Lucene search
K

22 matches found

NVD
NVD
added 2026/05/08 11:16 p.m.25 views

CVE-2026-42454

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, all Docker container management endpoints in Termix interpolate the containerId URL path parameter and WebSocket message field directly into shell commands execute...

9.9CVSS0.00652EPSS
Exploits0References2
NVD
NVD
added 2026/03/10 6:18 p.m.12 views

CVE-2026-25569

A vulnerability has been identified in SICAM SIAPP SDK All versions V2.1.7. An out-of-bounds write vulnerability exists in SICAM SIAPP SDK. This could allow an attacker to write data beyond the intended buffer, potentially leading to denial of service, or arbitrary code execution...

7.8CVSS0.00143EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-43737

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00757EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/19 7:23 p.m.4 views

CVE-2025-59346

Dragonfly is an open source P2P-based file distribution and image acceleration system. Versions prior to 2.1.0 contain a server-side request forgery SSRF vulnerability that enables users to force DragonFly2’s components to make requests to internal services that are otherwise not accessible to...

6.9CVSS6.9AI score0.00231EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/17 12:0 a.m.4 views

Dragonfly 安全漏洞

Dragonfly is an open source framework from DragonflyDB that allows dynamic processing of any content type. A security vulnerability exists in Dragonfly versions prior to 2.1.0, which stems from a hard-coded use of the HTTP protocol instead of HTTPS when downloading small files in the scheduler...

6.9CVSS8.7AI score0.0013EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 10:2 a.m.8 views

CVE-2019-17220

Rocket.Chat before 2.1.0 allows XSS via a URL on a !title line...

6.1CVSS5.7AI score0.04023EPSS
Exploits5References1
ATTACKERKB
ATTACKERKB
added 2024/08/27 2:15 p.m.7 views

CVE-2024-7071

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection', CWE - 564 - SQL Injection: Hibernate vulnerability in Brain Information Technologies Inc. Brain Low-Code allows SQL Injection. This issue affects Brain Low-Code: before 2.1.0...

9.8CVSS5.8AI score0.00421EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/08/27 12:0 a.m.5 views

Brain Low-Code SQL注入漏洞

Brain Low-Code is a software development platform from Brain Low-Code that requires little to no coding to build applications and processes. An SQL injection vulnerability exists in versions of Brain Low-Code prior to 2.1.0. No information about this vulnerability is available at this time, so st...

9.8CVSS7.6AI score0.00421EPSS
Exploits0References2
OSV
OSV
added 2023/12/29 1:15 p.m.3 views

CVE-2023-51414

Deserialization of Untrusted Data vulnerability in EnvialoSimple EnvíaloSimple: Email Marketing y Newsletters.This issue affects EnvíaloSimple: Email Marketing y Newsletters: from n/a through 2.1...

9.8CVSS7.3AI score
Exploits0References1
OSV
OSV
added 2023/06/27 2:15 p.m.4 views

CVE-2023-0588

The Catalyst Connect Zoho CRM Client Portal WordPress plugin before 2.1.0 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admin...

6.1CVSS7.3AI score0.00458EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/03/08 11:3 a.m.8 views

CVE-2023-1267 SQLi in Ulkem Company's PtteM Kart

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ulkem Company PtteM Kart. This issue affects PtteM Kart: before 2.1...

9.8CVSS7.4AI score0.00656EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 5:34 a.m.3 views

SUSE CVE-2013-6369

Stack-based buffer overflow in the jbgdecin function in libjbig/jbig.c in JBIG-KIT before 2.1 allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a crafted image file...

6.8CVSS8.1AI score0.03449EPSS
Exploits0References3
OSV
OSV
added 2023/02/09 9:15 a.m.1 views

UBUNTU-CVE-2022-43440

Uncontrolled Search Path Element in Checkmk Agent in Tribe29 Checkmk before 2.1.0p1, before 2.0.0p25 and before 1.6.0p29 on a Checkmk server allows the site user to escalate privileges via a manipulated unixcat executable...

8.8CVSS7AI score0.0023EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/12/28 12:0 a.m.3 views

Mellivora 跨站脚本漏洞

Mellivora is a CTF engine written in PHP by the individual developer Nakiami. A cross-site scripting vulnerability exists in Mellivora versions prior to 2.1.x. The vulnerability stems from an incorrect manipulation of a parameter that leads to a cross-site scripting vulnerability...

4.8CVSS4.5AI score0.00524EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/03/16 12:0 a.m.5 views

EOS 缓冲区错误漏洞

EOS is an open source smart contract platform from the EOSIO community. A buffer error vulnerability exists in EOS that stems from the txntestgenplugin function containing a heap-based buffer overflow. The vulnerability affects the following products: EOS versions prior to v2.1.0...

7.5CVSS7.8AI score0.01178EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/03/14 3:15 p.m.5 views

CVE-2022-0674

The Kunze Law WordPress plugin before 2.1 does not escape its 'E-Mail Error "From" Address' settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.5AI score0.00612EPSS
Exploits2References2
OSV
OSV
added 2021/10/13 9:15 a.m.4 views

CVE-2021-20834

Improper authorization in handler for custom URL scheme vulnerability in Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App...

6.1CVSS5.9AI score0.01157EPSS
Exploits0References3
CNVD
CNVD
added 2020/05/06 12:0 a.m.2 views

Apache Syncope Code Injection Vulnerability

Apache Syncope is the United States Apache Apache Foundation's set of open source digital identity management system for use in enterprise environments. The system supports identity management, role configuration and more. A code injection vulnerability exists in Apache Syncope versions prior to...

9.8CVSS7.9AI score0.04821EPSS
Exploits0References1
CNVD
CNVD
added 2019/06/28 12:0 a.m.3 views

Magento Code Execution Vulnerability (CNVD-2019-39393)

Magento is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engines and payment gateways and other functions. A security vulnerability exists in Magento version 2.1 before 2.1.18, version 2.2 before 2.2.9 and version 2.3...

9CVSS7.4AI score0.02421EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2019/02/17 12:0 a.m.3 views

PT-2019-19002 · Advancecomp +4 · Advancecomp +4

Name of the Vulnerable Software and Affected Versions: AdvanceCOMP versions prior to 2.1 Description: An issue was discovered that can cause an invalid memory address to occur in the adv png unfilter 8 function in lib/png.c. This can be triggered by sending a crafted file to a binary, allowing an...

7.8CVSS5.2AI score0.01424EPSS
Exploits4References42
Rows per page
Query Builder