Lucene search
+L

20 matches found

cve
cve
added 4 days ago15 views

CVE-2026-15478

IceHRM

6.5CVSS6.4AI score0.00192EPSS
Exploits0References5
osv
osv
added 2026/06/05 12:17 a.m.15 views

DEBIAN-CVE-2026-50589

In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash...

7.5CVSS5.5AI score0.00433EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/04 12:0 a.m.22 views

PT-2026-46840

Name of the Vulnerable Software and Affected Versions OpenStack Ironic versions 32 through 35.0.1 Description An unauthenticated malicious user can cause a service crash by submitting a crafted JSON string to certain endpoints on the API or JSON-RPC service. Recommendations Update OpenStack Ironi...

7.5CVSS5.5AI score0.00433EPSS
Exploits0References21
osv
osv
added 2026/05/05 7:16 p.m.7 views

UBUNTU-CVE-2026-42997

An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-limited Keystone token which provides access to all OpenStack services Ironic is authorized for; o...

7.7CVSS5.8AI score0.0044EPSS
Exploits0References4
ubuntucve
ubuntucve
added 2026/05/05 7:16 p.m.7 views

CVE-2026-42997

An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-limited Keystone token which provides access to all OpenStack services Ironic is authorized for; o...

7.7CVSS5.8AI score0.0044EPSS
Exploits0References3
osv
osv
added 2026/05/05 12:0 a.m.2 views

CVE-2026-42997

An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-limited Keystone token which provides access to all OpenStack services Ironic is authorized for; o...

7.7CVSS6AI score0.0044EPSS
Exploits0References9
debiancve
debiancve
added 2026/05/05 12:0 a.m.11 views

CVE-2026-42997

An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-limited Keystone token which provides access to all OpenStack services Ironic is authorized for; o...

7.7CVSS5.8AI score0.0044EPSS
Exploits0
nessus
nessus
added 2026/05/05 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-42997

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote...

7.7CVSS6.1AI score0.0044EPSS
Exploits0References3
snyk
snyk
added 2026/04/28 6:30 a.m.8 views

Unsafe Dependency Resolution

Overview ironic is an OpenStack Bare Metal Provisioning Affected versions of this package are vulnerable to Unsafe Dependency Resolution in the ipmitool process when a non-default configuration enables a console interface. An attacker can execute unauthorized commands by leveraging access to the...

7.5CVSS5.9AI score0.0057EPSS
Exploits0References2
osv
osv
added 2026/04/28 6:16 a.m.5 views

DEBIAN-CVE-2026-42510

OpenStack Ironic before 35.0.1 allows ipmitool execution in a non-default configuration that has a console interface...

7.2CVSS5.6AI score0.0057EPSS
Exploits0References1
nessus
nessus
added 2025/09/10 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2022-31175

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CKEditor 5 is a JavaScript rich text editor. A cross-site scripting vulnerability has been discovered affecting three optional CKEditor 5's packages in versions...

5.8CVSS6.1AI score0.006EPSS
Exploits0References2
redhatcve
redhatcve
added 2025/05/23 1:2 a.m.5 views

CVE-2022-31175

CKEditor 5 is a JavaScript rich text editor. A cross-site scripting vulnerability has been discovered affecting three optional CKEditor 5's packages in versions prior to 35.0.1. The vulnerability allowed to trigger a JavaScript code after fulfilling special conditions. The affected packages are...

5.8CVSS5.8AI score0.006EPSS
Exploits0References1
github
github
added 2022/08/06 9:40 a.m.29 views

CKEditor5 cross-site scripting vulnerability caused by the editor instance destroying process

Affected packages @ckeditor/ckeditor5-markdown-gfm @ckeditor/ckeditor5-html-support @ckeditor/ckeditor5-html-embed Impact A cross-site scripting vulnerability has been discovered affecting three optional CKEditor 5's packages. The vulnerability allowed to trigger a JavaScript code after fulfillin...

5.8CVSS4.8AI score0.006EPSS
Exploits0References6Affected Software3
osv
osv
added 2022/08/06 9:40 a.m.17 views

GHSA-42WQ-RCH8-6F6J CKEditor5 cross-site scripting vulnerability caused by the editor instance destroying process

Affected packages @ckeditor/ckeditor5-markdown-gfm @ckeditor/ckeditor5-html-support @ckeditor/ckeditor5-html-embed Impact A cross-site scripting vulnerability has been discovered affecting three optional CKEditor 5's packages. The vulnerability allowed to trigger a JavaScript code after fulfillin...

5.8CVSS4.7AI score0.006EPSS
Exploits0References6
openvas
openvas
added 2022/08/04 12:0 a.m.14 views

CKEditor 5 < 35.0.1 XSS Vulnerability - Windows

CKEditor 5 is prone to a cross-site scripting XSS vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

5.8CVSS4.6AI score0.006EPSS
Exploits0References1
nvd
nvd
added 2022/08/03 7:15 p.m.15 views

CVE-2022-31175

CKEditor 5 is a JavaScript rich text editor. A cross-site scripting vulnerability has been discovered affecting three optional CKEditor 5's packages in versions prior to 35.0.1. The vulnerability allowed to trigger a JavaScript code after fulfilling special conditions. The affected packages are...

5.8CVSS0.006EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2022/08/03 7:5 p.m.6 views

CVE-2022-31175 Cross-site scripting caused by the editor instance destroying process in ckeditor5

CKEditor 5 is a JavaScript rich text editor. A cross-site scripting vulnerability has been discovered affecting three optional CKEditor 5's packages in versions prior to 35.0.1. The vulnerability allowed to trigger a JavaScript code after fulfilling special conditions. The affected packages are...

5.8CVSS5.3AI score0.006EPSS
Exploits0References4
cvelist
cvelist
added 2022/08/03 7:5 p.m.18 views

CVE-2022-31175 Cross-site scripting caused by the editor instance destroying process in ckeditor5

CKEditor 5 is a JavaScript rich text editor. A cross-site scripting vulnerability has been discovered affecting three optional CKEditor 5's packages in versions prior to 35.0.1. The vulnerability allowed to trigger a JavaScript code after fulfilling special conditions. The affected packages are...

5.8CVSS5.5AI score0.006EPSS
Exploits0References4
nessus
nessus
added 2015/02/02 12:0 a.m.7 views

Fedora 21 : firefox-35.0.1-3.fc21 (2015-1404)

New upstream - 35.0.1 Enabled click-to-play for flash by default due to live and exploited 0-day flash vulnerability. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and forma...

5.5AI score
Exploits0References2
oraclelinux
oraclelinux
added 2011/03/02 12:0 a.m.50 views

thunderbird security update

1.5.0.12-35.0.1.el4 - Add thunderbird-oracle-default-prefs.js for errata rebuild and remove thunderbird-redhat-default-prefs.js Replaced clean.gif in tarball 1.5.0.12-35 - Added fixes from 1.9.1.17...

10CVSS3AI score0.05787EPSS
Exploits1
Rows per page
Query Builder