Lucene search
+L

20 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Tomcat9

The “Allocation of Resources Without Limits or Throttling” vulnerability in Apache Tomcat exists. This issue affects Apache Tomcat versions from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, and from 9.0.0.M1 through 9.0.105. The following versions were already at the end of their...

7.5CVSS6.7AI score0.53277EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.19 views

PT-2026-41546

ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function. Attackers can use bitsadmin to download malicious PowerShell scripts and execute them with system privileges to...

9.8CVSS6.5AI score0.00576EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/10 6:47 p.m.4 views

CVE-2026-27217 Substance3D - Painter | NULL Pointer Dereference (CWE-476)

Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to its availability. Exploitation of this issue...

5.5CVSS5.8AI score0.0013EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/04 7:45 p.m.4 views

CVE-2026-1265

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to writing of sensitive Information in a log file...

5.3CVSS5.9AI score0.0019EPSS
Exploits0References1
NVD
NVD
added 2026/01/20 10:15 p.m.22 views

CVE-2026-21942

Vulnerability in the Oracle Solaris product of Oracle Systems component: Filesystems. Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris...

5CVSS0.00114EPSS
Exploits0References1
NVD
NVD
added 2025/12/30 10:15 a.m.6 views

CVE-2025-15242

A vulnerability was detected in PHPEMS up to 11.0. The impacted element is an unknown function of the component Coupon Handler. Performing a manipulation results in race condition. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is regarded as...

3.1CVSS0.00207EPSS
Exploits1References4
NVD
NVD
added 2025/12/04 10:15 p.m.10 views

CVE-2025-12195

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated privileged user to execute arbitrary code via specially crafted IPSec configuration CLI commands.This vulnerability affects Fireware OS 11.0 up to and including 11.12.4+541730, 12.0 up to and includi...

8.6CVSS0.00589EPSS
Exploits0References1
OSV
OSV
added 2025/08/13 3:30 p.m.3 views

GHSA-23HV-MWM6-G8JF Apache Tomcat Session Fixation vulnerability

Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 ...

6.5CVSS5.8AI score0.00831EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2025/08/12 12:0 a.m.7 views

PT-2025-32907 · Adobe · Substance3D - Painter

Name of the Vulnerable Software and Affected Versions: Substance3D - Painter versions 11.0.2 and earlier Description: Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read issue that may lead to the disclosure of sensitive memory. Exploitation of this issue...

5.5CVSS6.7AI score0.00202EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/04/29 2:56 p.m.8 views

SUSE CVE-2025-31651

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those...

7.5CVSS7.5AI score0.0418EPSS
Exploits1References14
CNNVD
CNNVD
added 2023/11/07 12:0 a.m.5 views

Veeam ONE Cross-Site Scripting Vulnerability

Veeam ONE is a suite of IT monitoring and reporting tools from Veeam USA. The product supports features such as backup monitoring, operational status monitoring of virtual and physical environments. A cross-site scripting vulnerability exists in Veeam ONE versions 11, 11a, and 12 that originates...

4.3CVSS5.8AI score0.1232EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/09/17 12:0 a.m.6 views

PT-2023-31527 · Tongda Oa · Tongda Oa

Name of the Vulnerable Software and Affected Versions: Tongda OA versions up to 11.10 Description: A critical issue has been found, affecting the file general/hr/recruit/plan/delete.php. The manipulation of the PLAN ID argument leads to sql injection. Recommendations: For versions up to 11.10,...

8.8CVSS6AI score0.00588EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/04/06 12:0 a.m.11 views

PT-2023-6619 · Oracle +1 · Java +1

Name of the Vulnerable Software and Affected Versions: Adobe LiveCycle ES4 versions 11.0 and earlier Adobe LiveCycle ES4 version 11.0.1 and later with Java environment 7u21 and earlier Description: A Java insecure deserialization vulnerability allows unauthenticated remote attackers to gain...

10CVSS8.1AI score0.014EPSS
Exploits0References8
CNNVD
CNNVD
added 2021/05/03 12:0 a.m.4 views

Google Android 信息泄露漏洞

Google Android is a Linux-based open source operating system from Google Inc. in the United States. An information disclosure vulnerability exists in System 11 in Google Android, which arises from errors such as configuration during operation of a networked system or product. An unauthorized...

5.5CVSS5.8AI score0.00115EPSS
Exploits0References4
OSV
OSV
added 2020/10/02 9:15 p.m.6 views

CVE-2020-5984

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin in which it may have the use-after-free vulnerability while freeing some resources, which may lead to denial of service, code execution, and information disclosure. This affects vGPU version 8.x prior to 8.5, version 10.x prio...

7.8CVSS7.2AI score0.00366EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/07/07 12:0 a.m.9 views

PT-2020-14477 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 11.3 through 13.1.2 Description: The issue is related to Incorrect Access Control in GitLab EE due to the Maven package upload endpoint. This allows for unauthorized access. Recommendations: For GitLab EE versions 11.3...

5.3CVSS4.8AI score0.01059EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2020/04/21 4:34 p.m.4 views

OpenJDK: Incomplete enforcement of algorithm restrictions for TLS (JSSE, 8232424)

Vulnerability in the Java SE product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability...

4.3CVSS7.3AI score0.02298EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/01/02 2:3 p.m.7 views

OpenJDK: Insufficient filtering of HTML event attributes in Javadoc (Javadoc, 8226765)

Vulnerability in the Java SE product of Oracle Java SE component: Javadoc. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful...

4.7CVSS7.4AI score0.0267EPSS
Exploits0References4
OSV
OSV
added 2018/07/18 1:29 p.m.4 views

CVE-2018-3052

Vulnerability in the MICROS Relate CRM Software component of Oracle Retail Applications subcomponent: Internal Operations. Supported versions that are affected are 10.8.x and 11.4.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise MICROS...

6.4CVSS5.8AI score0.0107EPSS
Exploits0References2
OSV
OSV
added 2017/01/27 10:59 p.m.5 views

CVE-2016-8303

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications subcomponent: Core. Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows unauthenticated attacker with...

6.1CVSS7.3AI score0.01379EPSS
Exploits0References3
Rows per page
Query Builder