Lucene search
K

26 matches found

Vulnrichment
Vulnrichment
added 2026/05/14 10:29 a.m.10 views

CVE-2026-8468 Unbounded buffer accumulation in multipart header parsing causes denial of service in plug

Allocation of Resources Without Limits or Throttling vulnerability in plugproject plug allows denial of service via unbounded buffer accumulation in multipart header parsing. 'Elixir.Plug.Conn':readpartheaders/2 in lib/plug/conn.ex does not obey its :length parameter. There is no upper bound on t...

8.2CVSS6AI score0.0062EPSS
Exploits0References9
SUSE Linux
SUSE Linux
added 2026/04/08 4:3 p.m.4 views

Security update for python-poetry

This update for python-poetry fixes the following issue: CVE-2026-34591: From version 1.4.0 to before version 2.3.3, a crafted wheel can contain ../ paths that Poetry writes to disk without containment checks, allowing arbitrary file write bsc1261383. Patch Instructions: To install this SUSE upda...

7.1CVSS6AI score0.00468EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/04/08 8:30 a.m.2 views

CVE-2026-39616

Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments download-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Attachments: from n/a through = 1.4.0...

5.9AI score0.00213EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/12 4:45 p.m.26 views

CVE-2026-28356 ReDoS in multipart 1.3.0 - `parse_options_header()`

multipart is a fast multipart/form-data parser for python. Prior to 1.2.2, 1.3.1 and 1.4.0-dev, the parseoptionsheader function in multipart.py uses a regular expression with an ambiguous alternation, which can cause exponential backtracking ReDoS when parsing maliciously crafted HTTP or multipar...

7.5CVSS0.00606EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/01/26 9:31 p.m.7 views

africa.absa:inception-test (>=1.0.0 <=1.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-quarkus-adhoc-subprocess (>=0.1.0 <=0.2.0) +7574 more potentially affected by CVE-2026-24400 via org.assertj:assertj-core (>=1.4.0 <=3.27.6)

org.assertj:assertj-core MAVEN version =1.4.0, =1.0.0, =0.1.0, =0.1.0, =0.0.62, =0.7.0, =0.0.10, =0.0.6, =0.8.38, =20.3.3, =20.3.3, =20.3.3, =20.3.3, =20.3.3, =20.3.3, =26.3.2 and more Source cves: CVE-2026-24400 Source advisory: OSV:GHSA-RQFH-9R24-8C9R...

9.1CVSS7AI score0.00542EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/17 9:58 a.m.6 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Insufficient Random Values (CVE-2025-7783)

Summary Due to the use of the form-data JavaScript library, IBM watsonx Orchestrate Developer Edition is vulnerable to predictable boundary values CVE-2025-7783 Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data allows HTTP...

9.4CVSS6.7AI score0.01735EPSS
Exploits1Affected Software1
NVD
NVD
added 2025/12/09 4:18 p.m.4 views

CVE-2025-62734

Cross-Site Request Forgery CSRF vulnerability in M.Code Media Library Downloader media-library-downloader allows Cross Site Request Forgery.This issue affects Media Library Downloader: from n/a through = 1.4.0...

4.3CVSS0.00111EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/03 7:8 a.m.21 views

WordPress WP Directory Kit plugin <= 1.4.4 - Authentication Bypass to Privilege Escalation via Account Takeover vulnerability

Authentication Bypass to Privilege Escalation via Account Takeover vulnerability discovered by Ryan Kozak in WordPress Plugin WP Directory Kit versions 1.4.0-1.4.4...

10CVSS7.5AI score0.0472EPSS
Exploits3References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/11 5:33 p.m.11 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in brace-expansion nodejs nodejs-docs nodejs-full-i18n npm

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in brace-expansion nodejs nodejs-docs nodejs-full-i18n npm Vulnerability Details CVEID:CVE-2025-5889 DESCRIPTION: A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0...

3.1CVSS3.2AI score0.00459EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/29 10:51 a.m.3 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-pip-wheel requests

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-pip-wheel requests Vulnerability Details CVEID:CVE-2024-47081 DESCRIPTION: Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credential...

5.3CVSS6.1AI score0.00846EPSS
Exploits1Affected Software1
EUVD
EUVD
added 2025/10/22 3:31 p.m.6 views

EUVD-2025-35500

Missing Authorization vulnerability in Breeze Team Breeze Checkout breeze-checkout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze Checkout: from n/a through = 1.4.0...

6.5AI score0.00281EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/22 11:24 a.m.9 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in jose-4.15.9.tgz

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in jose-4.15.9.tgz Vulnerability Details CVEID:CVE-2025-45767 DESCRIPTION: jose v6.0.10 was discovered to contain weak encryption. NOTE: this is disputed by a third party because the claim of "do not me...

7CVSS6.9AI score0.00145EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/22 11:24 a.m.13 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in sha.js-2.4.11.tgz CVE-2025-9288

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in sha.js-2.4.11.tgz CVE-2025-9288 Vulnerability Details CVEID:CVE-2025-9288 DESCRIPTION: Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js:...

9.1CVSS8.1AI score0.00651EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/22 11:8 a.m.9 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in transformers-4.48.3-py3-none-any.whl

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in transformers-4.48.3-py3-none-any.whl Vulnerability Details CVEID:CVE-2025-2099 DESCRIPTION: A vulnerability in the preprocessstring function of the transformers.testingutils module in...

7.5CVSS5.4AI score0.00507EPSS
Exploits1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 5:58 a.m.4 views

CVE-2023-31206

Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers can change the immutable name and type of nodes of InLong. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick 1 to...

7.5CVSS6.9AI score0.01247EPSS
Exploits0References1
OSV
OSV
added 2024/08/29 3:15 p.m.4 views

CVE-2024-39653

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in E4J s.R.L. VikRentCar allows SQL Injection.This issue affects VikRentCar: from n/a through 1.4.0...

9.8CVSS5.8AI score0.00458EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/06/10 12:0 a.m.6 views

WordPress plugin Slider Responsive Slideshow Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A security vulnerability...

8.8CVSS6.7AI score0.00356EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/06 12:0 a.m.4 views

PT-2024-20473

Name of the Vulnerable Software and Affected Versions Allegro AI's ClearML platform versions 1.4.0 through 1.14.1 Description A path traversal vulnerability in the client SDK of Allegro AI's ClearML platform enables a maliciously uploaded dataset to write local or remote files to an arbitrary...

8.8CVSS7.3AI score0.00798EPSS
Exploits1References14
OSV
OSV
added 2023/10/16 9:15 a.m.6 views

CVE-2023-43666

Insufficient Verification of Data Authenticity vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0, General user can view all user data like Admin account. Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick 1 to solve it. 1 ...

6.5CVSS5.8AI score0.00432EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/07/25 12:0 a.m.3 views

PT-2023-25137 · Apache · Apache Inlong

Name of the Vulnerable Software and Affected Versions: Apache InLong versions 1.4.0 through 1.7.0 Description: The issue is related to an SQL injection vulnerability due to improper neutralization of special elements used in an SQL command. This occurs in the toAuditCkSql method where the groupId...

9.8CVSS7.7AI score0.01193EPSS
Exploits0References13
Rows per page
Query Builder