Lucene search
K

118 matches found

Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.5 views

PT-2026-25615

A vulnerability was detected in myAEDES App up to 1.18.4 on Android. Affected is an unknown function of the file aedes/me/beta/utils/EngageBayUtils.java of the component aedes.me.beta. Performing a manipulation of the argument AUTH KEY results in information disclosure. The attack is only possibl...

2.5CVSS5AI score0.00132EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.10 views

PT-2026-6308

Name of the Vulnerable Software and Affected Versions cert-manager versions 1.18.0 through 1.18.4 cert-manager versions 1.19.0 through 1.19.2 Description cert-manager simplifies the process of obtaining, renewing, and using certificates in Kubernetes clusters. The cert-manager-controller performs...

9.8CVSS5.5AI score0.00349EPSS
Exploits0References252
Tenable Nessus
Tenable Nessus
added 2025/12/25 12:0 a.m.4 views

Debian dla-4419 : gstreamer1.0-gtk3 - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4419 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-4419-1 [email protected]...

8.1CVSS7.8AI score0.00625EPSS
Exploits2References6
RedhatCVE
RedhatCVE
added 2025/12/09 12:51 a.m.5 views

CVE-2025-64715

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.16.17, 1.17.10, and 1.18.4, CiliumNetworkPolicys which use egress.toGroups.aws.securityGroupsIds to reference AWS security group IDs that do not exist or are not attached to any network...

5.5CVSS6.7AI score0.00161EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/29 12:0 a.m.4 views

PT-2025-48349

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.16.17, 1.17.10, and 1.18.4, CiliumNetworkPolicys which use egress.toGroups.aws.securityGroupsIds to reference AWS security group IDs that do not exist or are not attached to any network...

4CVSS6.7AI score0.00161EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/10/03 12:0 a.m.4 views

SUSE SLED15: cairo-devel / cairo-devel-32bit / cairo-tools / libcairo-gobject2 / etc (SUSE-SU-2025:03449-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:03449-1 advisory. - CVE-2025-50422: Fixed Poppler crash on malformed input bsc1247589 - Update to version 1.18.4: - The...

2.9CVSS6.1AI score0.00213EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2025/10/03 12:0 a.m.4 views

SUSE: Security Advisory (SUSE-SU-2025:03449-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

2.9CVSS5AI score0.00213EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2025/10/02 7:15 a.m.6 views

Security update for cairo

This update for cairo fixes the following issues: CVE-2025-50422: Fixed Poppler crash on malformed input bsc1247589 Update to version 1.18.4: The dependency on LZO has been made optional through a build time configuration toggle. You can build Cairo against a Freetype installation that does not...

3.3CVSS7.1AI score0.00213EPSS
Exploits0References4
OSV
OSV
added 2025/10/02 7:15 a.m.5 views

SUSE-SU-2025:03449-1 Security update for cairo

This update for cairo fixes the following issues: - CVE-2025-50422: Fixed Poppler crash on malformed input bsc1247589 - Update to version 1.18.4: + The dependency on LZO has been made optional through a build time configuration toggle. + You can build Cairo against a Freetype installation that do...

2.9CVSS7.1AI score0.00213EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/09/12 7:11 a.m.4 views

CVE-2025-8778

The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the nitropacksetcompressionajax function in all versions up to, and including, 1.18.4. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS5.1AI score0.00226EPSS
Exploits0References1
NVD
NVD
added 2025/09/10 7:15 a.m.5 views

CVE-2025-8778

The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the nitropacksetcompressionajax function in all versions up to, and including, 1.18.4. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS0.00226EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/09/10 12:0 a.m.5 views

PT-2025-37019

Name of the Vulnerable Software and Affected Versions: NitroPack versions up to and including 1.18.4 Description: The NitroPack plugin for WordPress is susceptible to unauthorized data modification. This is due to a missing capability check within the nitropack set compression ajax function...

4.3CVSS5.6AI score0.00226EPSS
Exploits0References7
OSV
OSV
added 2025/08/18 12:0 a.m.2 views

OPENSUSE-SU-2025:15457-1 cairo-devel-1.18.4-3.1 on GA media

These are all security issues fixed in the cairo-devel-1.18.4-3.1 package on the GA media of openSUSE Tumbleweed...

2.9CVSS5.8AI score0.00213EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2020-5225

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system...

5.5CVSS5.8AI score0.00653EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/28 12:0 a.m.14 views

Copyparty 跨站脚本漏洞

Copyparty is a portable file server for ed individual developers. A cross-site scripting vulnerability exists in Copyparty 1.18.4 and earlier versions, which stems from improper cleaning of the multimedia tags of music files and could lead to the execution of arbitrary JavaScript code...

6.1CVSS6AI score0.00395EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/03/10 12:0 a.m.10 views

Amazon Linux 2 : gstreamer1-plugins-good, --advisory ALAS2-2025-2776 (ALAS-2025-2776)

The version of gstreamer1-plugins-good installed on the remote host is prior to 1.18.4-6. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2776 advisory. GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detecte...

9.8CVSS8.2AI score0.01344EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/08/06 12:0 a.m.5 views

Gorush 安全漏洞

Gorush is a push notification server written in Go by Bo-Yi Wu, an individual developer. A security vulnerability exists in Gorush v1.18.4, which stems from the use of a deprecated version of TLS in the RunHTTPServer function. An attacker can use this vulnerability to intercept and manipulate dat...

9.1CVSS6.5AI score0.00308EPSS
Exploits0References2
OSV
OSV
added 2024/03/06 11:1 a.m.27 views

BIT-GOLANG-2022-28131 Stack exhaustion from deeply nested XML documents in encoding/xml

Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document...

7.5CVSS7.4AI score0.01875EPSS
Exploits0References6
OSV
OSV
added 2024/03/06 11:0 a.m.16 views

BIT-GOLANG-2022-30630 Stack exhaustion in Glob on certain paths in io/fs

Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators...

7.5CVSS7.7AI score0.01618EPSS
Exploits0References6
OSV
OSV
added 2024/03/06 11:0 a.m.36 views

BIT-GOLANG-2022-30631 Stack exhaustion when reading certain archives in compress/gzip

Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files...

7.5CVSS7.8AI score0.01615EPSS
Exploits0References6
Rows per page
Query Builder