Lucene search
K

229 matches found

OSV
OSV
added 2025/09/17 2:15 p.m.5 views

CVE-2025-59475

Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check for the authenticated user profile dropdown menu, allowing attackers without Overall/Read permission to obtain limited information about the Jenkins configuration by listing available options in this menu e.g.,...

4.3CVSS6.3AI score
Exploits0References2
OSV
OSV
added 2025/05/28 2:41 p.m.2 views

USN-7542-1 krb5 vulnerability

It was discovered that Kerberos allowed the usage of weak cryptographic standards. An attacker could possibly use this issue to expose sensitive information. This update introduces the allowrc4 and allowdes3 configuration options, and disables the usage of RC4 and 3DES ciphers by default. Users a...

5.9CVSS6.9AI score0.00293EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 1:14 a.m.10 views

CVE-2022-41229

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.134 and earlier does not escape configuration options of the Execute NetStorm/NetCloud Test build step, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS5.4AI score0.00469EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:18 p.m.12 views

CVE-2021-32819

Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options remote code execution may be triggered in...

8.8CVSS7.5AI score0.59844EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:46 p.m.9 views

CVE-2021-32822

The npm hbs package is an Express view engine wrapper for Handlebars. Depending on usage, users of hbs may be vulnerable to a file disclosure vulnerability. There is currently no patch for this vulnerability. hbs mixes pure template data with engine configuration options through the Express rende...

5.3CVSS6.5AI score0.01178EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:36 a.m.4 views

CVE-2013-1859

The Node Parameter Control module 6.x-1.x for Drupal does not properly restrict access to the configuration options, which allows remote attackers to read and edit configuration options via unspecified vectors...

6.4CVSS7.1AI score0.02782EPSS
Exploits0References1
OSV
OSV
added 2025/05/20 7:35 p.m.5 views

GHSA-9HQ9-CR36-4WPJ TYPO3 Allows Unrestricted File Upload in File Abstraction Layer

Problem By design, the file management module in TYPO3’s backend user interface has historically allowed the upload of any file type, with the exception of those that are directly executable in a web server context. This lack of restriction means it is possible to upload files that may be...

5.4CVSS7.2AI score0.00158EPSS
Exploits0References5
OSV
OSV
added 2025/05/05 8:40 p.m.14 views

GHSA-3527-QV2Q-PFVX league/commonmark contains a XSS vulnerability in Attributes extension

Summary Cross-site scripting XSS vulnerability in the Attributes extension of the league/commonmark library versions 1.5.0 through 2.6.x allows remote attackers to insert malicious JavaScript calls into HTML. Details The league/commonmark library provides configuration options such as htmlinput:...

6.4CVSS5.2AI score0.00287EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/04/15 2:48 p.m.6 views

aws-cdk-lib's aspect order change causes different Permissions Boundary assigned to Role

Summary The AWS Cloud Development Kit AWS CDK is an open-source software development framework for defining cloud infrastructure in code and provisioning it through AWS CloudFormation. In the CDK, developers organize their applications into reusable components called "constructs," which are...

7.2AI score
Exploits0References4Affected Software1
Packet Storm News
Packet Storm News
added 2025/04/10 12:0 a.m.3 views

OpenSSH 10.0p1

OpenSSH is the premier connectivity tool for remote login with the SSH protocol. It encrypts all traffic to eliminate eavesdropping, connection hijacking, and other attacks. In addition, OpenSSH provides a large suite of secure tunneling capabilities, several authentication methods, and...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/04/10 12:0 a.m.3 views

OpenSSH 10.0

OpenSSH is the premier connectivity tool for remote login with the SSH protocol. It encrypts all traffic to eliminate eavesdropping, connection hijacking, and other attacks. In addition, OpenSSH provides a large suite of secure tunneling capabilities, several authentication methods, and...

7.2AI score
Exploits0
Oracle linux
Oracle linux
added 2025/03/31 12:0 a.m.14 views

libreoffice security update

1:7.1.8.1-15.0.1 - Replace colors with Oracle colors Orabug: 32120093 - Added the --with-hamcrest option to configure. 1:7.1.8.1-15 - Fix CVE-2025-1080 Filter out more unwanted command URIs...

7.2CVSS7.2AI score0.00291EPSS
Exploits0
OSV
OSV
added 2025/02/20 8:13 p.m.21 views

CVE-2025-27098 Unwanted access to the entire file system vulnerability due to a missing check in `staticFiles` HTTP handler in graphql-mesh

GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as MongoDB, MySQL, and PostgreSQL. Missing check vulnerability in the static file handler allows any...

5.8CVSS6.6AI score0.00336EPSS
Exploits1References3
NVD
NVD
added 2025/02/05 7:15 p.m.12 views

CVE-2025-24372

CKAN is an open-source DMS data management system for powering data hubs and data portals. Using a specially crafted file, a user could potentially upload a file containing code that when executed could send arbitrary requests to the server. If that file was opened by an administrator, it could...

7.3CVSS0.00442EPSS
Exploits0References6
OSV
OSV
added 2025/02/03 8:50 a.m.7 views

SUSE-SU-2025:20024-1 Security update for unbound

This update for unbound fixes the following issues: - Update to 1.20.0: Features: The config for discard-timeout, wait-limit, wait-limit-cookie, wait-limit-netblock and wait-limit-cookie-netblock was added, for the fix to the DNSBomb issue. Merge GH1027: Introduce 'cache-min-negative-ttl' option...

7.5CVSS6.9AI score0.99995EPSS
Exploits2References9
Talos
Talos
added 2025/01/14 12:0 a.m.9 views

Wavlink AC3000 internet.cgi set_add_routing() buffer overflow vulnerability

Talos Vulnerability Report TALOS-2024-2021 Wavlink AC3000 internet.cgi setaddrouting buffer overflow vulnerability January 14, 2025 CVE Number CVE-2024-39288 SUMMARY A buffer overflow vulnerability exists in the internet.cgi setaddrouting functionality of Wavlink AC3000 M33A8.V5030.210505. A...

9.1CVSS7.7AI score0.13476EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/01/08 2:19 p.m.5 views

CVE-2022-49034

In the Linux kernel, the following vulnerability has been resolved: sh: cpuinfo: Fix a warning for CONFIGCPUMASKOFFSTACK When CONFIGCPUMASKOFFSTACK and CONFIGDEBUGPERCPUMAPS are selected, cpumaxbitswarn generates a runtime warning similar as below when showing /proc/cpuinfo. Fix this by using...

5.5CVSS6.8AI score0.00242EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/12/02 9:48 p.m.16 views

rails-html-sanitizer has XSS vulnerability with certain configurations

Summary There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. Versions affected: 1.6.0 Not affected: 1.6.0 Fixed versions: 1.6.1 Impact A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may...

6.1CVSS5.5AI score0.00435EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2024/11/18 4:5 p.m.11 views

CVE-2020-26063 Cisco Integrated Management Controller Software Authorization Bypass Vulnerability

A vulnerability in the API endpoints of Cisco Integrated Management Controller could allow an authenticated, remote attacker to bypass authorization and take actions on a vulnerable system without authorization. The vulnerability is due to improper authorization checks on API endpoints. An attack...

5.4CVSS7.2AI score0.00606EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/11/18 4:5 p.m.24 views

CVE-2020-26063 Cisco Integrated Management Controller Software Authorization Bypass Vulnerability

A vulnerability in the API endpoints of Cisco Integrated Management Controller could allow an authenticated, remote attacker to bypass authorization and take actions on a vulnerable system without authorization. The vulnerability is due to improper authorization checks on API endpoints. An attack...

5.4CVSS0.00606EPSS
Exploits0References4
Rows per page
Query Builder