. This vulnerability allows attackers to trivially access administrative credentials, Wi-Fi passwords, and other...

6.9CVSS6.5AI score0.00252EPSS
Exploits0References2
CERT
CERT
added 2025/02/11 12:0 a.m.8 views

PandasAI interactive prompt function can be exploited to run arbitrary Python code through prompt injection, which can lead to remote code execution (RCE)

Overview PandasAI, an open source project by SinaptikAI, has been found vulnerable to Prompt Injection attacks. An attacker with access to the chat prompt can craft malicious input that is interpreted as code, potentially achieving arbitrary code execution. In response, SinaptikAI has implemented...

9.8CVSS10AI score0.01183EPSS
Exploits0References4
CERT
CERT
added 2026/07/06 12:0 a.m.7 views

Tenda firmware (multiple versions) contains hidden authentication backdoor

Overview Several versions of Tenda firmware contain an undocumented authentication backdoor that grants administrative access to the devices' web management interfaces. An attacker can expoit this vulnerability, tracked as CVE-2026-11405, to bypass the password verification process and obtain ful...

9.8CVSS6.1AI score0.00668EPSS
Exploits1References3
CERT
CERT
added 2025/12/09 12:0 a.m.7 views

TOTOLINK's X5000R's (AX1800 router) lacks authentication for telnet

Overview An unauthenticated HTTP request can enable telnet which may lead to remote code execution with root-level privileges. Description TOTOLINK manufactures routers and other networking equipment designed for small businesses and home implementations. The AX1800 routers are popular with users...

9.8CVSS8AI score0.11174EPSS
Exploits1
CERT
CERT
added 2025/12/05 12:0 a.m.7 views

Duc contains a stack buffer overflow vulnerability in the buffer_get function, allowing for out-of-bounds memory read

Overview Duc, an open-source disk management tool, contains a stack-based buffer overflow vulnerability allowing for out-of-bounds memory read. An attacker can exploit this vulnerability through malformed input data, and can cause the tool to either crash or cause it to disclose portions of memor...

7.5CVSS7.9AI score0.00851EPSS
Exploits1References2
CERT
CERT
added 2025/12/01 12:0 a.m.7 views

Insufficient Session Cookie Invalidation in nopCommerce ASP.NET Core eCommerce Platform

Overview nopCommerce, an ecommerce platform, fails to invalidate session cookies upon user logout or session termination, enabling attackers to use the captured cookie to gain access to the application. This vulnerability is extremely similar to CVE-2019-7215. The session cookie can be obtained...

7.1CVSS7.2AI score0.00412EPSS
Exploits0References3
CERT
CERT
added 2025/11/25 12:0 a.m.7 views

Forge JavaScript library impacted by a vulnerability in signature verification.

Overview The Forge JavaScript library provides TLS-related cryptographic utilities. A vulnerability that allows signature verification to be bypassed through crafted manipulation of ASN.1 structures, particularly in fields such as Message Authentication Code MAC data, was identified. Users of the...

8.6CVSS6.8AI score0.00689EPSS
Exploits1References4
CERT
CERT
added 2025/11/11 12:0 a.m.7 views

Lite XL Arbitrary Code Execution via Project Module and Legacy system.exec Function

Overview Lite XL is a lightweight text editor derived from the lite project, written primarily in Lua and C. It supports Windows, Linux, and macOS, and is designed for extensibility through plugins and project‑specific modules. Description Two vulnerabilities were identified Lite XL: CVE-2025-121...

7.3CVSS8.2AI score0.00341EPSS
Exploits2References4
CERT
CERT
added 2025/10/13 12:0 a.m.7 views

Clevo UEFI firmware embedded BootGuard keys compromising Clevo's implementation of BootGuard

Overview Clevo’s UEFI firmware update packages included sensitive private keys used in their Intel Boot Guard implementation. This accidental exposure of the keys could be abused by an attacker to sign malicious firmware using Clevo’s Boot Guard trust chain, potentially compromising the pre-boot...

7.6CVSS6.3AI score0.00252EPSS
Exploits0References4
CERT
CERT
added 2025/09/29 12:0 a.m.7 views

NPM supply chain compromise exposes challenges to securing the ecosystem from credential theft and self-propagation

Overview A major npm supply chain compromise was disclosed by the software supply chain security company Socket on September 15, 2025. At the time of writing, over 500 packages have been affected, and the number continues to grow. The attack involves a self-propagating malware variant dubbed...

7AI score
Exploits0References9
CERT
CERT
added 2025/09/09 12:0 a.m.7 views

Amp'ed RF BT-AP 111 Bluetooth access point lacks an authentication mechanism

Overview The Amp’ed RF BT-AP 111 Bluetooth Access Point exposes an HTTP-based administrative interface without authentication controls. This allows an unauthenticated remote attacker to gain full administrative access to the device. Description The Amp’ed RF BT-AP 111 is a Bluetooth-to-Ethernet...

9.8CVSS7.2AI score0.00511EPSS
Exploits0References3
CERT
CERT
added 2004/07/23 12:0 a.m.7 views

Sun Java System Portal Server fails to properly handle changes to display options

Overview There is a vulnerability in the Sun Java System Portal Server, which could allow a remote, authenticated user to gain access to the administrative credentials of the Calendar server. Description The Sun Java System Portal Server is a content management system that provides centralized...

6.9AI score
Exploits0References6
CERT
CERT
added 5 days ago6 views

PayRange Android app version 7.0.7 contains multiple vulnerabilities

Overview PayRange is a mobile payment app that allows users to pay for vending machines, laundromats, and other unattended machines using a smartphone with Bluetooth. Two vulnerabilities were discovered in version 7.0.7 of the PayRange app that is available in the Google Play store. Description A...

9.6CVSS6AI score0.0034EPSS
Exploits0References2
CERT
CERT
added 2026/07/02 12:0 a.m.6 views

Multiple local privilege escalation vulnerabilities in Little Orbits GameFirst Anti-Cheat

Overview The GamersFirst Anti-Cheat GFAC driver GFAC.sys contains multiple local privilege escalations and denial-of-service vulnerabilities stemming from insecure handling of user-controlled input through a minifilter communication port. A local attacker can abuse these flaws to perform arbitrar...

7.8CVSS6.1AI score0.00169EPSS
Exploits0References2
CERT
CERT
added 2026/06/18 12:0 a.m.6 views

Vendor-signed UEFI applications found vulnerable to Secure Boot bypass

Overview Multiple vendor-signed UEFI applications are vulnerable to Secure Boot bypass via a "Bring Your Own Vulnerable Driver" BYOVD-style attack. If a target system trusts the affected vendor’s certificate, an attacker can exploit these applications to execute arbitrary code during the early...

8.2CVSS7.5AI score0.01036EPSS
Exploits1References7
CERT
CERT
added 2025/10/17 12:0 a.m.6 views

DNS Rebinding and Manipulating CORS Headers Enables Exfiltration of Information

Overview A vulnerability in cross-origin resource sharing CORS headers in Chromium, Google Chrome, Microsoft Edge, Safari, and Firefox enables the CORS policy to be manipulated. Combined with a DNS rebind, an attacker can send arbitrary requests to services listening on arbitrary ports regardless...

8.1CVSS6.1AI score0.00417EPSS
Exploits0References4
CERT
CERT
added 2025/10/03 12:0 a.m.6 views

Vigor routers running DrayOS are vulnerable to RCE via EasyVPN and LAN web administration interface

Overview A remote code execution RCE vulnerability was discovered through the EasyVPN and LAN web administration interface of Vigor routers by Drayteck. A script in the LAN web administration interface uses an unitialized variable, allowing an attacker to inject arbitrary commands through memory...

9.8CVSS6.9AI score0.00574EPSS
Exploits0References2
CERT
CERT
added 2025/09/10 12:0 a.m.6 views

Elevated Privileges and Arbitrary Code Execution issues in Sunshine for Windows v2025.122.141614

Overview Two local security vulnerabilities have been identified in Sunshine for Windows, version v2025.122.141614 and likely prior versions. These issues could allow attackers to execute arbitrary code and escalate privileges on affected systems. Description Sunshine is a self-hosted game stream...

7.8CVSS7.4AI score0.00211EPSS
Exploits0References3
CERT
CERT
added 5 days ago5 views

Xerte Online Toolkit contains an authentication bypass that allows for RCE

Overview Two vulnerabilities have been discovered in Xerte Online Toolkits, an open-source e-learning authoring toolsuite intended for the creation of learning materials within a web browser. CVE-2026-14261 tracks the persistence of the /setup/ directory after installation, which allows an...

9.8CVSS6.6AI score0.00571EPSS
Exploits0References5
CERT
CERT
added 6 days ago5 views

Adalo Database API Enables Cross-App User Data Extraction via Over-Fetching and Missing Authorization Controls

Overview Adalo’s no‑code application platform exposes complete user records through its database API for all applications built on both V1 and V2. Due to a platform-level flaw, authenticated users can retrieve full user data belonging to any Adalo application, regardless of configuration. This...

7.5CVSS5.9AI score0.00303EPSS
Exploits0
Total number of security vulnerabilities3702