Lucene search
K

21727 matches found

Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•7 views

A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks.

...

9.8CVSS6.8AI score0.05322EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•7 views

Crafted input may cause the jsoup HTML and XML parser to get stuck, timeout, or throw unchecked exceptions

...

7.5CVSS6.7AI score0.06873EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•5 views

A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other session_id. Initially, both of them are the same, but after key re-exchange, previous session_id is kept and used as an input to new secret_hash. Historically, both of these buffers had shared length variable, which worked as long as these buffers were same. But the key re-exchange operation can also change the key exchange method, which can be based on hash of different size, eventually creating "secret_hash" of different size than the session_id has. This becomes an issue when the session_id memory is zeroed or when it is used again during second key re-exchange.

...

6.5CVSS7AI score0.04683EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•2 views

A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory.

...

6.1CVSS7AI score0.00485EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•5 views

A flaw was found in the ptp4l program of the linuxptp package. When ptp4l is operating on a little-endian architecture as a PTP transparent clock, a remote attacker could send a crafted one-step sync message to cause an information leak or crash. The highest threat from this vulnerability is to data confidentiality and system availability. This flaw affects linuxptp versions before 3.1.1 and before 2.0.1.

...

7.1CVSS7AI score0.01895EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•4 views

Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. They exist in contrib/vhost-user-gpu/vhost-user-gpu.c and contrib/vhost-user-gpu/virgl.c due to improper release of memory (i.e., free) after effective lifetime.

...

6.5CVSS7AI score0.00436EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•7 views

Controller/Backend/FileEditController.php and Controller/Backend/FilemanagerController.php in Bolt before 4.1.13 allow Directory Traversal.

...

7.5CVSS7AI score0.01747EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•5 views

Symlink Exchange Can Allow Host Filesystem Access

...

8.8CVSS7AI score0.06505EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•7 views

Varnish varnish-modules before 0.17.1 allows remote attackers to cause a denial of service (daemon restart) in some configurations. This does not affect organizations that only install the Varnish Cache product; however, it is common to install both Varnish Cache and varnish-modules. Specifically, an assertion failure or NULL pointer dereference can be triggered in Varnish Cache through the varnish-modules header.append() and header.copy() functions. For some Varnish Configuration Language (VCL) files, this gives remote clients an opportunity to cause a Varnish Cache restart. A restart reduces overall availability and performance due to an increased number of cache misses, and may cause higher load on backend servers.

...

7.5CVSS7AI score0.01495EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•2 views

UAF due to php_filter_float() failing

...

9.8CVSS7AI score0.03002EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•5 views

Multiple vulnerabilities in Firebird client extension

...

5.9CVSS7AI score0.01724EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•3 views

Incorrect URL validation in FILTER_VALIDATE_URL

...

5.3CVSS7AI score0.01945EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•4 views

Special characters break path parsing in XML functions

...

5.3CVSS6.7AI score0.25951EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•4 views

Webhook redirect in kube-apiserver

...

4.1CVSS7AI score0.01953EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•4 views

FILTER_VALIDATE_URL accepts URLs with invalid userinfo

...

5.3CVSS7AI score0.02983EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•3 views

PHP-FPM memory access in root process leading to privilege escalation

...

7.8CVSS6.7AI score0.01337EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•5 views

Null Dereference in SoapClient

...

7.5CVSS7AI score0.03152EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•4 views

A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

...

6CVSS7AI score0.00335EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•3 views

A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callback function while dropping a SCSI request. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

...

6CVSS7AI score0.00275EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•3 views

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Further investigation showed that it was not a security issue. Notes: none

...

7AI score
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•6 views

JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol handler.

...

10CVSS7AI score0.04379EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•3 views

A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to be discreetly added via the URI when being passed to Thunderbird. An attacker could potentially send a victim a URI that automatically attaches a sensitive file to a new email. If a victim user does not notice that an attachment was added and sends the email, this could result in sensitive information disclosure. It has been confirmed that the code behind this issue is in xdg-email and not in Thunderbird.

...

6.5CVSS7AI score0.01443EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•8 views

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. Note: The patch for this issue will address the vulnerability only if the WLS instance is using JDK 1.7.0_191 or later, or JDK 1.8.0_181 or later. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

...

9.8CVSS7.3AI score0.02569EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•3 views

Bolt before 3.7.2 does not restrict filter options in a Request in the Twig context, and is therefore inconsistent with the "How to Harden Your PHP for Better Security" guidance.

...

5.3CVSS7AI score0.01085EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•4 views

Apache Tomcat: Request header mix-up between HTTP/2 streams

...

7.5CVSS7AI score0.24622EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•4 views

JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser protocol handler.

...

7.5CVSS7AI score0.01367EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•4 views

libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption.

...

7.1CVSS7AI score0.02319EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•5 views

tinylcy Vino through 2017-12-15 allows remote attackers to cause a denial of service ("vn_get_string error: Resource temporarily unavailable" error and daemon crash) via a long URL.

...

7.5CVSS7AI score0.01794EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•7 views

Controller/Async/FilesystemManager.php in the filemanager in Bolt allows remote attacke

...

8.8CVSS7AI score0.02661EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•5 views

In JetBrains Toolbox App before 1.15.5666 for Windows, privilege escalation was possible.

...

7.5CVSS7AI score0.01041EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•4 views

JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a cleartext http connection.

...

5.9CVSS7AI score0.00656EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•5 views

An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely

...

7.8CVSS7AI score0.01736EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•3 views

An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store.

...

4.3CVSS7AI score0.01178EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•7 views

man-db before 2.8.5 on Gentoo allows local users (with access to the man user account) to gain root privileges because /usr/bin/mandb is executed by root but not owned by root. (Also, the owner can strip the setuid and setgid bits.)

...

7.8CVSS7AI score0.00383EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•3 views

PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string.

...

9.8CVSS9.3AI score0.07562EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•5 views

The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string.

...

9.8CVSS9.3AI score0.07191EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•3 views

PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call.

...

7.5CVSS7AI score0.02954EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•5 views

lrzsz before version 0.12.21~rc can leak information to the receiving side due to an incorrect length check in the function zsdata that causes a size_t to wrap around.

...

7.1CVSS7AI score0.00391EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:10 a.m.•5 views

Bolt before 3.3.6 does not properly restrict access to _profiler routes

...

5.3CVSS7AI score0.01774EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:10 a.m.•6 views

The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.

...

9.3CVSS8.8AI score0.26723EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:10 a.m.•4 views

Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands

...

9.3CVSS7AI score0.05978EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:10 a.m.•6 views

When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input.

...

7.1CVSS7AI score0.01749EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:10 a.m.•11 views

pkexec, when used with --user nonpriv, allows local users to escape to the parent session

...

7.8CVSS7AI score0.00351EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:10 a.m.•6 views

The _tokenize_matrix function in audio_out.c in Xiph.Org libao 1.2.0 allows remote attackers to cause a denial of service

...

5.5CVSS7AI score0.03855EPSS
Exploits3
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:10 a.m.•5 views

A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07.

...

8.8CVSS7AI score0.02228EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:10 a.m.•4 views

libnotify before 1.0.4 for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in a call to libnotify.notify.

...

9.8CVSS7AI score0.02685EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:10 a.m.•6 views

modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password.

...

6CVSS7AI score0.01382EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:10 a.m.•8 views

arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others, does not properly drop supplementary groups, which might allow attackers to gain root privileges by leveraging other vulnerabilities in the daemon.

...

10CVSS7AI score0.03202EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:10 a.m.•6 views

Mutt does not verify that the smtps server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL SMTP server via an arbitrary certificate, a different vulnerability than CVE-2009-3766.

...

6.8CVSS7AI score0.01475EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:10 a.m.•6 views

Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow.

...

7.5CVSS7AI score0.04871EPSS
Exploits0
Total number of security vulnerabilities21727