Lucene search
K

69 matches found

NVD
NVD
added 2026/06/23 6:17 p.m.5 views

CVE-2026-45692

Caddy is an extensible server platform that uses TLS by default. From 2.4.0 until 2.11.3, the authorization layer and the /config traversal layer do not agree on what object the path refers to. In this case, a path authorized for one config object is accepted, but then resolves to a different...

5.4CVSS0.00144EPSS
Exploits1References1
OSV
OSV
added 2026/06/23 6:17 p.m.3 views

DEBIAN-CVE-2026-45692

Caddy is an extensible server platform that uses TLS by default. From 2.4.0 until 2.11.3, the authorization layer and the /config traversal layer do not agree on what object the path refers to. In this case, a path authorized for one config object is accepted, but then resolves to a different...

3.8CVSS5.9AI score0.00144EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/05/12 5:34 a.m.14 views

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: caddy: caddy-2.11.3-0.1.hum1 aarch64, x8664 caddy-2.11.3-0.1.hum1.src src...

9.8CVSS5.8AI score0.00356EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/08 9:31 a.m.7 views

EUVD-2026-20329

Missing Authorization vulnerability in Ultimate Member Ultimate Member ultimate-member allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Member: from n/a through = 2.11.3...

5.9AI score0.00037EPSS
Exploits0References2
NVD
NVD
added 2026/04/08 9:16 a.m.11 views

CVE-2026-39659

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

0.00037EPSS
Exploits0
Cvelist
Cvelist
added 2026/04/08 8:30 a.m.27 views

CVE-2026-39659

...

0.00037EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/04/08 8:30 a.m.5 views

CVE-2026-39659

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

5.3CVSS5.7AI score0.00037EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.11 views

WordPress plugin Ultimate Member 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

5.8AI score0.00037EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.7 views

PT-2026-31222

Missing Authorization vulnerability in Ultimate Member Ultimate Member ultimate-member allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Member: from n/a through = 2.11.3...

5.3CVSS5.9AI score0.00037EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.7 views

MiracleLinux 9 : python-jinja2-2.11.3-8.el9_5 (AXSA:2025-9829:04)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-9829:04 advisory. jinja2: Jinja sandbox breakout through attr filter selecting format method CVE-2025-27516 Tenable has extracted the preceding description block directly from...

8.8CVSS7.5AI score0.00465EPSS
Exploits0References2
Metasploit
Metasploit
added 2025/11/27 6:57 p.m.464 views

Monsta FTP downloadFile Remote Code Execution

This module exploits a pre-authenticated remote code execution vulnerability in Monsta FTP versions use exploit/multi/http/monstaftpdownloadfilerce msf exploitmonstaftpdownloadfilerce show targets ...targets... msf exploitmonstaftpdownloadfilerce set TARGET msf exploitmonstaftpdownloadfilerce sho...

9.8CVSS7.8AI score0.72536EPSS
Exploits6
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.5 views

TencentOS Server 4: harbor (TSSA-2025:0614)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0614 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

4.1CVSS5.6AI score0.00303EPSS
Exploits0References2
CVE
CVE
added 2025/07/23 8:38 p.m.31 views

CVE-2025-32019

Harbor (the open source cloud-native registry) contains a stored XSS vulnerability in the markdown field of the info tab. Affected versions are 2.11.2 and earlier, and 2.12.0-rc1 and 2.13.0-rc1. The issue is fixed in Harbor 2.11.3 and 2.12.3. Existence and details are supported by multiple source...

4.1CVSS5.5AI score0.00303EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/07/04 12:0 a.m.3 views

Cockpit 代码注入漏洞

Cockpit is an interactive server management interface for Cockpit open source. A code injection vulnerability exists in Cockpit 2.11.3 and earlier versions, which stems from a cross-site scripting attack due to incorrect manipulation of the parameters name/email in the file /system/users/save...

6.1CVSS4.5AI score0.00289EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/05/23 10:3 a.m.6 views

CVE-2024-29802

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Antoine Hurkmans Football Pool allows Stored XSS.This issue affects Football Pool: from n/a through 2.11.3...

6.5CVSS5.2AI score0.0036EPSS
Exploits0References1
Debian
Debian
added 2025/04/30 9:58 p.m.54 views

[SECURITY] [DLA 4126-2] jinja2 regression update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4126-2 [email protected] https://www.debian.org/lts/security/ Lucas Kanashiro April 30, 2025 https://wiki.debian.org/LTS -...

8.8CVSS7.6AI score0.00465EPSS
Exploits0
OSV
OSV
added 2024/10/13 7:12 p.m.17 views

BIT-MLFLOW-2024-2928 Local File Inclusion (LFI) via URI Fragment Parsing in mlflow/mlflow

A Local File Inclusion LFI vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../'. An attacker can...

7.5CVSS7.4AI score0.21847EPSS
Exploits2References3
CNNVD
CNNVD
added 2024/07/25 12:0 a.m.7 views

VMware Spring Cloud Data Flow 安全漏洞

VMware Spring Cloud Data Flow is a codebase for streaming and batch data processing in microservices from VMware, Inc. A security vulnerability exists in VMware Spring Cloud Data Flow versions 2.11.0 through 2.11.3, which originates from a malicious user with privileged access to the server's API...

9.8CVSS6.6AI score0.35211EPSS
Exploits4References2
CNNVD
CNNVD
added 2024/07/24 12:0 a.m.5 views

Argo CD 安全漏洞

Argo CD is a declarative GitOps continuous delivery tool for Kubernetes open-sourced by the Argo Project. A security vulnerability exists in Argo CD versions 2.6.0 through 2.11.3, which stems from a web terminal that allows a user to obtain a shell inside a running Pod. When an administrator...

6.5CVSS4.7AI score0.00685EPSS
Exploits1References6
CNNVD
CNNVD
added 2024/07/04 12:0 a.m.6 views

Nginx Proxy Manager Security Vulnerability

Nginx Proxy Manager is a Docker container for Nginx Proxy Manager open source. It is used to manage Nginx proxy hosts through a simple and powerful interface. A security vulnerability exists in Nginx Proxy Manager versions prior to 2.11.3, which stems from a vulnerability that allows authenticate...

8.8CVSS6.8AI score0.00882EPSS
Exploits0References4
Rows per page
Query Builder