Lucene search
+L

559 matches found

CVE
CVE
added 2025/09/15 12:0 a.m.145 views

CVE-2025-59375

Summary: CVE-2025-59375 affects libexpat in Expat before 2.7.2. A small XML document can trigger large dynamic memory allocations, per multiple security advisories. Affected software: libexpat (Expat) prior to version 2.7.2. Impact (as stated): Attackers may cause large memory allocations; impact...

7.5CVSS6.4AI score0.01279EPSS
Exploits1References9Affected Software1
Positive Technologies
Positive Technologies
added 2025/09/14 12:0 a.m.7 views

PT-2025-37445

Name of the Vulnerable Software and Affected Versions Expat versions prior to 2.7.2 Description libexpat allows attackers to trigger large dynamic memory allocations via a small document submitted for parsing. This can lead to crashes or unpredictable behavior. Recommendations Update to a version...

9.8CVSS6.3AI score0.01279EPSS
Exploits1References345
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.1 views

Linux Distros Unpatched Vulnerability : CVE-2019-1010275

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - helm Before 2.7.2 is affected by: CWE-295: Improper Certificate Validation. The impact is: Unauthorized clients could connect to the server because self-signed...

9.8CVSS7.3AI score0.01358EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/09 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2018-9989

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in sslparseserverpskhint that could cause a crash on invalid input...

7.5CVSS6.9AI score0.02173EPSS
Exploits0References2
NVD
NVD
added 2025/06/18 4:15 p.m.14 views

CVE-2025-44952

A missing length check in ogspfcpsubnetadd function from PFCP library, used by both smf and upf in open5gs 2.7.2 and earlier, allows a local attacker to cause a Buffer Overflow by changing the session.dnn field with a value with length greater than 101...

7.8CVSS0.00192EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/05/23 10:48 a.m.27 views

CVE-2024-43214

Missing Authorization vulnerability in Saad Iqbal myCred mycred.This issue affects myCred: from n/a through = 2.7.2...

5.3CVSS5.9AI score0.00265EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:28 a.m.15 views

CVE-2024-43353

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Saad Iqbal myCred mycred.This issue affects myCred: from n/a through = 2.7.2...

6.5CVSS5.9AI score0.00245EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:15 a.m.7 views

CVE-2024-3867

The archive-tainacan-collection theme for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in version 2.7.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if...

6.1CVSS6.5AI score0.00818EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:13 a.m.8 views

CVE-2024-35232

github.com/huandu/facebook is a Go package that fully supports the Facebook Graph API with file upload, batch request and marketing API. accesstoken can be exposed in error message on fail in HTTP request. This issue has been patched in version 2.7.2...

3.7CVSS4.2AI score0.00504EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:55 a.m.12 views

CVE-2023-42780

Apache Airflow, versions prior to 2.7.2, contains a security vulnerability that allows authenticated users of Airflow to list warnings for all DAGs, even if the user had no permission to see those DAGs. It would reveal the dagids and the stack-traces of import errors for those DAGs with import...

6.5CVSS6.5AI score0.01071EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 3:22 a.m.14 views

CVE-2023-51519

Missing Authorization vulnerability in Soliloquy Team Slider by Soliloquy.This issue affects Slider by Soliloquy: from n/a through 2.7.2...

4.3CVSS6.9AI score0.00372EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 9:53 p.m.6 views

CVE-2022-36014

TensorFlow is an open source platform for machine learning. When mlir::tfg::TFOp::nameAttr receives null type list attributes, it crashes. We have patched the issue in GitHub commits 3a754740d5414e362512ee981eefba41561a63a6 and a0f0b9a21c9270930457095092f558fbad4c03e5. The fix will be included in...

7.5CVSS6.8AI score0.0058EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 9:53 p.m.11 views

CVE-2022-36027

TensorFlow is an open source platform for machine learning. When converting transposed convolutions using per-channel weight quantization the converter segfaults and crashes the Python process. We have patched the issue in GitHub commit aa0b852a4588cea4d36b74feb05d93055540b450. The fix will be...

7.5CVSS6.8AI score0.00619EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/04/22 12:0 a.m.5 views

Open5GS 安全漏洞

Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. An input validation error vulnerability exists in Open5GS v2.7.2 and earlier versions, which stems from a PFCP session parameter validation failure, and can be exploited b...

7.5CVSS6.7AI score0.00395EPSS
Exploits1References1
NVD
NVD
added 2025/04/09 5:15 p.m.9 views

CVE-2025-32489

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tim Wetterwarner wetterwarner allows Stored XSS.This issue affects Wetterwarner: from n/a through = 2.7.3...

5.9CVSS0.00384EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/09 4:9 p.m.5 views

CVE-2025-32489 WordPress Wetterwarner <= 2.7.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tim Wetterwarner allows Stored XSS. This issue affects Wetterwarner: from n/a through 2.7.2...

5.9CVSS5.7AI score0.00384EPSS
Exploits0References1
CVE
CVE
added 2025/04/09 4:9 p.m.55 views

CVE-2025-32489

CVE-2025-32489 refers to a Stored Cross-Site Scripting vulnerability in Wetterwarner (WordPress plugin) that affects Wetterwarner

5.9CVSS7.2AI score0.00384EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/09 12:0 a.m.11 views

PT-2025-15770 · Unknown · Wetterwarner

Name of the Vulnerable Software and Affected Versions: Wetterwarner versions n/a through 2.7.2 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Stored XSS. This enables potential attackers to inject...

5.9CVSS6.3AI score0.00384EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/04/09 12:0 a.m.4 views

Schneider Electric Trio Q Licensed Data Radio 安全漏洞

Schneider Electric Trio Q Licensed Data Radio is a radio from Schneider Electric France. A security vulnerability exists in Schneider Electric Trio Q Licensed Data Radio versions prior to v2.7.2, which stems from an insecure resource initialization that could lead to unauthorized access...

6.8CVSS6.4AI score0.00239EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/03/27 12:0 a.m.12 views

Amazon Linux 2 : python-jinja2 (ALAS-2025-2792)

The version of python-jinja2 installed on the remote host is prior to 2.7.2-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2792 advisory. Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with...

8.8CVSS7.9AI score0.00476EPSS
Exploits0References4
Rows per page
Query Builder