Lucene search
K

47 matches found

CVE
CVE
added 2026/06/26 12:16 p.m.8 views

CVE-2025-64152

CVE-2025-64152 describes a Path Traversal vulnerability in Apache IoTDB. Affected versions are IoTDB 1.0.0 up to but not including 1.3.6, and 2.0.0 up to but not including 2.0.7. The issue arises from improper limitation of a pathname to a restricted directory. Remediation recommended by the sour...

9.1CVSS5.7AI score0.00382EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.17 views

CVE-2026-3340

IBM Langflow Desktop 1.0.0 through 1.8.4 IBM Langflow is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

6.5CVSS5.5AI score0.00167EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.12 views

CVE-2026-39356

Drizzle is a modern TypeScript ORM. Prior to 0.45.2 and 1.0.0-beta.20, Drizzle ORM improperly escaped quoted SQL identifiers in its dialect-specific escapeName implementations. In affected versions, embedded identifier delimiters were not escaped before the identifier was wrapped in quotes or...

7.5CVSS5.6AI score0.00392EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/05/08 12:0 a.m.11 views

ai.driftkit:driftkit-clients-spring-ai (>=0.6.0 <=0.8.7), ai.driftkit:driftkit-context-engineering-spring-ai (>=0.6.0 <=0.8.7) +115 more potentially affected by CVE-2026-41712 via org.springframework.ai:spring-ai-openai (>=1.0.0-M5 <=1.0.6)

org.springframework.ai:spring-ai-openai MAVEN version =1.0.0-M5, =0.6.0, =0.6.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.24, =1.0.27, =1.0.0, =1.0.0, =1.0.28 - app.valuationcontrol:library =0.5.9 - com.alibaba.cloud.ai:spring-ai-alibaba-agent-nacos =1.0.0.4 -...

7.5CVSS5.7AI score0.0026EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.9 views

PT-2026-36307

Name of the Vulnerable Software and Affected Versions OpenStack ironic-python-agent versions 1.0.0 through 11.5.0 Description Ironic Python Agent IPA may execute the grub-install function from within a chroot of the deployed partition image. This behavior can lead to arbitrary code execution if a...

8CVSS6.4AI score0.00837EPSS
Exploits0References21
CVE
CVE
added 2026/04/29 5:43 p.m.14 views

CVE-2026-26204

Wazuh versions 1.0.0–4.14.3 are affected by a heap-based out-of-bounds write in GetAlertData that writes a NULL byte 1 byte before the start of the buffer allocated by strdup, due to an unsigned underflow. This corrupts heap metadata and can allow a compromised agent to cause denial of service or...

5.5CVSS5.8AI score0.00169EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.7 views

PT-2026-28119

IBM Concert 1.0.0 through 2.2.0 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques...

5.9CVSS5.8AI score0.00186EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/09 9:30 a.m.6 views

EUVD-2026-10310

Improper Input Validation vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue...

5.8AI score0.00662EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/09 8:59 a.m.3 views

CVE-2026-24713

Improper Input Validation vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue...

5.8AI score0.00662EPSS
Exploits0References2Affected Software1
vulnersOsv
vulnersOsv
added 2026/02/01 6:34 a.m.4 views

01os (>=0.0.1 <=0.0.14), aaf (>=0.3.5 <=0.3.9) +598 more potentially affected by unknown CVE via litellm (>=1.0.0 <=1.80.11)

litellm PYPI version =1.0.0, =0.0.1, =0.3.5, =0.1.0, =0.4.0, =0.8.1, =0.1.0, =0.1.39, =0.2.1, =0.1.0, =0.14.1a0, =0.4.1, =0.1.0, =0.4.0 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-LITELLM-15170825...

5.7AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/28 7:10 p.m.8 views

Security Bulletin: Astronomer with IBM is vulnerable to symlink validation bypass due to the tar-fs package (CVE-2025-59343)

Summary Tar-fs is used by Astronomer with IBM as part of tar file processing functionality. Vulnerability Details CVEID:CVE-2025-59343 DESCRIPTION: tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the...

8.7CVSS6.5AI score0.00516EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/28 7:8 p.m.9 views

Security Bulletin: Astronomer with IBM is vulnerable to resource allocation abuse due to the pdfmake package (CVE-2025-11362)

Summary Pdfmake is used by Astronomer with IBM as part of document processing functionality. Vulnerability Details CVEID:CVE-2025-11362 DESCRIPTION: Versions of the package pdfmake before 0.3.0-beta.17 are vulnerable to Allocation of Resources Without Limits or Throttling via repeatedly redirect...

8.7CVSS6.6AI score0.00331EPSS
Exploits0Affected Software1
PyPA
PyPA
added 2025/09/24 8:15 a.m.14 views

PYSEC-2025-88

Deserialization of Untrusted Data vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 1.0.0 before 2.0.5.Users are recommended to upgrade to version 2.0.5, which fixes the issue...

5.3CVSS5.8AI score0.00457EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/09/24 8:15 a.m.11 views

PYSEC-2025-88

Deserialization of Untrusted Data vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 2.0.5. Users are recommended to upgrade to version 2.0.5, which fixes the issue...

5.3CVSS5.8AI score0.00457EPSS
Exploits0References3
NVD
NVD
added 2025/09/22 7:16 p.m.3 views

CVE-2025-58032

Cross-Site Request Forgery CSRF vulnerability in Bytes.co WP Compiler wp-compiler allows Cross Site Request Forgery.This issue affects WP Compiler: from n/a through = 1.0.0...

4.3CVSS0.00131EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2022-44789

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A logical issue in OgetOwnPropertyDescriptor in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory...

8.8CVSS7.8AI score0.02248EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/23 1:9 p.m.7 views

Security Bulletin: Vulnerability Malicious File Upload affects IBM Integrated Analytics System

Summary The file upload functionality in IIAS has been enhanced to enforce stricter validation across all supported file types. Extension check were implemented to ensure uploaded files match their expected format and content. This prevents the upload of malicious or improperly formatted files an...

8CVSS6.3AI score0.0033EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/08/16 11:25 a.m.3 views

CVE-2025-52775

Missing Authorization vulnerability in Ronik@UnlimitedWP Project Cost Calculator project-cost-calculator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Project Cost Calculator: from n/a through = 1.0.0...

7.1CVSS5.9AI score0.00268EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/11 9:52 a.m.6 views

Security Bulletin: IBM Event Processing is vulnerable to Improper Authentication

Summary IBM Event Processing's backend contains a version of JDBC driver that may allow unwanted connections. Vulnerability Details CVEID:CVE-2025-49146 DESCRIPTION: pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with...

8.2CVSS6.8AI score0.00461EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/08/09 12:23 a.m.7 views

CVE-2025-54882

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. In versions 0.8.0 through 0.9.21 and 1.0.0-beta through 1.1.0, Himmelblau stores the cloud TGT received during logon in the Kerberos credential cache. The created credential cache collection and received credentials...

7.1CVSS6.2AI score0.00211EPSS
Exploits1References1
Rows per page
Query Builder