Lucene search
K

22103 matches found

Microsoft CVE
Microsoft CVE
•added 2025/04/08 7:0 a.m.•2 views

Null Pointer Dereference vulnerability in libarchive 3.7.6 and earlier when running program bsdtar in function header_pax_extension at rchive_read_support_format_tar.c:1844:8.

...

7.5CVSS7.2AI score0.00478EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/04/08 7:0 a.m.•3 views

Hercules Augeas fa.c re_case_expand null pointer dereference

...

4.8CVSS4.8AI score0.00241EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/04/08 7:0 a.m.•2 views

RabbitMQ has XSS Vulnerability in an Error Message in Management UI

...

6.1CVSS6.2AI score0.00203EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/04/08 7:0 a.m.•7 views

cifs.upcall makes an upcall to the wrong namespace in containerized environments

...

5.9CVSS7.1AI score0.00149EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/04/03 5:47 p.m.•49 views

Chromium: CVE-2025-3074 Inappropriate implementation in Downloads

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

5.4CVSS6.9AI score0.00252EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/04/03 5:47 p.m.•20 views

Chromium: CVE-2025-3073 Inappropriate implementation in Autofill

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

5.4CVSS6.9AI score0.00249EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/04/03 5:47 p.m.•21 views

Chromium: CVE-2025-3072 Inappropriate implementation in Custom Tabs

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

5.4CVSS6.9AI score0.00249EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/04/03 5:47 p.m.•18 views

Chromium: CVE-2025-3071 Inappropriate implementation in Navigations

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

5.4CVSS6.9AI score0.00234EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/04/03 5:47 p.m.•14 views

Chromium: CVE-2025-3070 Insufficient validation of untrusted input in Extensions

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

6.5CVSS6.9AI score0.00268EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/04/03 5:47 p.m.•13 views

Chromium: CVE-2025-3069 Inappropriate implementation in Extensions

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.8CVSS6.9AI score0.00319EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/04/03 5:47 p.m.•19 views

Chromium: CVE-2025-3068 Inappropriate implementation in Intents

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.8CVSS6.9AI score0.00319EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/04/03 5:47 p.m.•19 views

Chromium: CVE-2025-3067 Inappropriate implementation in Custom Tabs

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.8CVSS6.9AI score0.00552EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/04/03 5:47 p.m.•17 views

Chromium: CVE-2025-3066 Use after free in Site Isolation

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.8CVSS8.3AI score0.00342EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/04/03 7:0 a.m.•26 views

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Use after free in Microsoft Edge Chromium-based allows an authorized attacker to execute code over a network...

7.6CVSS7.9AI score0.00667EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/04/03 7:0 a.m.•36 views

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Access of resource using incompatible type 'type confusion' in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...

8.8CVSS7.5AI score0.00884EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/04/03 7:0 a.m.•24 views

Microsoft Edge for iOS Spoofing Vulnerability

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...

4.3CVSS7AI score0.00636EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/04/03 7:0 a.m.•198 views

Microsoft Edge for iOS Spoofing Vulnerability

User interface ui misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network...

4.7CVSS6.5AI score0.00515EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/04/01 7:0 a.m.•2 views

jwt-go allows excessive memory allocation during header parsing

...

7.5CVSS7.2AI score0.00693EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/04/01 7:0 a.m.•5 views

Stream HTTP wrapper truncates redirect location to 1024 bytes

...

9.8CVSS6.7AI score0.00821EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/04/01 7:0 a.m.•3 views

Streams HTTP wrapper does not fail for headers with invalid name and no colon

...

6.3CVSS6.2AI score0.00481EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/04/01 7:0 a.m.•8 views

Arbitrary File Overwrite in onnx/onnx

...

9.1CVSS7.2AI score0.01357EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/04/01 7:0 a.m.•4 views

Stream HTTP wrapper header check might omit basic auth header

...

7.3CVSS6.4AI score0.00531EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/04/01 7:0 a.m.•4 views

go-redis allows potential out of order responses when `CLIENT SETINFO` times out during connection establishment

...

3.7CVSS5.9AI score0.00694EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/04/01 7:0 a.m.•5 views

libxml streams use wrong content-type header when requesting a redirected resource

...

6.3CVSS6.2AI score0.00718EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/04/01 7:0 a.m.•6 views

Header parser of http stream wrapper does not handle folded headers

...

6.3CVSS6.2AI score0.00547EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/04/01 12:0 a.m.•1 views

CVE-2024-31745

...

7AI score
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/03/31 7:0 a.m.•4 views

quic-go affected by an ICMP Packet Too Large Injection Attack on Linux

...

6.5CVSS7.6AI score0.00608EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/03/31 7:0 a.m.•32 views

Azure Health Bot Elevation of Privilege Vulnerability

An authenticated attacker can exploit an Server-Side Request Forgery SSRF vulnerability in Microsoft Azure Health Bot to elevate privileges over a network...

8.8CVSS6.8AI score0.00646EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/03/31 7:0 a.m.•37 views

Azure Playwright Elevation of Privilege Vulnerability

Improper authorization in Azure Playwright allows an unauthorized attacker to elevate privileges over a network...

9.8CVSS6.9AI score0.00638EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/03/28 7:0 a.m.•3 views

llvm-project commit a0138390 was discovered to contain a segmentation fault via the component mlir::Type::isa<mlir::LLVM::LLVMVoidType.

...

5.5CVSS5.7AI score0.00221EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/03/28 7:0 a.m.•4 views

encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data).

...

5.8CVSS6.7AI score0.00343EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/03/28 7:0 a.m.•3 views

Memory Exhaustion in Expr Parser with Unrestricted Input

...

7.5CVSS7.2AI score0.00577EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/03/28 7:0 a.m.•5 views

llvm-project commit a0138390 was discovered to contain an assertion failure at !replacements.count(op) && "operation was already replaced.

...

5.5CVSS5.7AI score0.00221EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/03/27 7:0 a.m.•3 views

HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

...

4.4CVSS7AI score0.00384EPSS
Exploits2
Microsoft CVE
Microsoft CVE
•added 2025/03/27 7:0 a.m.•5 views

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

...

4.9CVSS6.5AI score0.01236EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/03/27 7:0 a.m.•4 views

Libssh: proxycommand/proxyjump features allow injection of malicious code through hostname

...

4.8CVSS6.6AI score0.00449EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/03/27 7:0 a.m.•4 views

An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.

...

5.2CVSS6.7AI score0.00756EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/03/26 9:55 p.m.•59 views

Chromium: CVE-2025-2783 Incorrect handle provided in unspecified circumstances in Mojo on Windows

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.3CVSS6.9AI score0.08404EPSS
Exploits6
Microsoft CVE
Microsoft CVE
•added 2025/03/26 7:0 a.m.•2 views

Qemu: vnc: null pointer dereference in qemu_clipboard_request()

...

6.5CVSS6.6AI score0.01261EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/03/26 7:0 a.m.•4 views

Qemu: improper ide controller reset can lead to mbr overwrite

...

7CVSS6.7AI score0.00231EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/03/26 7:0 a.m.•1 views

Qemu: virtio-net: stack buffer overflow in virtio_net_flush_tx()

...

5.3CVSS6.5AI score0.0033EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/03/26 7:0 a.m.•5 views

Libexpat: expat: improper restriction of xml entity expansion depth in libexpat

...

7.5CVSS6.8AI score0.01569EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/03/25 7:0 a.m.•2 views

Vim vulnerable to potential data loss with zip.vim and special crafted zip files

...

4.4CVSS4.2AI score0.00342EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/03/25 7:0 a.m.•4 views

In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code.)

...

8.8CVSS7.9AI score0.00526EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/03/25 7:0 a.m.•4 views

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.

...

7.8CVSS7AI score0.00324EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/03/25 7:0 a.m.•6 views

Gnutls: gnutls impacted by inefficient der decoding in libtasn1 leading to remote dos

...

5.3CVSS6.7AI score0.01193EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/03/25 7:0 a.m.•4 views

xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue

...

7.8CVSS7AI score0.00324EPSS
Exploits3
Microsoft CVE
Microsoft CVE
•added 2025/03/24 7:0 a.m.•30 views

Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller

Ingress Controllers play a critical role within Kubernetes clusters by enabling the functionality of Ingress resources. Azure Kubernetes Service AKS is aware of several security vulnerabilities affecting the Kubernetes ingress-nginx controller, including CVE-2025-1098, CVE-2025-1974, CVE-2025-109...

9.8CVSS7.5AI score0.99098EPSS
Exploits21
Microsoft CVE
Microsoft CVE
•added 2025/03/24 7:0 a.m.•64 views

Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller

Ingress Controllers play a critical role within Kubernetes clusters by enabling the functionality of Ingress resources. Azure Kubernetes Service AKS is aware of several security vulnerabilities affecting the Kubernetes ingress-nginx controller, including CVE-2025-1098, CVE-2025-1974, CVE-2025-109...

9.8CVSS7.5AI score0.99098EPSS
Exploits21
Microsoft CVE
Microsoft CVE
•added 2025/03/24 7:0 a.m.•33 views

Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller

Ingress Controllers play a critical role within Kubernetes clusters by enabling the functionality of Ingress resources. Azure Kubernetes Service AKS is aware of several security vulnerabilities affecting the Kubernetes ingress-nginx controller, including CVE-2025-1098, CVE-2025-1974, CVE-2025-109...

9.8CVSS7.5AI score0.99098EPSS
Exploits21
Total number of security vulnerabilities22103