Lucene search
K

18 matches found

Vulnrichment
Vulnrichment
added 2026/05/12 9:30 p.m.12 views

CVE-2026-44306 Statamic: Email enumeration via forgot password endpoint

Statamic is a Laravel and Git powered content management system CMS. Prior to 5.73.21 and 6.15.0, responses from the forgot password forms hinted at whether an account existed for a given email address. An unauthenticated attacker could use this to enumerate valid users, which can aid in follow-u...

5.3CVSS5.8AI score0.00206EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

Statamic 安全漏洞

Statamic is a powerful flat-file CMS built using Laravel by Statamic Inc. It allows all content, templates, assets, and settings to be stored in files rather than in a database. There were security vulnerabilities in versions prior to Statamic 5.73.21 and 6.15.0, where the password form’s respons...

5.3CVSS5.8AI score0.00206EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/06 8:54 p.m.11 views

Statamic CMS vulnerable to email enumeration via forgot password endpoint

Impact Responses from the forgot password forms hinted at whether an account existed for a given email address. An unauthenticated attacker could use this to enumerate valid users, which can aid in follow-up credential-based attacks. Patches This has been fixed in 5.73.21 and 6.15.0. The forgot...

5.3CVSS5.8AI score0.00206EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.22 views

PT-2026-38302

Name of the Vulnerable Software and Affected Versions Statamic versions prior to 5.73.21 Statamic versions prior to 6.15.0 Description Responses from the forgot password forms reveal whether an account exists for a specific email address. This allows an unauthenticated attacker to perform user...

5.3CVSS5.8AI score0.00206EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/10 6:31 p.m.4 views

EUVD-2025-208504

A deserialization vulnerability in LimeSurvey before v6.15.0+250623 allows a remote attacker to execute arbitrary code on the server...

9.8CVSS6.2AI score0.00852EPSS
Exploits0References3
NVD
NVD
added 2026/03/10 6:17 p.m.6 views

CVE-2025-56422

A deserialization vulnerability in LimeSurvey before v6.15.0+250623 allows a remote attacker to execute arbitrary code on the server...

9.8CVSS0.00852EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/22 12:0 a.m.11 views

PT-2025-34408 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.15.0+ Description: The Linux kernel contains a flaw within the rtw89 driver related to a lockdep assertion in the rtw89 set sar from acpi function. The assertion was triggered during driver startup and has bee...

7AI score0.00128EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/07/10 12:0 a.m.5 views

PT-2025-29046

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.15.0-rc7 Description: A flaw was discovered in the Linux kernel related to the MPLS Multiprotocol Label Switching implementation. Specifically, the mpls route input rcu function could be called from within an...

5.5CVSS7.1AI score0.00178EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/07/04 12:0 a.m.3 views

PT-2025-27999

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.15.0 Description: A vulnerability in the Linux kernel has been resolved, related to the kvaser pciefd driver. The issue involves the echo skb max handling logic, which defines the supported upper limit of echo...

7.1CVSS6.4AI score0.0014EPSS
Exploits0
OSV
OSV
added 2024/09/30 3:58 p.m.35 views

RHSA-2024:2010 Red Hat Security Advisory: Satellite 6.15.0 release

Bulletin has no description...

7.6CVSS6.3AI score0.76875EPSS
Exploits23References327
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.62 views

RHEL 8 : Satellite 6.15.0 (Important) (RHSA-2024:2010)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2010 advisory. For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the...

7.6CVSS6.9AI score0.76875EPSS
Exploits23References274
Microsoft CVE
Microsoft CVE
added 2021/06/06 7:0 a.m.6 views

Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request then data can be provided which will trigger a second unexpected and user-defined HTTP request to made to the same server.

...

7.5CVSS9.3AI score0.04612EPSS
Exploits0
CNVD
CNVD
added 2020/04/22 12:0 a.m.3 views

Atlassian Confluence Server Cross-Site Scripting Vulnerability (CNVD-2020-52943)

Atlassian Confluence Server is a suite of specialized enterprise knowledge management and collaboration software from Atlassian Australia that can also be used to build enterprise WiKi. A cross-site scripting vulnerability exists in the Attachment Upload feature in Atlassian Confluence Server...

6.1CVSS6.3AI score0.01085EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/04/18 5:21 p.m.28 views

CVE-2019-3398

Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has 'Admin' permissions for a space can exploit this pat...

8.9AI score0.97153EPSS
Exploits10References6
OpenVAS
OpenVAS
added 2018/11/29 12:0 a.m.28 views

Node.js 'debugger' Privilege Escalation Vulnerability - Mac OS X

Node.js is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js";...

8.1CVSS8.2AI score0.04277EPSS
Exploits0References1
OSV
OSV
added 2018/11/28 5:29 p.m.18 views

UBUNTU-CVE-2018-12122

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service DoS by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time...

7.5CVSS6.8AI score0.41288EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2018/11/28 5:0 p.m.29 views

CVE-2018-12120

Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with node --debug or node debug, it listens to port 5858 on all interfaces by default. This may allow remote computers to attach to the debug port and evaluate...

8.1CVSS7.5AI score0.04277EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2018/05/25 12:0 a.m.4 views

PT-2018-11027 · Node.Js +2 · Node.Js +2

Name of the Vulnerable Software and Affected Versions: Node.js versions prior to 6.15.0 Description: The issue allows remote computers to attach to the debug port and evaluate arbitrary JavaScript when the debugger is enabled with node --debug or node debug, as it listens on all interfaces by...

8.1CVSS6.6AI score0.41288EPSS
Exploits4References67
Rows per page
Query Builder