Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

33 matches found

AstraLinux
AstraLinuxadded 2026/05/20 5:53 a.m.2 views

Astra Linux - уязвимость в libxstream-java

XStream is a simple library for serializing objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service—only by manipulating the processed input stream when XStream is configured to use th...

7.5CVSS6.7AI score0.00261EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/29 3:33 p.m.6 views

Security Bulletin: IBM® Db2® is affected by the vulnerability in xstream-1.4.20.jar ( CVE-2024-47072)

Summary IBM® Db2® is affected by the vulnerability in xstream-1.4.20.jar. Vulnerability Details CVEID:CVE-2024-47072 DESCRIPTION: XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overfl...

7.5CVSS5.9AI score0.00261EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVEadded 2026/01/08 3:14 a.m.3 views

CVE-2025-14942

wolfSSH’s key exchange state machine can be manipulated to leak the client’s password in the clear, trick the client to send a bogus signature, or trick the client into skipping user authentication. This affects client applications with wolfSSH version 1.4.21 and earlier. Users of wolfSSH must...

9.4CVSS6.9AI score0.00065EPSS
Exploits0References1
OSV
OSVadded 2026/01/06 6:15 p.m.1 views

CVE-2025-14942

wolfSSH’s key exchange state machine can be manipulated to leak the client’s password in the clear, trick the client to send a bogus signature, or trick the client into skipping user authentication. This affects client applications with wolfSSH version 1.4.21 and earlier. Users of wolfSSH must...

9.8CVSS6.8AI score
Exploits0References1
Cvelist
Cvelistadded 2026/01/06 5:26 p.m.21 views

CVE-2025-14942 Authentication Bypass

wolfSSH’s key exchange state machine can be manipulated to leak the client’s password in the clear, trick the client to send a bogus signature, or trick the client into skipping user authentication. This affects client applications with wolfSSH version 1.4.21 and earlier. Users of wolfSSH must...

9.4CVSS0.00065EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/01/06 5:26 p.m.3 views

CVE-2025-14942 Authentication Bypass

wolfSSH’s key exchange state machine can be manipulated to leak the client’s password in the clear, trick the client to send a bogus signature, or trick the client into skipping user authentication. This affects client applications with wolfSSH version 1.4.21 and earlier. Users of wolfSSH must...

9.4CVSS6.5AI score0.00065EPSS
Exploits0References1
CNNVD
CNNVDadded 2026/01/06 12:0 a.m.0 views

wolfSSH 安全漏洞

wolfSSH is a small, fast, and portable SSH implementation of wolfSSL open source, including support for SCP and SFTP. A security vulnerability exists in wolfSSH 1.4.21 and earlier versions, which stems from a key exchange state machine that can be manipulated, potentially leading to the disclosur...

9.8CVSS6.5AI score0.00065EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2024-1257

Malicious code in bioql PyPI...

8.2CVSS8AI score0.00116EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2025/02/05 6:58 a.m.5 views

CVE-2024-32005

NiceGUI is an easy-to-use, Python-based UI framework. A local file inclusion is present in the NiceUI leaflet component when requesting resource files under the /nicegui/version/resources/key/path:path route. As a result any file on the backend filesystem which the web server has access to can be...

8.2CVSS7.9AI score0.00116EPSS
Exploits0References1
OSV
OSVadded 2024/11/08 12:15 a.m.1 views

DEBIAN-CVE-2024-47072

XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the...

7.5CVSS6.2AI score0.00261EPSS
Exploits0References1
OSV
OSVadded 2024/11/08 12:15 a.m.0 views

UBUNTU-CVE-2024-47072

XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the...

7.5CVSS6.5AI score0.00261EPSS
Exploits0References5
OSV
OSVadded 2024/11/07 9:51 p.m.0 views

GHSA-HFQ9-HGGM-C56Q XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream

Impact The vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the BinaryStreamDriver. Patches XStream 1.4.21 detects the manipulation ...

8.7CVSS6.8AI score0.00261EPSS
Exploits0References7
CNNVD
CNNVDadded 2024/04/30 12:0 a.m.3 views

PrestaShop SQL注入漏洞

PrestaShop is an open source e-commerce solution from the American company PrestaShop. The solution provides multiple payment methods, SMS alerts and product image scaling. A SQL injection vulnerability exists in PrestaShop Webbax v.1.4.21 and earlier versions, which originates from a vulnerabili...

9.8CVSS8.3AI score0.00454EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2024/04/30 12:0 a.m.2 views

PT-2024-25186 · Unknown · Webbax Supernewsletter

Name of the Vulnerable Software and Affected Versions: Webbax supernewsletter versions 1.4.21 and earlier Description: The issue allows a remote attacker to escalate privileges via the Super Newsletter module in the product search.php component. Recommendations: For versions 1.4.21 and earlier,...

9.8CVSS7.5AI score0.00454EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2024/04/12 8:38 p.m.13 views

CVE-2024-32005 Local File Inclusion in NiceGUI leaflet component

NiceGUI is an easy-to-use, Python-based UI framework. A local file inclusion is present in the NiceUI leaflet component when requesting resource files under the /nicegui/version/resources/key/path:path route. As a result any file on the backend filesystem which the web server has access to can be...

8.2CVSS7.9AI score0.00116EPSS
Exploits0References3
OSV
OSVadded 2024/04/12 8:38 p.m.17 views

CVE-2024-32005 Local File Inclusion in NiceGUI leaflet component

NiceGUI is an easy-to-use, Python-based UI framework. A local file inclusion is present in the NiceUI leaflet component when requesting resource files under the /nicegui/version/resources/key/path:path route. As a result any file on the backend filesystem which the web server has access to can be...

8.2CVSS7.6AI score0.00116EPSS
Exploits0References5
CVE
CVEadded 2024/04/12 8:38 p.m.56 views

CVE-2024-32005

CVE-2024-32005 : Local File Inclusion in NiceGUI’s leaflet component allows reading any backend file accessible to the web server via requests to /_nicegui/{version }/resources/{key}/{path:path}. Affected upstream: NiceGUI before 1.4.21. Impact: arbitrary file read on the server. Remediation: upg...

8.2CVSS7.8AI score0.00116EPSS
Exploits0References3
Cvelist
Cvelistadded 2024/04/12 8:38 p.m.13 views

CVE-2024-32005 Local File Inclusion in NiceGUI leaflet component

NiceGUI is an easy-to-use, Python-based UI framework. A local file inclusion is present in the NiceUI leaflet component when requesting resource files under the /nicegui/version/resources/key/path:path route. As a result any file on the backend filesystem which the web server has access to can be...

8.2CVSS8.1AI score0.00116EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2024/04/12 12:0 a.m.3 views

PT-2024-24354 · Nicegui · Nicegui

Name of the Vulnerable Software and Affected Versions: NiceGUI versions prior to 1.4.21 Description: A local file inclusion is present in the NiceUI leaflet component when requesting resource files under the / nicegui/ version /resources/key/path:path route. As a result, any file on the backend...

8.2CVSS6.6AI score0.00116EPSS
Exploits0References10
SUSE CVE
SUSE CVEadded 2023/02/15 5:52 a.m.2 views

SUSE CVE-2011-2753

Multiple cross-site request forgery CSRF vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to hijack the authentication of unspecified victims via vectors involving 1 the empty trash implementation and 2 the Index Order aka optionsorder page, a different issue than...

6.8CVSS7AI score0.00204EPSS
Exploits1References3
Rows per page
Query Builder