Lucene search
K

8181 matches found

Redos
Redos
•added 2025/07/01 12:0 a.m.•5 views

ROS-20250630-10

A vulnerability in the BeanIntrospector class of the Apache Commons Beanutils utility is related to the recovery of an inaccurate data structure in memory. of an invalid data structure. Exploitation of the vulnerability could allow an attacker acting remotely to affect the confidentiality,...

7.5CVSS6.8AI score0.28839EPSS
Exploits1
Redos
Redos
•added 2025/07/01 12:0 a.m.•4 views

ROS-20250630-08

A vulnerability in a library for Python that extends the ease of creating, distributing, and installation of Python packages setuptools is related to an input validation error when processing sequences of directory traversal in packageindex.py. Exploitation of the vulnerability could allow an...

8.8CVSS6.4AI score0.01479EPSS
Exploits4
Redos
Redos
•added 2025/07/01 12:0 a.m.•5 views

ROS-20250630-04

The Eclipse Jetty servlet container vulnerability is related to a bug in GzipHandler when handling certain URL paths. Exploitation of the vulnerability could allow an attacker to bypass the enforced security restrictions security The Eclipse Jetty servlet container vulnerability is related to the...

7.2CVSS6.2AI score0.01037EPSS
Exploits1
Redos
Redos
•added 2025/07/01 12:0 a.m.•4 views

ROS-20250630-06

Vulnerability of orftokenendianconvert function of group communication system for fault-tolerant clusters Corosync is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code or cause a denia...

9.8CVSS8.5AI score0.00433EPSS
Exploits1
Redos
Redos
•added 2025/07/01 12:0 a.m.•3 views

ROS-20250630-05

The Salted Challenge Response Authentication Mechanism SCRAM vulnerability in the Apache Kafka Message Manager is due to a lack of verification of one-time message numbers between messages. of the Apache Kafka Message Manager is related to the lack of verification of one-time message numbers...

5.3CVSS7.4AI score0.0078EPSS
Exploits0
Redos
Redos
•added 2025/07/01 12:0 a.m.•6 views

ROS-20250630-07

A vulnerability in HashiCorp's Vault and Vault Enterprise enterprise information archiving platforms was related to incorrect validation of an assertion in an Azure-issued token, leading to a potential circumvention of the boundlocations parameter at login. Exploitation of the vulnerability could...

8.8CVSS6.4AI score0.00351EPSS
Exploits0
Redos
Redos
•added 2025/07/01 12:0 a.m.•3 views

ROS-20250630-03

A vulnerability in the Symfony web application development and management software platform exists due to failure to take measures to neutralize special elements. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary code A vulnerability in the Symfony w...

7.3CVSS5.1AI score0.63422EPSS
Exploits0
Redos
Redos
•added 2025/07/01 12:0 a.m.•6 views

ROS-20250630-01

A vulnerability in the pgAdmin 4 database management tool exists due to an incorrect restriction of the name of the of the path to a restricted directory. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary code...

9.8CVSS9.6AI score0.64846EPSS
Exploits5
Redos
Redos
•added 2025/07/01 12:0 a.m.•4 views

ROS-20250630-02

The vulnerability of HashiCorp Vault and Vault Enterprise enterprise data archiving platforms is related to the fact that the validprincipals and defaultuser fields of the SSH secrets mechanism configuration are not are not set. Exploitation of the vulnerability could allow an attacker acting...

8.8CVSS7.9AI score0.00269EPSS
Exploits0
Redos
Redos
•added 2025/07/01 12:0 a.m.•3 views

ROS-20250630-11

The vulnerability of a data encryption package using Crypt::CBC encryption block chain mode is due to the fact, that the rand function is not cryptographically secure. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

4CVSS4.5AI score0.00176EPSS
Exploits0
Redos
Redos
•added 2025/07/01 12:0 a.m.•5 views

ROS-20250630-12

A vulnerability in the Golang programming language is related to an insecure reference following issue OCREATE and OEXCL when processing symbolic links. Exploitation of the vulnerability could allow an attacker to escalate privileges on the system. The vulnerability in the Golang programming...

7.5CVSS7.1AI score0.0056EPSS
Exploits0
Redos
Redos
•added 2025/06/25 12:0 a.m.•5 views

ROS-20250625-01

Vulnerability of ffhevcputweightedpredavg8sse function of h.265 Libde265 video codec implementation is related to operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service using a specially crafted vid...

6.5CVSS7.6AI score0.00856EPSS
Exploits2
Redos
Redos
•added 2025/06/25 12:0 a.m.•9 views

ROS-20250625-03

Vulnerability of eachpair function from strongparameters.rb of Ruby on Rails software platform is related to recovery of an invalid data structure in memory. Exploitation of the vulnerability could allow a remote attacker to gain access to confidential data Vulnerability in Ruby on Rails software...

7.5CVSS8.9AI score0.04198EPSS
Exploits2
Redos
Redos
•added 2025/06/25 12:0 a.m.•5 views

ROS-20250625-04

A vulnerability in the Ruby on Rails software platform is related to a CSRF vulnerability in the rails-ujs module. Exploitation of the vulnerability could allow an attacker acting remotely to send CSRF tokens to the wrong domains. invalid domains...

6.5CVSS8.8AI score0.01485EPSS
Exploits1
Redos
Redos
•added 2025/06/25 12:0 a.m.•5 views

ROS-20250625-02

A vulnerability in the br.com.anteros.dbcp.AnterosDBCPConfig component of the Java library for grammar parsing JSON files jackson-databind is related to the recovery of invalid data in memory. Exploitation of the of the vulnerability could allow an attacker acting remotely to cause a denial of...

9.8CVSS8AI score0.26587EPSS
Exploits5
Redos
Redos
•added 2025/06/25 12:0 a.m.•7 views

ROS-20250625-08

Vulnerability in DecodeConfig component of Golang programming language is related to race condition of symbolic links when using os.RemoveAll. Exploitation of the vulnerability could allow an attacker, acting remotely, to remove arbitrary directories...

7.2AI score
Exploits0
Redos
Redos
•added 2025/06/25 12:0 a.m.•8 views

ROS-20250625-09

A vulnerability in the Apache Commons Configuration library is related to mismanagement of code generation. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code using specially crafted script, dns, and url requests. using specially crafted script, dn...

9.8CVSS6.4AI score0.42646EPSS
Exploits3
Redos
Redos
•added 2025/06/25 12:0 a.m.•4 views

ROS-20250625-06

A vulnerability in the checkforbidden function from rack/directory.rb of the modular interface between web servers and the Rack web applications is related to incorrect directory path name restriction. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to...

8.6CVSS6.8AI score0.03593EPSS
Exploits1
Redos
Redos
•added 2025/06/25 12:0 a.m.•5 views

ROS-20250625-05

Vulnerability of components from memcachestore.rb and rediscachestore.rb of Ruby on Rails software platform is related to recovery of invalid data structure in memory. Exploitation of the vulnerability could allow a remote attacker to gain access to sensitive data, compromise its integrity, as we...

9.8CVSS8.8AI score0.45732EPSS
Exploits5
Redos
Redos
•added 2025/06/25 12:0 a.m.•4 views

ROS-20250625-07

Vulnerability of translate function from translationhelper.rb of Ruby on Rails software platform is related to flaws in the measures used to protect web page structures. Exploitation of the vulnerability allows an attacker acting remotely to affect data integrity...

6.1CVSS8.8AI score0.02372EPSS
Exploits0
Redos
Redos
•added 2025/06/24 12:0 a.m.•3 views

ROS-20250624-09

A vulnerability in the av1looprestorationdealloc function of the libaom video encoding library is related to reading outside of buffer boundaries in memory. Exploitation of the vulnerability could allow a remote attacker, execute arbitrary code...

9.8CVSS6.5AI score0.01165EPSS
Exploits1
Redos
Redos
•added 2025/06/24 12:0 a.m.•5 views

ROS-20250624-05

A vulnerability in the Consul and Consul Enterprise service configuration tool is related to errors in the processing of CSR requests at the RPC endpoint. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the implemented security restrictions. remotely to bypass...

7.5CVSS9.7AI score0.00849EPSS
Exploits0
Redos
Redos
•added 2025/06/24 12:0 a.m.•6 views

ROS-20250624-04

A vulnerability in the Lua script interpreter is related to segmentation errors in changedline in ldebug.c. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

5.5CVSS9.1AI score0.00533EPSS
Exploits1
Redos
Redos
•added 2025/06/24 12:0 a.m.•6 views

ROS-20250624-07

A vulnerability in the Mercurial version control software tool is related to insufficient data cleansing, provided by the user. Exploitation of the vulnerability could allow an attacker acting remotely to perform cross-site scripting XSS attacks. remotely to perform cross-site scripting XSS attac...

5.3CVSS6.1AI score0.00486EPSS
Exploits0
Redos
Redos
•added 2025/06/24 12:0 a.m.•4 views

ROS-20250624-10

Vulnerability of the native code library for parsing and linearization of PGF LIBPGF grammars is related to the memory usage after release in Decoder.cpp. Exploitation of the vulnerability could allow an attacker acting remotely to escalate privileges on the system...

9.8CVSS9.8AI score0.01908EPSS
Exploits0
Redos
Redos
•added 2025/06/24 12:0 a.m.•5 views

ROS-20250624-06

A vulnerability in the Django web application software platform is related to insufficient validation of user input in django.utils.text.wrap and the wordwrap template filter. user input in django.utils.text.wrap and wordwrap template filter. Exploitation of the vulnerability could allow an...

7.5CVSS6.5AI score0.13969EPSS
Exploits0
Redos
Redos
•added 2025/06/24 12:0 a.m.•7 views

ROS-20250624-02

Vulnerability in OpenSearch software package related to lack of Markdown cleanup on header or footer previews header or footer preview. Exploitation of the vulnerability could allow an attacker to, execute arbitrary code...

6.4CVSS7.6AI score0.00557EPSS
Exploits2
Redos
Redos
•added 2025/06/24 12:0 a.m.•6 views

ROS-20250624-03

A vulnerability in the UEFI firmware of Intel processors is related to insufficient granularity of the access controls. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the Software Guard eXtensions SGX implementation of Intel processors is...

6.8CVSS7.1AI score0.00211EPSS
Exploits0
Redos
Redos
•added 2025/06/24 12:0 a.m.•9 views

ROS-20250624-01

A vulnerability in the SEV-SNP functions of AMD processor firmware is related to incorrectly input validation for serial presence detection DIMM SPD metadata. Exploitation of the vulnerability allows an attacker to overwrite guest memory, resulting in a loss of the guest data integrity...

5.3CVSS7.2AI score0.00222EPSS
Exploits0
Redos
Redos
•added 2025/06/24 12:0 a.m.•6 views

ROS-20250624-08

GIFLIB GIF library vulnerability is related to a boundary error in the function Dimplescreen2rgb in gif2rgb.c. Exploitation of the vulnerability could allow an attacker to execute arbitrary code on the target system...

7.3CVSS7.2AI score0.00232EPSS
Exploits0
Redos
Redos
•added 2025/06/24 12:0 a.m.•6 views

ROS-20250624-14

A vulnerability in the SSH server of the Golang programming language is associated with uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

7.5CVSS9.4AI score0.00868EPSS
Exploits0
Redos
Redos
•added 2025/06/24 12:0 a.m.•6 views

ROS-20250624-15

Vulnerability in the Javascript Object Signing and Encryption Go JOSE standards set implementation is related to uncontrolled consumption of internal resources properly when analyzing JWS and JWE input data. Exploitation of the vulnerability could allow an attacker acting remotely to cause a deni...

8.7CVSS7AI score0.00369EPSS
Exploits0
Redos
Redos
•added 2025/06/24 12:0 a.m.•3 views

ROS-20250624-16

A vulnerability in the libntlm library implementation of the NT LAN Manager Network Authentication Protocol NTLM is related to a buffer boundary read with reading beyond buffer boundaries. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code or cause...

9.8CVSS7.9AI score0.03107EPSS
Exploits1
Redos
Redos
•added 2025/06/24 12:0 a.m.•8 views

ROS-20250624-11

A vulnerability in the Perl data structure to JSON conversion module Cpanel::JSON::XS is related to access beyond the beyond the allocated memory buffer, acting remotely, obtaining sensitive information or cause a denial of service...

9.1CVSS9.2AI score0.00788EPSS
Exploits0
Redos
Redos
•added 2025/06/24 12:0 a.m.•4 views

ROS-20250624-12

Vulnerability of putqpelfallback function fallback-motion.cc of h.265 video codec implementation Libde265 is related to writing beyond buffer boundaries. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service Vulnerability in the mcchroma function...

6.5CVSS6.9AI score0.00844EPSS
Exploits2
Redos
Redos
•added 2025/06/24 12:0 a.m.•3 views

ROS-20250624-13

Vulnerability of path.evaluate or path.evaluateTruthy compiler for writing JavaScript code Babel is related to an incorrect comparison. Exploitation of the vulnerability could allow an attacker to execute arbitrary code...

9.3CVSS8.6AI score0.0052EPSS
Exploits0
Redos
Redos
•added 2025/06/23 12:0 a.m.•6 views

ROS-20250623-01

The vulnerability of the nftpayload function of the net/netfilter /nftpayload.c module of the netfilter component of the Linux kernel is related to the operation exceeding the memory buffer boundary. of Linux operating system is related to the operation exceeding the buffer boundaries in memory...

5.5CVSS6AI score0.00176EPSS
Exploits0
Redos
Redos
•added 2025/06/19 12:0 a.m.•3 views

ROS-20250616-28

The vulnerability of the Zabbix universal monitoring system server is related to unrestricted allocation of resources. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service...

6.5CVSS6.3AI score0.00348EPSS
Exploits0
Redos
Redos
•added 2025/06/19 12:0 a.m.•3 views

ROS-20250616-27

The vulnerability of the Zabbix universal monitoring system server is related to unrestricted allocation of resources. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service...

6.5CVSS6.3AI score0.00348EPSS
Exploits0
Redos
Redos
•added 2025/06/19 12:0 a.m.•9 views

ROS-20250619-01

A vulnerability in the Rack module interface of the Ruby programming language interpreter is related to sending requests with an extremely large number of parameters. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service A vulnerability in the Rack...

7.5CVSS7.4AI score0.00911EPSS
Exploits0
Redos
Redos
•added 2025/06/19 12:0 a.m.•5 views

ROS-20250619-14

The vulnerability of Pgpool-II connection balancing and management software tools is related to errors of input validation errors when processing directory traversal sequences in filenames. Exploitation exploitation of the vulnerability could allow a remote attacker to perform directory traversal...

9.8CVSS7.3AI score0.00791EPSS
Exploits0
Redos
Redos
•added 2025/06/19 12:0 a.m.•5 views

ROS-20250619-16

YASM assembler vulnerability is related to NULL pointer dereferencing via the yasmsectionbcsappend function in section.c. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

4.8CVSS7AI score0.00215EPSS
Exploits1
Redos
Redos
•added 2025/06/19 12:0 a.m.•9 views

ROS-20250619-15

A software vulnerability in the Grafana monitoring and surveillance platform is related to a vulnerability in the of the XY Chart plugin to DOM XSS. Exploitation of the vulnerability could allow an attacker acting remotely, execute arbitrary code Grafana monitoring and surveillance platform...

8.3CVSS6.6AI score0.97809EPSS
Exploits6
Redos
Redos
•added 2025/06/19 12:0 a.m.•4 views

ROS-20250619-17

Vulnerability of CompressorStreamFactory, TarArchiveInputStream and TarFile classes of Apache Commons archiver Compress is related to uncontrolled resource consumption as a result of insufficient input data validation when processing TAR archive headers. Exploitation of the vulnerability could...

5.5CVSS6.3AI score0.00489EPSS
Exploits0
Redos
Redos
•added 2025/06/19 12:0 a.m.•5 views

ROS-20250619-12

The vulnerability of Pgpool-II connection balancing and management software tools is related to errors of input validation errors when processing directory traversal sequences in filenames. Exploitation exploitation of the vulnerability could allow a remote attacker to perform directory traversal...

9.8CVSS7.3AI score0.00791EPSS
Exploits0
Redos
Redos
•added 2025/06/19 12:0 a.m.•5 views

ROS-20250619-10

The vulnerability of Pgpool-II connection balancing and management software tools is related to errors of input validation errors when processing directory traversal sequences in filenames. Exploitation exploitation of the vulnerability could allow a remote attacker to perform directory traversal...

9.8CVSS7.3AI score0.00791EPSS
Exploits0
Redos
Redos
•added 2025/06/19 12:0 a.m.•9 views

ROS-20250619-11

The vulnerability of Pgpool-II connection balancing and management software tools is related to errors of input validation errors when processing directory traversal sequences in filenames. Exploitation exploitation of the vulnerability could allow a remote attacker to perform directory traversal...

9.8CVSS7.3AI score0.00791EPSS
Exploits0
Redos
Redos
•added 2025/06/19 12:0 a.m.•9 views

ROS-20250619-13

The vulnerability of Pgpool-II connection balancing and management software tools is related to errors of input validation errors when processing directory traversal sequences in filenames. Exploitation exploitation of the vulnerability could allow a remote attacker to perform directory traversal...

9.8CVSS7.3AI score0.00791EPSS
Exploits0
Redos
Redos
•added 2025/06/19 12:0 a.m.•5 views

ROS-20250619-03

A vulnerability in the Microsoft Visual Studio software development tool, the Microsoft.NET software platform, and the Build Tools for Visual Studio toolkit is associated with an incorrect external external vulnerability. Microsoft.NET and Build Tools for Visual Studio toolkit is related to...

8CVSS7AI score0.011EPSS
Exploits0
Redos
Redos
•added 2025/06/19 12:0 a.m.•9 views

ROS-20250619-05

A vulnerability in the PostgreSQL PgBouncer connection pooling program is related to the fact that a password can be used after it expires, because authquery does not take into account the value of Postgre's VALID UNTIL. Exploitation of the vulnerability allows an attacker acting remotely to gain...

9.8CVSS8AI score0.00305EPSS
Exploits0
Total number of security vulnerabilities8181