Lucene search
K

33 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-326 dcap-qvl has Missing Verification for QE Identity

Impact This vulnerability involves a critical gap in the cryptographic verification process within the dcap-qvl. The library fetches QE Identity collateral including qeidentity, qeidentitysignature, and qeidentityissuerchain from the PCCS. However, it skips to verify the QE Identity signature...

9.3CVSS5.9AI score0.00208EPSS
Exploits0References5
OSV
OSV
added 2026/04/17 6:19 p.m.3 views

CVE-2026-40525 OpenViking < 0.3.9 Authentication Bypass via VikingBot OpenAPI

OpenViking prior to version 0.3.9 contains an authentication bypass vulnerability in the VikingBot OpenAPI HTTP route surface where the authentication check fails open when the apikey configuration value is unset or empty. Remote attackers with network access to the exposed service can invoke...

9.1CVSS6AI score0.00571EPSS
Exploits1References7
CNNVD
CNNVD
added 2026/03/28 12:0 a.m.8 views

NRSS Reader 缓冲区错误漏洞

NRSS Reader is a desktop reading tool developed by NRSS Corporation, designed for subscribing to and reading RSS information sources. Version 0.3.9-1 of NRSS Reader contains a buffer overflow vulnerability. This vulnerability stems from a stack buffer overflow, which could allow local attackers t...

8.6CVSS6.4AI score0.00203EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/01/28 3:16 a.m.11 views

CVE-2026-22696

dcap-qvl implements the quote verification logic for DCAP Data Center Attestation Primitives. A vulnerability present in versions prior to 0.3.9 involves a critical gap in the cryptographic verification process within the dcap-qvl. The library fetches QE Identity collateral including qeidentity,...

9.3CVSS5.9AI score0.00208EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/26 12:0 a.m.4 views

PT-2026-4820

Name of the Vulnerable Software and Affected Versions dcap-qvl versions prior to 0.3.9 Description The dcap-qvl library contains a flaw in its quote verification logic. The library retrieves QE Identity collateral from the PCCS, but fails to verify the QE Identity signature against its certificat...

9.3CVSS5.9AI score0.00208EPSS
Exploits0References12
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-30662

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.0019EPSS
Exploits0References2
NVD
NVD
added 2025/09/22 7:16 p.m.3 views

CVE-2025-57996

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in matthewordie Buckets buckets allows Stored XSS.This issue affects Buckets: from n/a through = 0.3.9...

6.5CVSS0.0019EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/09/22 7:0 p.m.5 views

WordPress Buckets Plugin <= 0.3.9 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Buckets versions = 0.3.9...

6.5CVSS6AI score0.0019EPSS
Exploits0Affected Software1
CVE
CVE
added 2025/09/22 6:24 p.m.10 views

CVE-2025-57996

CVE-2025-57996 is a stored XSS vulnerability in the WordPress plugin Buckets (Buckets: 0.3.9 and earlier). The CVSS 3.1 base score is 6.5 (Medium). Attack vector: Network; Attack complexity: Low; Privileges required: Low; User interaction: Required; Scope: Changed; Impact: Confidentiality, Integr...

6.5CVSS5.9AI score0.0019EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/22 6:24 p.m.1 views

CVE-2025-57996 WordPress Buckets Plugin <= 0.3.9 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in matthewordie Buckets buckets allows Stored XSS.This issue affects Buckets: from n/a through = 0.3.9...

6.5CVSS5.2AI score0.0019EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/22 12:0 a.m.5 views

WordPress plugin Buckets 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS5.6AI score0.0019EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/22 12:0 a.m.3 views

PT-2025-38846

Name of the Vulnerable Software and Affected Versions Buckets versions through 0.3.9 Description The software contains a flaw related to improper input handling during web page generation, which can lead to Stored Cross-site Scripting XSS. This allows an attacker to inject malicious scripts into...

6.5CVSS6.1AI score0.0019EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/09/08 12:0 a.m.5 views

Amazon Linux 2023 : ruby3.2, ruby3.2-bundled-gems, ruby3.2-default-gems (ALAS2023-2025-1168)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1168 advisory. Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is a possibility for denial of service by memory...

6.5CVSS6.3AI score0.00412EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/07/22 12:0 a.m.5 views

WordPress plugin Realty Portal – Agent 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

8.8CVSS6.5AI score0.00437EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:10 a.m.5 views

CVE-2023-28168

Missing Authorization vulnerability in Jerod Santo WordPress Console allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Console: from n/a through 0.3.9...

3.7CVSS8AI score0.00374EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/09 12:0 a.m.2 views

WordPress plugin WordPress Console 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

3.7CVSS8.3AI score0.00374EPSS
Exploits0References1
Snyk
Snyk
added 2024/10/10 7:42 a.m.5 views

Exposure of Data Element to Wrong Session

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Exposure of Data Element to Wrong Session due to the improper handling of user roles during the login process. An attacker can gain unauthorized access and perform actions without administrative approval...

5.4CVSS7AI score0.00337EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2024/04/25 7:53 p.m.3 views

ape-dasy (=0.1.0) potentially affected by CVE-2024-32481 via vyper (=0.3.9)

vyper PYPI version =0.3.9 is affected by a known vulnerability. The following packages have a transitive dependency on vyper and may be impacted: - ape-dasy =0.1.0 Source cves: CVE-2024-32481 Source advisory: OSV:GHSA-PPX5-Q359-PVWJ...

5.3CVSS6AI score0.00791EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2024/02/07 5:27 p.m.4 views

2vyper (=0.3.0), ape-dasy (=0.1.0) +28 more potentially affected by CVE-2024-24563 via vyper (>=0.1.0b12 <=0.3.9)

vyper PYPI version =0.1.0b12, =0.7.1, =0.1.0, =0.0.0, =0.0.0, =0.0.5, =0.1.0, =0.1.0, =0.7.2, =0.1.10.0, =1.0.1, =0.1.0, =1.4.0, =1.20.6 and more Source cves: CVE-2024-24563 Source advisory: OSV:GHSA-52XQ-J7V9-V4V2...

9.8CVSS7.2AI score0.01539EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2024/01/30 6:42 p.m.4 views

2vyper (=0.3.0), ape-dasy (=0.1.0) +28 more potentially affected by CVE-2024-24567 via vyper (>=0.1.0b12 <=0.3.9)

vyper PYPI version =0.1.0b12, =0.7.1, =0.1.0, =0.0.0, =0.0.0, =0.0.5, =0.1.0, =0.1.0, =0.7.2, =0.1.10.0, =1.0.1, =0.1.0, =1.4.0, =1.20.6 and more Source cves: CVE-2024-24567 Source advisory: OSV:GHSA-X2C2-Q32W-4W6M...

5.3CVSS6AI score0.00485EPSS
Exploits3
Rows per page
Query Builder