Lucene search
K

22103 matches found

Microsoft CVE
Microsoft CVE
•added 2025/03/24 7:0 a.m.•33 views

Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller

Ingress Controllers play a critical role within Kubernetes clusters by enabling the functionality of Ingress resources. Azure Kubernetes Service AKS is aware of several security vulnerabilities affecting the Kubernetes ingress-nginx controller, including CVE-2025-1098, CVE-2025-1974, CVE-2025-109...

9.8CVSS7.5AI score0.99098EPSS
Exploits21
Microsoft CVE
Microsoft CVE
•added 2025/03/24 7:0 a.m.•20 views

Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller

Ingress Controllers play a critical role within Kubernetes clusters by enabling the functionality of Ingress resources. Azure Kubernetes Service AKS is aware of several security vulnerabilities affecting the Kubernetes ingress-nginx controller, including CVE-2025-1098, CVE-2025-1974, CVE-2025-109...

9.8CVSS7.5AI score0.99098EPSS
Exploits21
Microsoft CVE
Microsoft CVE
•added 2025/03/21 7:0 a.m.•62 views

Chromium: CVE-2025-2476 Use after free in Lens

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.8CVSS6.9AI score0.00791EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/03/21 7:0 a.m.•33 views

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

No cwe for this issue in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...

6.5CVSS7.5AI score0.0084EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/03/21 7:0 a.m.•26 views

Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability

Improper link resolution before file access 'link following' in Microsoft Edge Chromium-based allows an authorized attacker to elevate privileges locally...

7.8CVSS7.1AI score0.00373EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/03/20 7:0 a.m.•24 views

Microsoft Dataverse Remote Code Execution Vulnerability

Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute code over a network...

8.8CVSS7.3AI score0.01246EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/03/20 7:0 a.m.•15 views

Microsoft Partner Center Elevation of Privilege Vulnerability

Improper authorization in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network...

9.3CVSS6.9AI score0.01882EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/03/19 7:0 a.m.•3 views

An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.

...

5.3CVSS5.9AI score0.00732EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/03/19 7:0 a.m.•3 views

llvm-project commit bd456297 was discovered to contain a segmentation fault via the component mlir::Block::getArgument.

...

5.5CVSS5.7AI score0.00221EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/03/19 7:0 a.m.•5 views

In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host.

...

5.3CVSS6.9AI score0.00472EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/03/19 7:0 a.m.•6 views

Apache Subversion: mod_dav_svn denial-of-service via control characters in paths

...

4.3CVSS5.3AI score0.01943EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/03/19 7:0 a.m.•4 views

Vitess allows HTML injection in /debug/querylogz & /debug/env

...

4.9CVSS6.3AI score0.00428EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/03/19 7:0 a.m.•5 views

In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when parsing extremely large cookies.

...

7.5CVSS7.2AI score0.00784EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/03/19 7:0 a.m.•4 views

In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.

...

7.5CVSS7.2AI score0.00702EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/03/19 7:0 a.m.•2 views

list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.

...

7.8CVSS5.4AI score0.00329EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/03/18 7:0 a.m.•9 views

Arbitrary Code Execution via Crafted Keras Config for Model Loading

...

9.8CVSS6.3AI score0.02803EPSS
Exploits3
Microsoft CVE
Microsoft CVE
•added 2025/03/18 7:0 a.m.•4 views

decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form of digit string with NaN (e.g., "1 NaN123" immediately followed by many more digits).

...

8.1CVSS5.5AI score0.00352EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/03/15 7:0 a.m.•2 views

An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.

...

8.1CVSS7.4AI score0.26049EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/03/14 7:0 a.m.•4 views

net: rose: lock the socket in rose_bind()

...

5.5CVSS7.4AI score0.00174EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/03/14 7:0 a.m.•5 views

gpio: xilinx: Convert gpio_lock to raw spinlock

...

5.5CVSS7.2AI score0.00175EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/03/14 7:0 a.m.•4 views

net/mlx5: Clear port select structure when fail to create

...

5.5CVSS7.4AI score0.00199EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/03/14 7:0 a.m.•4 views

vsock/virtio: discard packets if the transport changes

...

5.5CVSS7.4AI score0.00214EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/03/14 7:0 a.m.•3 views

net: rose: fix timer races against user threads

...

7CVSS7.3AI score0.00153EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/03/14 7:0 a.m.•3 views

NFC: nci: Add bounds checking in nci_hci_create_pipe()

...

7.8CVSS7.3AI score0.00231EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/03/14 7:0 a.m.•3 views

usbnet: ipheth: fix possible overflow in DPE length check

...

7.1CVSS7.6AI score0.00204EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/03/14 7:0 a.m.•5 views

mptcp: consolidate suboption status

...

5.5CVSS7.4AI score0.00201EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/03/14 7:0 a.m.•3 views

openvswitch: fix lockup on tx to unregistering netdev with carrier

...

5.5CVSS7.4AI score0.002EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/03/14 7:0 a.m.•3 views

ptp: Ensure info->enable callback is always set

...

5.5CVSS7.3AI score0.00213EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/03/14 7:0 a.m.•3 views

ksmbd: fix integer overflows on 32 bit systems

...

5.5CVSS7.4AI score0.00207EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/03/14 7:0 a.m.•4 views

wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize()

...

5.5CVSS7.2AI score0.00216EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/03/14 7:0 a.m.•3 views

nilfs2: fix possible int overflows in nilfs_fiemap()

...

5.5CVSS7.4AI score0.00216EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/03/14 7:0 a.m.•4 views

scsi: storvsc: Ratelimit warning logs to prevent VM denial of service

...

5.5CVSS7.2AI score0.00202EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/03/14 7:0 a.m.•3 views

net/rose: prevent integer overflows in rose_setsockopt()

...

5.5CVSS7.4AI score0.00213EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/03/14 7:0 a.m.•3 views

drm/v3d: Ensure job pointer is set to NULL after job completion

...

5.5CVSS7.4AI score0.00213EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/03/14 7:0 a.m.•4 views

Timing side-channel in ECDSA signature computation

...

4.1CVSS6.6AI score0.00601EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/03/14 7:0 a.m.•3 views

net/mlx5e: Fix inversion dependency warning while enabling IPsec tunnel

...

5.5CVSS7.4AI score0.00173EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/03/14 7:0 a.m.•3 views

HTTP Request Smuggling in waitress

...

7.5CVSS7.8AI score0.01738EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/03/14 7:0 a.m.•4 views

libpng before 1.6.32 does not properly check the length of chunks against the user limit.

...

9.8CVSS6.8AI score0.04113EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/03/14 7:0 a.m.•5 views

The mad_decoder_run() function in decoder.c in Underbit libmad through 0.15.1b allows remote attackers to cause a denial of service

...

9.8CVSS7.2AI score0.02475EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/03/14 7:0 a.m.•5 views

The id3_field_parse function in field.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service

...

5.5CVSS5.7AI score0.01447EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/03/14 7:0 a.m.•4 views

inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic

...

9.8CVSS7.1AI score0.07489EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/03/14 7:0 a.m.•5 views

The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact

...

8.8CVSS7.1AI score0.05161EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/03/14 7:0 a.m.•4 views

id3_utf16_deserialize() in utf16.c in libid3tag through 0.15.1b misparses ID3v2 tags encoded in UTF-16 with an odd number of bytes, triggering an endless loop allocating memory until an OOM condition is reached, leading to denial-of-service (DoS).

...

7.5CVSS6.4AI score0.02507EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/03/14 7:0 a.m.•6 views

Off-by-one error in the pngcrush_measure_idat function in pngcrush.c in pngcrush before 1.7.84 allows remote attackers to cause a denial of service

...

7.8CVSS7.6AI score0.02771EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/03/14 7:0 a.m.•4 views

The id3_ucs4_length function in ucs4.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service

...

5.5CVSS6.4AI score0.01453EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/03/14 7:0 a.m.•4 views

The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.

...

9.8CVSS7.8AI score0.0595EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/03/14 7:0 a.m.•3 views

The libpng 0.71 allows context-dependent attackers to cause a NULL pointer dereference vectors

...

7.5CVSS7.8AI score0.05517EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/03/14 7:0 a.m.•2 views

Buffer overflow in libpng allows remote attackers to cause a denial of service

...

7.5CVSS8.2AI score0.06054EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/03/14 7:0 a.m.•2 views

Multiple buffer overflows in libpng allow remote attackers to cause a denial of service

...

7.5CVSS8AI score0.10339EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/03/14 7:0 a.m.•5 views

inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic

...

8.8CVSS7.3AI score0.04793EPSS
Exploits0
Total number of security vulnerabilities22103