Lucene search
K

123 matches found

Cvelist
Cvelist
added 2025/12/19 12:0 a.m.27 views

CVE-2025-66908

Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an improper file type validation vulnerability in the OCR image upload functionality. The OcrController in turms-ai-serving/src/main/java/im/turms/ai/domain/ocr/controller/OcrController.java uses the @FormDatacontentType =...

0.00367EPSS
Exploits1References3
Veracode
Veracode
added 2025/12/13 7:20 a.m.14 views

Remote Code Execution (RCE)

redaxo/source is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient validation of template content allowing PHP code injection, which allows an attacker to execute arbitrary operating system commands when the template is rendered...

7.2CVSS6.2AI score0.00794EPSS
Exploits2References4Affected Software1
CNNVD
CNNVD
added 2025/11/06 12:0 a.m.4 views

Laravel File Manager 安全漏洞

Laravel File Manager is a Laravel file manager by Aleksandr Manekin Personal Developer. A security vulnerability exists in Laravel File Manager version 3.3.1, which stems from allowing users to upload create and rename HTML and SVG type files without adequate content type validation or output...

8.1CVSS5.8AI score0.00361EPSS
Exploits2References3
CNNVD
CNNVD
added 2025/11/05 12:0 a.m.8 views

WSO2多款产品 安全漏洞

WSO2 API Manager and other products are products of WSO2 Corporation, USA.WSO2 API Manager is a set of API lifecycle management solution.WSO2 Identity Server IS is an identity server.WSO2 Enterprise Integrator is a set of open source hybrid integration platform. A security vulnerability exists in...

8.4CVSS7.7AI score0.00544EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-9257

Malware in sbrugna...

7.8CVSS7.4AI score0.01572EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2016-4093

Malware in sbrugna...

5.5CVSS5.5AI score0.01247EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-29334

Malware in sbrugna...

8.8CVSS8.9AI score0.05754EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-25382

Malware in sbrugna...

9.8CVSS6.8AI score0.01631EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-7274

Malicious code in bioql PyPI...

8.2CVSS8.1AI score0.00635EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2021-7558

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00722EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-38812

Malicious code in bioql PyPI...

8CVSS7.7AI score0.00416EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-7259

Malicious code in bioql PyPI...

8.2CVSS8.1AI score0.0061EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.15 views

EUVD-2023-1375

Malicious code in bioql PyPI...

8.2CVSS8.1AI score0.00597EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-18886

Malicious code in bioql PyPI...

4.3CVSS6.5AI score0.00156EPSS
Exploits0References4
OSV
OSV
added 2025/09/19 9:57 a.m.5 views

BIT-JENKINS-2025-59476

Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not restrict or transform the characters that can be inserted from user-specified content in log messages, allowing attackers able to control log message contents to insert line break characters, followed by forged log messages that may...

5.3CVSS6.8AI score0.00335EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/08/19 6:56 p.m.11 views

CVE-2025-55735 flaskBlog Stored XSS Vulnerability

flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, when creating a post, there's no validation of the content of the post stored in the variable "postContent". The vulnerability arises when displaying the content of the post using the | safe filter, that tells the engine to not escap...

5.3CVSS0.00192EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:7 p.m.5 views

CVE-2022-41710

Markdownify version 1.4.1 allows an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Markdownify. This is possible because the application does not have a CSP policy or at least not strict enough and/or does not...

5.5CVSS6.6AI score0.00365EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:51 p.m.6 views

CVE-2020-8468

Trend Micro Apex One 2019, OfficeScan XG and Worry-Free Business Security 9.0, 9.5, 10.0 agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication...

8.8CVSS6.7AI score0.05754EPSS
Exploits0References1
OSV
OSV
added 2025/05/14 2:40 p.m.6 views

CVE-2024-56157 iTop vulnerable to Self XSS in CSV Import

iTop is an web based IT Service Management tool. Prior to versions 3.1.3 and 3.2.1, by filling malicious code in a CSV content, a cross-site scripting attack can be performed when importing this content. The issue is fixed in versions 3.1.3 and 3.2.1. As a workaround, check CSV content before...

6.3CVSS6.3AI score0.00226EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/02/18 12:0 a.m.3 views

PT-2025-7416 · Ibm · Ibm Cognos Controller +1

Name of the Vulnerable Software and Affected Versions: IBM Cognos Controller versions 11.0.0 through 11.0.1 FP3 IBM Controller version 11.1.0 Description: The issue allows an authenticated attacker to conduct formula injection, potentially enabling the execution of arbitrary commands on the syste...

9CVSS7.3AI score0.00375EPSS
Exploits0References5
Rows per page
Query Builder