Lucene search
K

21727 matches found

Microsoft CVE
Microsoft CVE
•added 2025/10/01 11:10 p.m.•7 views

sfcb in sblim-sfcb places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

...

4.4CVSS7AI score0.0034EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/01 11:10 p.m.•5 views

The theme editor in Bolt allows remote authenticated users to execute arbitrary code by renaming a crafted file

...

6.5CVSS7AI score0.38611EPSS
Exploits2
Microsoft CVE
Microsoft CVE
•added 2025/10/01 11:10 p.m.•5 views

realmd allows remote attackers to inject arbitrary configurations in to sssd.conf and smb.conf

...

5CVSS7AI score0.02915EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/01 11:10 p.m.•9 views

Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, different vulnerabilities than CVE-2010-2642 and CVE-2011-0433.

...

7.6CVSS7AI score0.1427EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/01 11:10 p.m.•7 views

Heap-based buffer overflow in the linetoken function in afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, a different vulnerability than CVE-2010-2642.

...

7.6CVSS7AI score0.1427EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/01 11:10 p.m.•6 views

Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier, teTeX 3.0, t1lib 5.1.2, and possibly other products allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.

...

7.6CVSS7AI score0.1427EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/01 11:10 p.m.•5 views

FreeRADIUS RADIUS server allows remote attackers to cause a denial of service (CPU consumption) via a flood of Access-Request packets.

...

5CVSS7AI score0.01449EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/01 11:10 p.m.•9 views

Multiple stack-based buffer overflows in the (1) ExtractRnick and (2) decrypt_topic_332 functions in FiSH allow remote attackers to execute arbitrary code via long strings.

...

10CVSS7AI score0.09045EPSS
Exploits9
Microsoft CVE
Microsoft CVE
•added 2025/10/01 11:10 p.m.•11 views

The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. NOTE: it is not clear whether this is a design limitation of the function or a bug in PHP, although it is likely to be regarded as a bug in Hardened-PHP and Suhosin.

...

5CVSS7AI score0.02075EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/01 11:10 p.m.•6 views

AS/400 Telnet 5250 terminal emulation clients, as implemented by (1) IBM client access, (2) Bosanova, (3) PowerTerm, (4) Mochasoft, and possibly other emulations, allows malicious AS/400 servers to execute arbitrary commands via a STRPCO (Start PC Organizer) command followed by STRPCCMD (Start PC command), as demonstrated by creating a backdoor account using REXEC.

...

7.5CVSS7AI score0.01702EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/10/01 11:10 p.m.•5 views

Buffer overflow in the slc_add_reply function in various BSD-based Telnet clients, when handling LINEMODE suboptions, allows remote attackers to execute arbitrary code via a reply with a large number of Set Local Character (SLC) commands.

...

7.5CVSS7AI score0.08635EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/01 11:10 p.m.•4 views

Buffer overflow in efax 0.9 and earlier, when installed setuid root, allows local users to execute arbitrary code via a long -x argument.

...

7.2CVSS7AI score0.00465EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/01 11:10 p.m.•4 views

efax 0.9 and earlier, when installed setuid root, allows local users to read arbitrary files via the -d option, which prints the contents of the file in a warning message.

...

2.1CVSS7AI score0.00345EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/01 11:10 p.m.•5 views

The default configuration of NCSA Telnet package for Macintosh and PC enables FTP, even though it does not include an "ftp=yes" line, which allows remote attackers to read and modify arbitrary files.

...

7.5CVSS7AI score0.01674EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/01 11:10 p.m.•5 views

A race condition in how procmail handles .procmailrc files allows a local user to read arbitrary files available to the user who is running procmail.

...

1.2CVSS7AI score0.00321EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/01 11:10 p.m.•6 views

Sendmail WIZ command enabled, allowing root access.

...

7.2CVSS7AI score0.00992EPSS
Exploits2
Microsoft CVE
Microsoft CVE
•added 2025/10/01 5:11 p.m.•6 views

A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS).

...

7.5CVSS7AI score0.00381EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/29 8:1 a.m.•8 views

In PyTorch before 2.7.0, bitwise_right_shift produces incorrect output for certain out-of-bounds values of the "other" argument.

...

5.3CVSS7AI score0.00423EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/29 8:1 a.m.•1 views

Libsoup: out-of-bounds read in cookie date handling of libsoup http library

...

7.5CVSS7AI score0.00594EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/29 1:1 a.m.•10 views

In PyTorch through 2.6.0, when eager is used, nn.PairwiseDistance(p=2) produces incorrect results.

...

5.3CVSS7AI score0.00374EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/29 1:1 a.m.•6 views

Libxslt: use-after-free with key data stored cross-rvt

...

5.5CVSS7AI score0.00161EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/29 1:1 a.m.•7 views

Glib-networking: out of bound reads on glib-networking through tls/openssl/gtlscertificate-openssl.c via "g_tls_certificate_openssl_get_property()"

...

4.8CVSS7AI score0.00288EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/29 1:1 a.m.•8 views

Glib-networking: uninitialized memory dereferences on glib-networking through glib-networking/tls/openssl/gtlsbio.c via g_tls_bio_new_from_iostream() and g_tls_bio_new_from_datagram_based()

...

3.7CVSS7AI score0.00331EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/28 8:2 a.m.•8 views

Squid through 7.1 mishandles ASN.1 encoding of long SNMP OIDs. This occurs in asn_build_objid in lib/snmplib/asn1.c.

...

8.2CVSS7AI score0.00362EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/09/28 1:2 a.m.•4 views

hwmon: (drivetemp) Fix driver producing garbage data when SCSI errors occur

...

5.5CVSS7AI score0.00197EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/28 1:2 a.m.•2 views

riscv: mm: Fix the out of bound issue of vmemmap address

...

7.1CVSS7AI score0.00208EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/28 1:2 a.m.•4 views

fs: relax assertions on failure to encode file handles

...

5.5CVSS7AI score0.00202EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/28 1:1 a.m.•3 views

ALSA: seq: oss: Fix races at processing SysEx messages

...

6.3CVSS7AI score0.0016EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/28 1:1 a.m.•3 views

drm/dp_mst: Fix resetting msg rx state after topology removal

...

7CVSS7AI score0.00158EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/28 1:1 a.m.•3 views

ASoC: topology: Fix references to freed memory

...

7.8CVSS7AI score0.0022EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/28 1:1 a.m.•3 views

block: Fix page refcounts for unaligned buffers in __bio_release_pages()

...

5.5CVSS7AI score0.00209EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/28 1:1 a.m.•4 views

x86/efistub: Call mixed mode boot services on the firmware's stack

...

5.5CVSS7AI score0.00222EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/28 1:1 a.m.•2 views

media: aspeed: Fix memory overwrite if timing is 1600x900

...

7.8CVSS7AI score0.00218EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/27 8:3 a.m.•1 views

Insecure file handling vulnerability

...

6.1CVSS7AI score0.00249EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/27 8:3 a.m.•2 views

Libtiff: libtiff write-what-where

...

8.8CVSS7AI score0.00739EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/27 8:2 a.m.•2 views

Fallback tar extraction in pip doesn't check symbolic links point to extraction directory

...

5.9CVSS7AI score0.00438EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/27 1:3 a.m.•1 views

astral-tokio-tar has a path traversal in tar extraction

...

8.6CVSS7AI score0.00202EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/27 1:2 a.m.•3 views

virtio-net: fix overflow inside virtnet_rq_alloc

...

5.5CVSS7AI score0.002EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/27 1:2 a.m.•3 views

ksmbd: discard write access to the directory open

...

5.5CVSS7AI score0.00288EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/27 1:2 a.m.•5 views

xfs: don't walk off the end of a directory data block

...

7.1CVSS7AI score0.00224EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/27 1:2 a.m.•4 views

ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super()

...

5.5CVSS7AI score0.00271EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/27 1:2 a.m.•4 views

ACPI: CPPC: Use access_width over bit_width for system memory accesses

...

5.5CVSS7AI score0.0021EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/27 1:2 a.m.•8 views

net: ks8851: Handle softirqs at the end of IRQ thread to fix hang

...

5.5CVSS7AI score0.00213EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/27 1:2 a.m.•12 views

Bluetooth: L2CAP: Fix not validating setsockopt user input

...

7.1CVSS7AI score0.00239EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/27 1:2 a.m.•3 views

drm/panfrost: Fix the error path in panfrost_mmu_map_fault_addr()

...

5.5CVSS7AI score0.00237EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/27 1:1 a.m.•5 views

dma-direct: Leak pages on dma_set_decrypted() failure

...

7.1CVSS7AI score0.00215EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/27 1:1 a.m.•10 views

usb: typec: ucsi: Limit read size on v1.2

...

5.5CVSS7AI score0.0021EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/27 1:1 a.m.•5 views

x86/coco: Require seeding RNG with RDRAND on CoCo systems

...

5.5CVSS7AI score0.00235EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/27 1:1 a.m.•2 views

netfilter: bridge: replace physindev with physinif in nf_bridge_info

...

5.5CVSS7AI score0.00223EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/27 1:1 a.m.•3 views

ceph: blocklist the kclient when receiving corrupted snap trace

...

5.5CVSS7AI score0.00208EPSS
Exploits0
Total number of security vulnerabilities21727