Lucene search
K

37 matches found

NVD
NVD
added 2026/07/02 12:17 p.m.9 views

CVE-2026-57761

Unauthenticated Cross Site Request Forgery CSRF in SEOWP = 3.12.2 versions...

7.1CVSS0.00094EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:16 a.m.18 views

CVE-2026-57761

CVE-2026-57761 concerns the WordPress theme SEOWP, affected in versions <= 3.12.2. The vulnerability is described as Unauthenticated CSRF . Several connected sources also frame the issue as a CSRF leading to Stored XSS in SEOWP

7.1CVSS5.8AI score0.00094EPSS
Exploits0References1
OSV
OSV
added 2026/07/01 5:16 p.m.4 views

DEBIAN-CVE-2026-12480

Keras versions up to and including 3.13.2 are vulnerable to an arbitrary HDF5 file read due to an incomplete fix for CVE-2026-1669. The vulnerability resides in the H5IOStore.verifydataset and fileeditor.py methods, which fail to check the dataset.isvirtual property of HDF5 datasets. This allows ...

5.5CVSS6.2AI score0.00127EPSS
Exploits0References1
NVD
NVD
added 2026/07/01 5:16 p.m.6 views

CVE-2026-12480

Keras versions up to and including 3.13.2 are vulnerable to an arbitrary HDF5 file read due to an incomplete fix for CVE-2026-1669. The vulnerability resides in the H5IOStore.verifydataset and fileeditor.py methods, which fail to check the dataset.isvirtual property of HDF5 datasets. This allows ...

5.5CVSS0.00127EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/01 4:53 p.m.6 views

CVE-2026-12480

Keras versions up to and including 3.13.2 are vulnerable to an arbitrary HDF5 file read due to an incomplete fix for CVE-2026-1669. The vulnerability resides in the H5IOStore.verifydataset and fileeditor.py methods, which fail to check the dataset.isvirtual property of HDF5 datasets. This allows ...

5.5CVSS6.2AI score0.00127EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 4:53 p.m.7 views

EUVD-2026-41090

Keras versions up to and including 3.13.2 are vulnerable to an arbitrary HDF5 file read due to an incomplete fix for CVE-2026-1669. The vulnerability resides in the H5IOStore.verifydataset and fileeditor.py methods, which fail to check the dataset.isvirtual property of HDF5 datasets. This allows ...

7.5CVSS6.2AI score0.00298EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/23 3:30 p.m.11 views

EUVD-2026-14425

A vulnerability was found in HybridAuth up to 3.12.2. This issue affects some unknown processing of the file src/HttpClient/Curl.php of the component SSL Handler. The manipulation of the argument curlOptions results in improper certificate validation. The attack can be launched remotely. This...

6.3CVSS5.3AI score0.00181EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.3 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002228)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002228 advisory. Multiple race conditions in ipc/shm.c in the Linux kernel before 3.12.2 allow local users to cause a denial of service use-after-free and system crash or possibly ha...

4.7CVSS7.1AI score0.00413EPSS
Exploits1References8
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Happy Addons for Elementor plugin <= 3.12.2 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Happy Addons for Elementor versions = 3.12.2...

6.4CVSS5.3AI score0.00292EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/11/10 3:30 a.m.4 views

EUVD-2025-38724

A vulnerability was found in OpenClinica Community Edition up to 3.12.2/3.13. This affects an unknown part of the file /ImportCRFData?action=confirm of the component CRF Data Import. Performing manipulation of the argument xmlfile results in path traversal. The attack can be initiated remotely. T...

6.5CVSS6.1AI score0.00525EPSS
Exploits0References6
NVD
NVD
added 2025/11/10 12:15 a.m.6 views

CVE-2025-12921

A vulnerability has been found in OpenClinica Community Edition up to 3.12.2/3.13. Affected by this issue is some unknown functionality of the file /ImportCRFData?action=confirm of the component CRF Data Import. Such manipulation of the argument xmlfile leads to xml injection. It is possible to...

8.8CVSS0.00517EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/11/10 12:0 a.m.5 views

OpenClinica Community Edition 路径遍历漏洞

OpenClinica Community Edition is a clinical data management system from OpenClinica, Inc. A path traversal vulnerability exists in OpenClinica Community Edition versions 3.12.2 and earlier and 3.13 and earlier, which stems from incorrect manipulation of the parameter xmlfile in the file...

8.8CVSS6.3AI score0.00525EPSS
Exploits0References6
CVE
CVE
added 2025/11/09 11:32 p.m.17 views

CVE-2025-12921

OpenClinica Community Edition vulnerable to XML injection in CRF Data Import, via /ImportCRFData?action=confirm with manipulated xml_file. Affected versions: up to 3.12.2/3.13. Attacker could exploit remotely; exploit has been disclosed publicly. Remediation is to upgrade to a newer release (vers...

8.8CVSS6.5AI score0.00517EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/09 12:0 a.m.7 views

PT-2025-45583

Name of the Vulnerable Software and Affected Versions OpenClinica Community Edition versions up to 3.12.2/3.13 Description A flaw exists in OpenClinica Community Edition that allows for XML injection. This issue is related to the processing of the xml file argument within the...

5.3CVSS6.4AI score0.00517EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2025/11/07 5:20 a.m.7 views

CVE-2025-64343 (conda) Constructor: Excessive permissions during and after installation

conda Constructor is a tool that enables users to create installers for conda package collections. In versions 3.12.2 and below, the installation directory inherits permissions from its parent directory. Outside of restricted directories, the permissions are very permissive and often allow write...

7.8CVSS6AI score0.00117EPSS
Exploits0References3
OSV
OSV
added 2025/11/07 5:20 a.m.7 views

CVE-2025-64343 (conda) Constructor: Excessive permissions during and after installation

conda Constructor is a tool that enables users to create installers for conda package collections. In versions 3.12.2 and below, the installation directory inherits permissions from its parent directory. Outside of restricted directories, the permissions are very permissive and often allow write...

7.8CVSS6.4AI score0.00117EPSS
Exploits0References5
Snyk
Snyk
added 2025/09/05 10:41 p.m.2 views

Improper Resource Shutdown or Release

Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release after establishing a TLS session. An attacker can cause excessive CPU utilization by initiating a half-shutdown of the connection during the handshake, leading the peer to enter a spin loop on socke...

8.7CVSS6.3AI score0.00398EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/05 10:41 p.m.4 views

Improper Resource Shutdown or Release

Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release after establishing a TLS session. An attacker can cause excessive CPU utilization by initiating a half-shutdown of the connection during the handshake, leading the peer to enter a spin loop on socke...

8.7CVSS6.3AI score0.00398EPSS
Exploits0References2
NVD
NVD
added 2025/09/05 10:15 p.m.67 views

CVE-2025-58369

fs2 is a compositional, streaming I/O library for Scala. Versions up to and including 2.5.12, 3.0.0-M1 through 3.12.2, and 3.13.0-M1 through 3.13.0-M6 are vulnerable to denial of service attacks though TLS sessions using fs2-io on the JVM using the fs2.io.net.tls package. When establishing a TLS...

5.3CVSS0.00398EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/09/25 12:0 a.m.5 views

WordPress plugin Happy Addons 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

4.3CVSS5.9AI score0.00414EPSS
Exploits0References4
Rows per page
Query Builder