Lucene search
K

22107 matches found

Microsoft CVE
Microsoft CVE
•added 2025/02/27 8:0 a.m.•4 views

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.

...

9.8CVSS6.6AI score0.0113EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/02/25 8:0 a.m.•3 views

Gvariant offset table entry size is not checked in is_normal()

...

7.5CVSS6.7AI score0.00768EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/02/25 8:0 a.m.•4 views

A flaw was found in GLib. The GVariant deserialization code is vulnerable to a heap buffer overflow introduced by the fix for CVE-2023-32665. This bug does not affect any released version of GLib, but does affect GLib distributors who followed the guidance of GLib developers to backport the initial fix for CVE-2023-32665.

...

7.8CVSS6.6AI score0.00399EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/02/25 8:0 a.m.•5 views

URL parser allowed square brackets in domain names

...

6.3CVSS6.8AI score0.01499EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/02/25 8:0 a.m.•4 views

A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.

...

7.5CVSS7AI score0.0078EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/02/23 8:0 a.m.•3 views

path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x

...

8.7CVSS6.8AI score0.00792EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/02/23 8:0 a.m.•3 views

GNU Binutils ld libbfd.c bfd_putl64 memory corruption

...

6.3CVSS5.6AI score0.00735EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/02/23 8:0 a.m.•3 views

NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default configuration, where a crafted container image could gain access to the host file system. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

...

8.3CVSS9.2AI score0.03361EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/02/22 8:0 a.m.•3 views

Openssh: machine-in-the-middle attack if verifyhostkeydns is enabled

...

6.8CVSS7.5AI score0.06997EPSS
Exploits4
Microsoft CVE
Microsoft CVE
•added 2025/02/21 8:0 a.m.•26 views

Chromium: CVE-2025-1426 Heap buffer overflow in GPU

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.8CVSS8.5AI score0.0061EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/02/21 8:0 a.m.•15 views

Chromium: CVE-2025-1006 Use after free in Network

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.8CVSS8.5AI score0.0061EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/02/21 8:0 a.m.•16 views

Chromium: CVE-2025-0999 Heap buffer overflow in V8

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.8CVSS8.5AI score0.00657EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/02/21 8:0 a.m.•5 views

RFC7250 handshakes with unauthenticated servers don't abort as expected

...

7.3CVSS6.9AI score0.02357EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/02/20 8:0 a.m.•5 views

Emacs: shell injection vulnerability in gnu emacs via custom "man" uri scheme

...

8.8CVSS8.8AI score0.02657EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/02/20 8:0 a.m.•5 views

PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation

...

8.1CVSS8.4AI score0.89472EPSS
Exploits10
Microsoft CVE
Microsoft CVE
•added 2025/02/20 8:0 a.m.•3 views

DNS-over-HTTPS implementation suffers from multiple issues under heavy query load

...

7.5CVSS7.6AI score0.16182EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/02/20 8:0 a.m.•3 views

Information disclosure in JUnit4

...

5.5CVSS6.4AI score0.01674EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/02/20 8:0 a.m.•3 views

Many records in the additional section cause CPU exhaustion

...

7.5CVSS7.2AI score0.14614EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/02/19 8:0 a.m.•27 views

Microsoft Power Pages Elevation of Privilege Vulnerability

An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control. This vulnerability has already been mitigated in the service and all affected customers have been notified. This update...

9.8CVSS8.3AI score0.01659EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/02/19 8:0 a.m.•32 views

Microsoft Bing Remote Code Execution Vulnerability

Missing Authentication for Critical Function in Microsoft Bing allows an unauthorized attacker to execute code over a network...

9.8CVSS7.6AI score0.01503EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/02/17 8:0 a.m.•4 views

GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec heap-based overflow

...

5.1CVSS5.2AI score0.00619EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/02/17 8:0 a.m.•6 views

Xorg-x11-server: selinux unlabeled glx pbuffer

...

5.5CVSS6.8AI score0.00321EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/02/17 8:0 a.m.•2 views

giflib v5.2.1 was discovered to contain a segmentation fault via the component getarg.c.

...

5.5CVSS6.1AI score0.00328EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/02/17 8:0 a.m.•3 views

GNU Binutils ld elflink.c bfd_elf_reloc_symbol_deleted_p memory corruption

...

5.1CVSS5.3AI score0.00542EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/02/17 8:0 a.m.•4 views

GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec memory corruption

...

5.1CVSS5.3AI score0.00657EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/02/16 8:0 a.m.•1 views

TLS Session Resumption Vulnerability

...

5.3CVSS5.8AI score0.02646EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/02/16 8:0 a.m.•5 views

GNU Binutils objdump.c disassemble_bytes stack-based overflow

...

7.5CVSS5.5AI score0.00732EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/02/16 8:0 a.m.•2 views

Avahi: avahi wide-area dns predictable transaction ids

...

5.3CVSS6.6AI score0.00681EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/02/15 8:0 a.m.•4 views

There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution.

...

9.8CVSS6.9AI score0.02979EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/02/14 8:0 a.m.•23 views

Chromium: CVE -2025-0995 Use after free in V8

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.8CVSS6.6AI score0.0046EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/02/14 8:0 a.m.•13 views

Chromium: CVE -2025-0998 Out of bounds memory access in V8

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

6.6AI score
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/02/14 8:0 a.m.•12 views

Chromium: CVE -2025-0997 Use after free in Navigation

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.1CVSS6.6AI score0.00417EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/02/14 8:0 a.m.•17 views

Chromium: CVE -2025-0996 Inappropriate implementation in Browser UI

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

5.4CVSS6.6AI score0.00368EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/02/14 8:0 a.m.•3 views

gzip integer overflow

...

7.3CVSS6.4AI score0.01218EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/02/14 8:0 a.m.•4 views

twisted.web has disordered HTTP pipeline response

...

5.3CVSS5.8AI score0.00766EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/02/14 8:0 a.m.•3 views

A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security. Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports. Exploiting this flaw can violate network import security, posing a risk to developers and servers.

...

6.5CVSS6.8AI score0.01104EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/02/14 8:0 a.m.•1 views

A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential denial of service under certain conditions. This vulnerability affects HTTP/2 Server users on Node.js v18.x, v20.x, v22.x and v23.x.

...

5.3CVSS6.7AI score0.01282EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/02/14 8:0 a.m.•2 views

Undici Uses Insufficiently Random Values

...

6.8CVSS6.6AI score0.00736EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/02/13 8:0 a.m.•4 views

Sensitive headers incorrectly sent after cross-domain redirect in net/http

...

7.4CVSS6.7AI score0.00647EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/02/13 8:0 a.m.•13 views

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

...

4.5CVSS7.1AI score0.00313EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/02/13 8:0 a.m.•4 views

Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509

...

6.1CVSS6.7AI score0.00458EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/02/11 8:0 a.m.•8 views

Internet Connection Sharing (ICS) Denial of Service Vulnerability

...

6.5CVSS7.5AI score0.00931EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/02/11 8:0 a.m.•16 views

Microsoft Surface Security Feature Bypass Vulnerability

...

7.1CVSS7.2AI score0.00823EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/02/11 8:0 a.m.•14 views

Microsoft Digest Authentication Remote Code Execution Vulnerability

...

8.8CVSS8.8AI score0.02182EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/02/11 8:0 a.m.•37 views

Microsoft SharePoint Server Remote Code Execution Vulnerability

...

8CVSS7.9AI score0.29778EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/02/11 8:0 a.m.•23 views

Microsoft Excel Remote Code Execution Vulnerability

...

7.8CVSS7.9AI score0.00783EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/02/11 8:0 a.m.•31 views

NTLM Hash Disclosure Spoofing Vulnerability

...

6.5CVSS7.6AI score0.21638EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/02/11 8:0 a.m.•20 views

Windows Telephony Service Remote Code Execution Vulnerability

...

8.8CVSS8.8AI score0.02467EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/02/11 8:0 a.m.•19 views

Windows Core Messaging Elevation of Privileges Vulnerability

...

7.8CVSS8.2AI score0.00711EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/02/11 8:0 a.m.•14 views

Windows Kerberos Denial of Service Vulnerability

...

5.9CVSS7.2AI score0.01888EPSS
Exploits0
Total number of security vulnerabilities22107