Lucene search
K

14 matches found

Cvelist
Cvelist
added 2026/05/25 2:58 p.m.28 views

CVE-2026-42782 Apache Syncope: Post-auth RCE via Groovy static

Improper Isolation or Compartmentalization vulnerability in Apache Syncope. An administrator with adequate entitlements for Implementations can create a malicious Groovy class containing untrusted code reaching a non-sandboxed execution path via the class static initializer. This issue affects...

0.00652EPSS
Exploits0References1
NVD
NVD
added 2026/05/21 8:16 a.m.16 views

CVE-2026-44069

An integer underflow in the volxlate function in Netatalk 3.0.0 through 4.4.2 allows a local privileged user to obtain limited information, modify limited data, or cause a minor service disruption via crafted volume translation input...

3.9CVSS0.00094EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/21 12:50 a.m.5 views

CVE-2026-39386

Neko is a a self-hosted virtual browser that runs in Docker and uses WebRTC In versions 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1, any authenticated user can immediately obtain full administrative control of the entire Neko instance member management, room settings, broadcast control, session...

8.8CVSS5.7AI score0.00437EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.10 views

PT-2026-29856

Name of the Vulnerable Software and Affected Versions Rack versions 3.0.0.beta1 through 3.1.21 and versions 3.2.0 through 3.2.6 Description Rack’s Rack::Multipart::Parserhandle mime head function parses quoted multipart parameters using repeated Stringindex searches and Stringslice! operations...

7.5CVSS5.7AI score0.00475EPSS
Exploits2References23
Vulnrichment
Vulnrichment
added 2026/02/03 12:33 p.m.5 views

CVE-2025-7760 Reflected XSS in Ofisimo's Association Web Package Flora

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Ofisimo Web-Based Software Technologies Association Web Package Flora allows XSS Through HTTP Headers. This issue affects Association Web Package Flora: from v3.0 through 03022026. NOTE: The...

7.6CVSS5.4AI score0.00282EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 11:22 a.m.6 views

CVE-2021-22866

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to create a GitHub Ap...

8.8CVSS6.9AI score0.01045EPSS
Exploits0References1
CVE
CVE
added 2025/08/13 5:2 p.m.23 views

CVE-2025-2180

The CVE-2025-2180 entry describes an unsafe deserialization vulnerability in Palo Alto Networks Checkov by Prisma Cloud. Affected product: Checkov (in Prisma Cloud) versions prior to 3.2.415. Vulnerable component: the deserialization process when scanning Terraform files. Root cause: unsafe deser...

4.8CVSS7.9AI score0.0017EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/20 12:0 a.m.5 views

PT-2024-33466 · Unknown · Photo Gallery Builder

Name of the Vulnerable Software and Affected Versions: Photo Gallery Builder versions 3.0 and earlier Description: The issue is related to a broken access control for subscribers in Photo Gallery Builder. This allows unauthorized access, potentially leading to data breaches or other security...

8.8CVSS6.9AI score0.00409EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/07/05 12:0 a.m.5 views

PT-2024-22002 · Unknown · Eskooly Free Online School Management

Name of the Vulnerable Software and Affected Versions: Eskooly Free Online School management Software versions 3.0 and earlier Description: An issue in the authentication mechanism allows a remote attacker to escalate privileges. Recommendations: For versions 3.0 and earlier, update to a version...

9.8CVSS7.5AI score0.00564EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/06/01 12:0 a.m.5 views

PT-2023-3095 · Abb · Aspect-Enterprise Asp-Ent-X +19

Name of the Vulnerable Software and Affected Versions: ASPECT®-Enterprise versions 3.0;0 through 3.07.0 NEXUS Series versions 3.0;0 through 3.07.0 MATRIX Series versions 3.0;0 through 3.07.1 Description: The issue is related to improper input validation, which allows command injection. This can...

10CVSS8.5AI score0.0136EPSS
Exploits2References8
vulnersOsv
vulnersOsv
added 2021/12/09 7:9 p.m.7 views

alcali (>=2018.3.4 <=3000.1.0), archivebox (>=0.4.6 <=0.4.21) +220 more potentially affected by CVE-2021-44420 via django (>=3.0.0 <=3.1.13)

django PYPI version =3.0.0, =2018.3.4, =0.4.6, =1.0.0, =0.1.0, =0.1.0, =0.1.3, =0.1.3, =0.18.0, =0.3.0, =2.8.0, =0.0.1, =0.0.32, =0.0.33 and more Source cves: CVE-2021-44420 Source advisory: OSV:GHSA-V6RH-HP5X-86RV...

7.5CVSS7AI score0.02295EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2021/03/04 12:0 a.m.3 views

PT-2021-16921 · Joomla · Joomla!

Name of the Vulnerable Software and Affected Versions: Joomla! versions 3.0.0 through 3.9.24 Description: An issue was discovered where extracting a specifically crafted zip package could write files outside of the intended path. Recommendations: For Joomla! versions 3.0.0 through 3.9.24, update ...

5.5CVSS6.8AI score0.01161EPSS
Exploits0References8
CNVD
CNVD
added 2019/09/18 12:0 a.m.5 views

IBM Security Key Lifecycle Manager Weak Password Policy Vulnerability

IBM Security Key Lifecycle Manager Tivoli Key Lifecycle Manager is a set of key lifecycle management software from IBM in the United States. The software provides key storage, key maintenance and key lifecycle management for storage devices. A weak password policy vulnerability exists in IBM...

7.5CVSS6.8AI score0.01484EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2018/10/19 5:43 p.m.3 views

as.leap:vertx-rpc (>=3.0.0 <=3.3.8), be.fluid-it.reactive-microservice.bundle:bootique-vertx (>=0.1-0 <=0.1-8) +1062 more potentially affected by CVE-2018-12537 via io.vertx:vertx-core (>=3.0.0 <=3.5.1)

io.vertx:vertx-core MAVEN version =3.0.0, =3.0.0, =0.1-0, =0.1-0, =1.2.1, =3.0.5, =1.0.0, =0.4.2, =0.4.2, =0.4.2, =0.4.2, =0.4.5 and more Source cves: CVE-2018-12537 Source advisory: OSV:GHSA-6CW8-7J6C-HCCP...

5.3CVSS6.4AI score0.02482EPSS
Exploits0
Rows per page
Query Builder