Lucene search
K

15 matches found

Cvelist
Cvelist
added 2026/06/18 6:39 p.m.15 views

CVE-2026-47846

Bitnami Cassandra container images are affected by a retained default superuser vulnerability. When a custom administrator account is configured via the CASSANDRAUSER environment variable, the container initialization script creates the new superuser account but fails to drop the built-in cassand...

9.8CVSS0.00338EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/09 3:16 p.m.5 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in pypdf-6.7.3-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in pypdf-6.7.3-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-28804 DESCRIPTION: pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.5, an attacker who uses this vulnerability can craft a PDF which...

6.9CVSS5.3AI score0.00399EPSS
Exploits0Affected Software1
vulnersOsv
vulnersOsv
added 2026/05/12 10:25 p.m.10 views

actscene-ocr (>=0.1.3 <=0.1.5), agent-zero (>=0.1.0 <=0.1.2) +76 more potentially affected by CVE-2026-44660 via ujson (>=5.0.0 <=5.12.0)

ujson PYPI version =5.0.0, =0.1.3, =0.1.0, =0.1.0, =0.1.0, =0.1.0a2, =2.2.0, =6.2.0.dev68, =0.1.0, =0.0.23, =0.1.0, =2.0.12, =0.0.59, =0.1.0, =8.124.0, =8.125.0 and more Source cves: CVE-2026-44660 Source advisory: SNYK:PYTHON-UJSON-16643463...

8.7CVSS5.4AI score0.00421EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2026/05/07 3:49 a.m.8 views

CVE-2026-40982

Spring Cloud Config allows applications to serve arbitrary text and binary files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack. Spring Cloud Config 3.1.x: affected from...

9.1CVSS5.9AI score0.00727EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/29 5:13 p.m.7 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in cryptography-46.0.4-cp38-abi3-manylinux_2_34_x86_64.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in cryptography-46.0.4-cp38-abi3-manylinux234x8664.whl Vulnerability Details CVEID:CVE-2026-26007 DESCRIPTION: cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to 46.0.5,...

8.2CVSS7.2AI score0.00341EPSS
Exploits0Affected Software1
CVE
CVE
added 2025/12/11 1:16 a.m.11 views

CVE-2025-67719

Summary: CVE-2025-67719 affects Ibexa’s User Bundle in the Ibexa DXP. Versions 5.0.0-beta1–5.0.3 lack proper password-change validation due to an error introduced during the v4→v5 transition, allowing a logged-in attacker with an unattended session to change a user’s password without knowing the ...

8.5CVSS6.5AI score0.0013EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/09 1:56 p.m.3 views

CVE-2025-36225 IBM Aspera Faspex information disclosure

IBM Aspera 5.0.0 through 5.0.13.1 could disclose sensitive user information from the system to an authenticated user due to an observable discrepancy of returned data...

4.3CVSS5.8AI score0.00209EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2024/12/19 6:31 p.m.8 views

africa.absa:inception-application (>=1.1.0 <=1.2.0), africa.absa:inception-test (>=1.1.0 <=1.2.0) +2757 more potentially affected by CVE-2024-38819 via org.springframework:spring-webflux (>=5.0.0.RELEASE <=5.3.39)

org.springframework:spring-webflux MAVEN version =5.0.0.RELEASE, =1.1.0, =1.1.0, =0.5.0, =0.5.0, =0.5.0, =j8.2.2.0, =0.0.1, =v0.3.12, =v0.3.12, =v0.3.12, =2.1.2.RELEASE, =4.1.36, =4.1.7, =4.7.1 - br.com.m4rc310:br-com-m4rc310-graphql =1.0.1 - br.com.m4rc310:br-com-m4rc310-libs =1.0.1 and more...

7.5CVSS6.6AI score0.54862EPSS
Exploits6
OSV
OSV
added 2024/12/06 12:30 p.m.2 views

GHSA-M9G8-FXXM-XG86 Django SQL injection in HasKey(lhs, rhs) on Oracle

An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection if untrusted data is used as an lhs value. Applications that use the...

9.8CVSS7.2AI score0.01424EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/05/31 12:0 a.m.4 views

PT-2024-20119 · Unifier +1 · Unifier +1

Name of the Vulnerable Software and Affected Versions: Unifier and Unifier Cast versions 5.0 or later Description: The issue is related to incorrect default permissions. If exploited, it may allow arbitrary code execution with LocalSystem privilege, potentially leading to the installation of...

7.8CVSS8AI score0.0017EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2024/02/28 10:15 p.m.2 views

CVE-2023-45859

In Hazelcast through 4.1.10, 4.2 through 4.2.8, 5.0 through 5.0.5, 5.1 through 5.1.7, 5.2 through 5.2.4, and 5.3 through 5.3.2, some client operations don't check permissions properly, allowing authenticated users to access data stored in the cluster...

7.6CVSS7.1AI score0.00503EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/10/27 12:0 a.m.4 views

Vinchin Backup and Recovery Security Vulnerabilities

Vinchin Backup and Recovery is an easy-to-use, safe and reliable virtual machine data protection software from China Yunqi Technology Vinchin. It is used for backup and recovery. A security vulnerability exists in Vinchin Backup and Recovery that stems from the presence of a command injection...

9.8CVSS7.4AI score0.20477EPSS
Exploits3References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:18 a.m.5 views

SUSE CVE-2005-1974

Unspecified vulnerability in Java 2 Platform, Standard Edition J2SE 5.0 and 5.0 Update 1 and J2SE 1.4.2 up to 1.4.207, as used in multiple products and platforms including 1 HP-UX and 2 APC PowerChute, allows applications to assign permissions to themselves and gain privileges...

5.1CVSS7.1AI score0.02437EPSS
Exploits0References5
CNVD
CNVD
added 2018/05/02 12:0 a.m.5 views

IBM API Connect Cross-Site Scripting Vulnerability (CNVD-2018-08943)

IBM API Connect aka APIConnect is an integrated solution for managing the API lifecycle from IBM USA. The solution supports creating, running, managing and securing APIs, microservices and more. A cross-site scripting vulnerability exists in IBM API Connect versions 5.0.0.0 through 5.0.6.5, 5.0.7...

5.4CVSS6AI score0.00968EPSS
Exploits0References1
CNVD
CNVD
added 2017/08/14 12:0 a.m.4 views

Fortinet FortiManager SQL Injection Vulnerability

Fortinet FortiManager is a centralized network security management platform from Fortinet. The platform supports centralized management of any number of Fortinet devices and can group devices into different management domains ADOM to further simplify multi-device security deployment and managemen...

9.8CVSS10AI score0.02343EPSS
Exploits0References1
Rows per page
Query Builder