Lucene search
K

35 matches found

CVE
CVE
added 2026/06/26 12:16 p.m.8 views

CVE-2025-64152

CVE-2025-64152 describes a Path Traversal vulnerability in Apache IoTDB. Affected versions are IoTDB 1.0.0 up to but not including 1.3.6, and 2.0.0 up to but not including 2.0.7. The issue arises from improper limitation of a pathname to a restricted directory. Remediation recommended by the sour...

9.1CVSS5.7AI score0.00382EPSS
Exploits0References2
CVE
CVE
added 2026/06/02 1:23 p.m.29 views

CVE-2026-9844

The vulnerability CVE-2026-9844 affects Roche Diagnostics navify Digital Pathology, specifically the RabbitMQ Management interface modules, where default credentials are used. Affected versions are navify Digital Pathology 2.0.0 up to (but not including) 2.4.1. The problem is the use of default u...

8.8CVSS5.8AI score0.00239EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/01 7:0 p.m.9 views

CVE-2026-10284 DevaslanPHP project-management Livewire ViewTicket.php doDeleteComment improper authorization

A flaw has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this vulnerability is the function editComment/doDeleteComment of the file app/Filament/Resources/TicketResource/Pages/ViewTicket.php of the component Livewire Handler. Executing a manipulation can lead to...

5.5CVSS5.8AI score0.0023EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.15 views

PT-2026-42426

Name of the Vulnerable Software and Affected Versions Netatalk versions 2.0.0 through 4.4.2 Description An unbounded memory reallocation in the charset conversion code allows a remote authenticated attacker to cause a minor denial of service via crafted character conversion requests...

3.1CVSS5.9AI score0.00318EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/05/12 5:22 p.m.9 views

ace-step (=0.1.0), admetica (>=1.3.0 <=1.4.1) +214 more potentially affected by CVE-2026-31221 via pytorch-lightning (>=2.0.0 <=2.6.0)

pytorch-lightning PYPI version =2.0.0, =1.3.0, =0.8.1, =1.8.15, =1.8.17, =1.8.14, =1.0.0, =0.9.2, =0.1.16, =1.0.1rc1 - anytext-z =0.1.1 - arcagent =0.0.1 - arccmd =0.2.0 and more Source cves: CVE-2026-31221 Source advisory: SNYK:PYTHON-PYTORCHLIGHTNING-16643334...

8.8CVSS5.7AI score0.00385EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/04/13 12:31 p.m.8 views

org.apache.storm:storm-webapp-bin (>=2.0.0 <=2.8.5) potentially affected by CVE-2026-35565 via org.apache.storm:storm-webapp (>=2.0.0 <=2.8.5)

org.apache.storm:storm-webapp MAVEN version =2.0.0, =2.0.0, =2.8.5 Source cves: CVE-2026-35565 Source advisory: SNYK:JAVA-ORGAPACHESTORM-16321660...

5.4CVSS5.8AI score0.00466EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/04/08 5:22 p.m.4 views

CVE-2026-35401 Saleor has a resource exhaustion vulnerability in GraphQL queries

Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a malicious actor can include many GraphQL mutations or queries in a single API call using aliases or chaining multiple mutations, resulting in resource exhaustion. This vulnerability is fixed in...

7.5CVSS5.9AI score0.00268EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/20 9:41 a.m.3 views

CVE-2026-33129

H3 is a minimal HTTP framework. Versions 2.0.1-beta.0 through 2.0.0-rc.8 contain a Timing Side-Channel vulnerability in the requireBasicAuth function due to the use of unsafe string comparison !==. This allows an attacker to deduce the valid password character-by-character by measuring the server...

5.9CVSS5.8AI score0.00319EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/03/09 9:30 a.m.6 views

EUVD-2026-10310

Improper Input Validation vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue...

5.8AI score0.00662EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/09 8:59 a.m.3 views

CVE-2026-24713

Improper Input Validation vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue...

5.8AI score0.00662EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/23 12:0 a.m.6 views

PT-2026-4407

Name of the Vulnerable Software and Affected Versions bPlugins B Accordion versions through 2.0.0 Description A flaw exists in bPlugins B Accordion b-accordion that allows the retrieval of embedded sensitive data due to insertion of sensitive information into sent data. Recommendations Update to ...

5.2AI score0.00276EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/23 12:0 a.m.12 views

PT-2026-4438

Name of the Vulnerable Software and Affected Versions themebeez Simple GDPR Cookie Compliance versions through 2.0.0 Description An issue exists in themebeez Simple GDPR Cookie Compliance where incorrectly configured access control security levels can be exploited, leading to a missing...

5.3CVSS5.3AI score0.00272EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2025/11/28 6:32 a.m.7 views

net.codinux.invoicing:e-invoice (>=0.5.0 <=0.5.2), net.codinux.invoicing:e-invoice-domain-android (>=0.6.0 <=0.8.0) +2 more potentially affected by CVE-2025-66372 via org.mustangproject:library (>=2.0.0 <=2.16.2)

org.mustangproject:library MAVEN version =2.0.0, =0.5.0, =0.6.0, =0.6.0, =2.0.0, =2.16.2 Source cves: CVE-2025-66372 Source advisory: OSV:GHSA-X832-FPVJ-R5PH...

2.8CVSS5.8AI score0.00108EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/10/06 4:51 p.m.2 views

abdelrahman-obfuscate (>=1.0.0 <=1.0.1), abdo (=2.0.0) +252 more potentially affected by CVE-2025-61765 via python-socketio (>=2.0.0 <=5.13.0)

python-socketio PYPI version =2.0.0, =1.0.0, =2.0.0, =2.1.0, =0.1.1, =0.1.2, =0.1.1, =1.0.0, =0.0.2, =4.0.4, =0.1.1, =4.1.0, =0.16.0, =0.20.2 and more Source cves: CVE-2025-61765 Source advisory: SNYK:PYTHON-PYTHONSOCKETIO-13450297...

6.4CVSS5.8AI score0.00446EPSS
Exploits0
CVE
CVE
added 2025/09/04 11:50 p.m.18 views

CVE-2025-58359

Summary: The frost-core (ZF FROST) vulnerability CVE-2025-58359 affects frost-core versions 2.0.0–2.1.0. The issue arises because the refresh shares mechanism in frost_core::keys::refresh did not clearly communicate that changing min_signers would not reduce the threshold, and after refreshing wi...

6CVSS6.2AI score0.00267EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2025/08/20 9:30 p.m.9 views

ai.driftkit:driftkit-context-engineering-spring-ai-starter (>=0.6.0 <=0.8.7), ai.driftkit:driftkit-context-engineering-spring-boot-starter (>=0.5.0 <=0.8.7) +326 more potentially affected by CVE-2025-54988 via org.apache.tika:tika-parser-pdf-module (>=2.0.0-ALPHA <=3.2.1)

org.apache.tika:tika-parser-pdf-module MAVEN version =2.0.0-ALPHA, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.8.3, =0.8.3, =0.8.3, =0.5.0, =0.5.0, =1.2.0, =1.0.3.1-JDK21, =1.0.0, =1.0.0, =1.0, =1.4 and more Source cves: CVE-2025-54988 Source advisory: OSV:GHSA-P72G-PV48-7W9X...

9.8CVSS7.5AI score0.02962EPSS
Exploits4
RedhatCVE
RedhatCVE
added 2025/05/22 6:38 p.m.8 views

CVE-2021-33192

A vulnerability in the HTML pages of Apache Jena Fuseki allows an attacker to execute arbitrary javascript on certain page views. This issue affects Apache Jena Fuseki from version 2.0.0 to version 4.0.0 inclusive...

6.1CVSS7.2AI score0.02881EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/05/14 5:15 p.m.5 views

CVE-2025-47705

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal IFrame Remove Filter allows Cross-Site Scripting XSS.This issue affects IFrame Remove Filter: from 2.0.0 before 2.0.5, from 7.X-1.0 through 7.X-1.5, from 1.0 through 1.2...

6.1CVSS5.9AI score0.00238EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/05/08 8:15 p.m.5 views

UBUNTU-CVE-2025-46336

Rack::Session is a session management implementation for Rack. In versions starting from 2.0.0 to before 2.1.1, when using the Rack::Session::Pool middleware, and provided the attacker can acquire a session cookie already a major issue, the session may be restored if the attacker can trigger a lo...

4.2CVSS7.1AI score0.00282EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2025/02/12 7:23 p.m.11 views

@24hr/content-next (>=1.0.0 <=3.0.17), @akemona-org/strapi (>=3.10.1 <=3.17.2) +775 more potentially affected by CVE-2025-25200 via koa (>=2.0.0 <=2.15.3)

koa NPM version =2.0.0, =1.0.0, =3.10.1, =3.7.0, =4.25.19-patch.1, =0.0.1, =0.3.1, =0.0.1, =0.0.50, =0.0.7, =1.0.1, =0.0.0, =0.4.2-alpha.0, =0.15.0 and more Source cves: CVE-2025-25200 Source advisory: OSV:GHSA-593F-38F6-JP5M...

9.2CVSS6AI score0.00777EPSS
Exploits0
Rows per page
Query Builder