Lucene search
K

24 matches found

OSV
OSV
added 2026/06/16 11:46 a.m.7 views

BIT-MARIADB-2026-44169 MariaDB: Authorization bypass in role-based routine-level privilege check exposes stored routine definitions

MariaDB server is a community developed fork of MySQL server. From versions 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, a user getting EXECUTE access to a stored routine via a role, could see the routine definition even without SHOW CREATE ROUTINE privilege. This issue has been...

4.3CVSS5.3AI score0.00161EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.10 views

itsourcecode Fees Management System 代码注入漏洞

itsourcecode Fees Management System is an open-source charging management system developed by itsourcecode. Versions of itsourcecode Fees Management System 1.0 and earlier had a code injection vulnerability. This vulnerability stemmed from the operation of unknown functions in the /navbar.php fil...

5.3CVSS4.7AI score0.00273EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/03/26 3:18 p.m.6 views

CVE-2026-30403

There is an arbitrary file read vulnerability in the test connection function of backend database management in wgcloud v3.6.3 and before, which can be used to read any file on the victim's server...

7.5CVSS5.9AI score0.00375EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/01/26 7:58 p.m.5 views

aiohttp: AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb

A decompression based denial of service flaw has been discovered in the AIOHTTP python library. Library versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could...

7.5CVSS5.8AI score0.00487EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/01/14 12:34 a.m.4 views

SUSE CVE-2022-21638

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

4.9CVSS4.9AI score0.00962EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/03 12:0 a.m.5 views

PT-2025-48980

Name of the Vulnerable Software and Affected Versions Envoy versions 1.33.12 through 1.36.2 Description Envoy’s mTLS certificate matcher for match typed subject alt names may incorrectly treat certificates containing an embedded null byte 0 inside an OTHERNAME SAN value as valid matches. This can...

7.1CVSS6.5AI score0.00164EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2025/05/23 8:16 a.m.5 views

CVE-2024-36531

nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are vulnerable to arbitrary code execution via the /admin/extensions/upload.php component...

5.7CVSS6.7AI score0.00433EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/03/25 12:0 a.m.5 views

Keycloak 安全漏洞

Keycloak is an open source identity and access management solution from Keycloak Open Source. A security vulnerability exists in Keycloak versions 26.1.4 and earlier, which stems from a potentially infinite growth of the cache when using JWT tokens for authentication, potentially leading to a...

4.9CVSS5AI score0.00654EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/01/07 12:0 a.m.10 views

CVE-2024-12425

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal. An attacker can write to arbitrary locations, albeit suffixed with ".ttf", by supplying a file in a format that supports embedded font...

3.3CVSS6AI score0.00294EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.4 views

WordPress plugin HTML5 Audio Player 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability...

6.4CVSS6AI score0.00456EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2024/03/05 6:22 p.m.4 views

mysql: Server: DDL unspecified vulnerability (CPU Jul 2023)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DDL. Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks...

4.4CVSS7.3AI score0.01485EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/02/28 12:0 a.m.8 views

PT-2024-18045 · Tainacan · Tainacan

Name of the Vulnerable Software and Affected Versions: Tainacan versions 0.20.6 and earlier Description: The issue is related to the exposure of sensitive information to an unauthorized actor. This is a problem where sensitive data is made available to individuals who should not have access to it...

7.5CVSS5.9AI score0.00515EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/09/20 1:42 p.m.6 views

mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2022)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

4.9CVSS7.3AI score0.01252EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/07/19 12:0 a.m.3 views

Oracle MySQL 输入验证错误漏洞

Oracle MySQL is an open source relational database management system from Oracle Corporation. MySQL Server is one of the database server components, and an input validation error vulnerability exists in Oracle MySQL 8.0.29 and earlier versions. An incorrect input validation exists, which can be...

5CVSS5.3AI score0.00846EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2022/07/19 12:0 a.m.10 views

PT-2022-3771 · Oracle +8 · Mysql Server +7

Name of the Vulnerable Software and Affected Versions: Oracle MySQL Server versions 8.0.29 and prior Description: The issue is related to errors in resource release in the Server: Stored Procedure component of Oracle MySQL Server. It allows a high-privileged attacker with network access via...

10CVSS6.9AI score0.87816EPSS
Exploits22References818
OSV
OSV
added 2022/02/04 11:15 p.m.3 views

PYSEC-2022-140

Tensorflow is an Open Source Machine Learning Framework. The implementation of OpLevelCostEstimator::CalculateOutputSize is vulnerable to an integer overflow if an attacker can create an operation which would involve tensors with large enough number of elements. We can have a large enough number ...

6.5CVSS6AI score0.00783EPSS
Exploits1References3
OSV
OSV
added 2022/01/06 11:15 p.m.3 views

UBUNTU-CVE-2022-21664

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to lack of proper sanitization in one of the classes, there's potential for unintended SQL queries to be executed. This has been patched in WordPress version 5.8.3. Older affected...

8.8CVSS7.2AI score0.04013EPSS
Exploits0References6
PyPA
PyPA
added 2021/05/14 8:15 p.m.8 views

PYSEC-2021-739

TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in tf.rawops.CTCLoss allows an attacker to trigger an OOB read from heap. The fix will be included in TensorFlow 2.5.0. We will also cherrypick these commits on TensorFlow 2.4.2, TensorFlow 2.3.3,...

7.1CVSS6.9AI score0.0024EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2021/02/23 6:15 p.m.4 views

CVE-2021-26682

A remote reflected cross-site scripting XSS vulnerability was discovered in Aruba ClearPass Policy Manager versions: Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the guest portal interface of ClearPass could allow a remote attacker to conduct a reflected cross-site scripting XSS atta...

6.1CVSS6.5AI score0.00802EPSS
Exploits0References1
OSV
OSV
added 2020/08/17 4:15 p.m.2 views

CVE-2020-8211

Improper input validation in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows SQL Injection...

9.8CVSS7.6AI score
Exploits0References1
Rows per page
Query Builder