Lucene search
K

21727 matches found

Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•1 views

MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer.

...

6.5CVSS7AI score0.01486EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•3 views

An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.

...

5.5CVSS7AI score0.01042EPSS
Exploits2
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•5 views

The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. Note: This has been disputed by multiple third parties as not being reproduceable and they argue this is not a valid vulnerability.

...

7.5CVSS7AI score0.01546EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•1 views

Stack Overflow in Snakeyaml

...

6.5CVSS7AI score0.01476EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•4 views

A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer.

...

5.5CVSS7AI score0.00503EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•4 views

A flaw was found in Buildah. The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality.

...

3.3CVSS7AI score0.00238EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•3 views

An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system.

...

7.8CVSS8.5AI score0.00252EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•1 views

DoS in SnakeYAML

...

6.5CVSS7AI score0.02015EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•1 views

DoS in SnakeYAML

...

6.5CVSS7AI score0.01453EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•1 views

DoS in SnakeYAML

...

6.5CVSS7AI score0.01583EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•1 views

DoS in SnakeYAML

...

6.5CVSS7AI score0.00988EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•3 views

There is an UAF vulnerability in vmwgfx driver

...

6.3CVSS8.4AI score0.0044EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•3 views

A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.

...

7.5CVSS7AI score0.00712EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•3 views

A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems.

...

7.8CVSS7AI score0.00356EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•5 views

A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign' group. However, the script doesn't check for symbolic links. This could allow an attacker to gain access to privileged files and directories via a path traversal attack.

...

5.5CVSS7AI score0.00245EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•3 views

Poetry Argument Injection vulnerability can lead to local Code Execution

...

7.3CVSS7AI score0.01475EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•5 views

jsoup may not sanitize Cross-Site Scripting (XSS) attempts if SafeList.preserveRelativeLinks is enabled

...

6.1CVSS7AI score0.01208EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•4 views

There is an out-of-bounds write vulnerability in vmwgfx driver

...

6.3CVSS6.5AI score0.00591EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•3 views

Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission.

...

5.4CVSS7AI score0.76878EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•2 views

Node address isn't always verified when proxying

...

8.8CVSS7AI score0.01618EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•1 views

Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it.

...

7.5CVSS7AI score0.01105EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•5 views

mysqlnd/pdo password buffer overflow

...

8.8CVSS7AI score0.5838EPSS
Exploits2
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•3 views

Freeing unallocated memory in php_pgsql_free_params()

...

8.1CVSS7AI score0.03437EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•4 views

phar wrapper can occur dos when using quine gzip file

...

5.5CVSS7AI score0.00565EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•5 views

$_COOKIE names string replacement (. -> _): cookie integrity vulnerabilities

...

6.5CVSS7AI score0.49336EPSS
Exploits2
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•5 views

The foldername parameter in Bolt 5.1.7 was discovered to have incorrect input validation, allowing attackers to perform directory enumeration or cause a Denial of Service (DoS) via a crafted input.

...

9.1CVSS7AI score0.00737EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•7 views

Potential heap overflow in Redis

...

8.8CVSS7AI score0.02383EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•6 views

A use-after-free flaw was found in the Linux kernel’s PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously triggering the rose_bind() function. This flaw allows a local user to crash or potentially escalate their privileges on the system.

...

7CVSS8.4AI score0.00299EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•5 views

An issue was discovered in the Linux kernel through 5.16-rc6. imx_register_uart_clocks in drivers/clk/imx/clk.c lacks check of the return value of kcalloc() and will cause the null pointer dereference.

...

5.5CVSS8.4AI score0.00219EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•2 views

Denial of Service (DoS)

...

7.5CVSS7AI score0.02191EPSS
Exploits2
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•4 views

Denial of Service (DoS)

...

7.5CVSS7AI score0.01244EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•8 views

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run o

...

5.3CVSS7AI score0.02038EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•3 views

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-26280. Reason: This candidate is a duplicate of CVE-2022-26280. Notes: All CVE users should reference CVE-2022-26280 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage

...

6.5CVSS7AI score0.01877EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•5 views

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web

...

3.7CVSS7AI score0.01401EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•4 views

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplie

...

5.3CVSS7AI score0.01746EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•3 views

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a

...

3.7CVSS7AI score0.02376EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•2 views

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Com

...

5.9CVSS7AI score0.02062EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•3 views

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which

...

5.3CVSS7AI score0.0296EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•1 views

Injection in fish

...

7.8CVSS7AI score0.01417EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•5 views

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-32250. Reason: This candidate is a duplicate of CVE-2022-32250. Notes: All CVE users should reference CVE-2022-32250 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

...

7.8CVSS8AI score0.03134EPSS
Exploits7
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•5 views

A NULL pointer dereference flaw was found in pesign's cms_set_pw_data() function of the cms_common.c file. The function fails to handle the NULL pwdata invocation from daemon.c, which leads to an explicit NULL dereference and crash on all attempts to daemonize pesign.

...

3.3CVSS7AI score0.00237EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•3 views

In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values.

...

5.5CVSS7AI score0.00408EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•3 views

A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service.

...

4.4CVSS7AI score0.00405EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•10 views

A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface (POSIX) file locks.

...

5.5CVSS6.9AI score0.00275EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•2 views

A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems.

...

5.5CVSS7AI score0.00634EPSS
Exploits3
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•5 views

An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users (with control of the non-root-owned directory /etc/quagga) to escalate their privileges to root upon package installation or update.

...

7.8CVSS7AI score0.00761EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•11 views

ReDoS vulnerability in parser_apache2

...

7.5CVSS7AI score0.02004EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•5 views

A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker in its string form. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems.

...

5.5CVSS7AI score0.0063EPSS
Exploits3
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•3 views

A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before proxying everything else a client sends to the server, potentially leading the client to terminate the NBD session. The highest threat from this vulnerability is to system availability.

...

3.5CVSS7AI score0.00557EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•3 views

MaxQueryDuration not honoured in Samba AD DC LDAP

...

6.5CVSS7AI score0.01731EPSS
Exploits0
Total number of security vulnerabilities21727