Lucene search
K

260 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/08 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2020-10684

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansiblefacts as a subkey of...

7.9CVSS7AI score0.00345EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/08 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2019-14905

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxosfilecopy...

7.3CVSS6.8AI score0.00736EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/08 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2020-14365

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf...

7.1CVSS7.9AI score0.00233EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/07/31 4:26 a.m.18 views

CVE-2025-7847 AI Engine 2.9.3 - 2.9.4 - Authenticated (Subscriber+) Arbitrary File Upload

The AI Engine plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the restsimpleFileUpload function in versions 2.9.3 and 2.9.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on...

8.8CVSS0.01057EPSS
Exploits2References5
Wordfence Blog
Wordfence Blog
added 2025/07/30 4:14 p.m.15 views

100,000 WordPress Sites Affected by Arbitrary File Upload Vulnerability in AI Engine WordPress Plugin

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters!📢 🌞 Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards forall in-scope submissions from our ‘High Threat’ list in software with fewer than 5 million active installs. Bounties up to $31,200 per...

8.8CVSS8.2AI score0.01057EPSS
Exploits2
OSV
OSV
added 2025/07/30 1:24 p.m.4 views

CVE-2025-54388 Moby's Firewalld reload makes published container ports accessible from remote hosts

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. In versions 28.2.0 through 28.3.2, when the firewalld service is reloaded it removes all iptables rules including...

5.1CVSS6.5AI score0.00215EPSS
Exploits0References5
NVD
NVD
added 2025/07/24 10:15 a.m.4 views

CVE-2025-7780

The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4. The simpleTranscribeAudio endpoint fails to restrict URL schemes before calling getaudio. This makes it possible for authenticated attackers, with Subscriber-level acces...

6.5CVSS0.00505EPSS
Exploits0References5
OSV
OSV
added 2025/07/22 9:15 p.m.5 views

CVE-2025-8033

The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. This vulnerability affects Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...

6.5CVSS5.1AI score
Exploits0References9
Vulnrichment
Vulnrichment
added 2025/07/22 8:49 p.m.5 views

CVE-2025-8033 Incorrect JavaScript state machine for generators

The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...

6.6AI score0.00351EPSS
Exploits0References8
CVE
CVE
added 2025/07/22 8:49 p.m.78 views

CVE-2025-8033

The CVE-2025-8033 issue is a memory-safety bug in Mozilla’s JavaScript engine where closing generators could be resumed, causing a null pointer dereference. Affected products include Firefox and Thunderbird forks across multiple release lines (Firefox < 141, ESR tracks <115.26, <128.13, ...

6.5CVSS6.6AI score0.00351EPSS
Exploits0References9Affected Software2
CBLMariner
CBLMariner
added 2025/07/10 3:9 p.m.9 views

CVE-2024-51744 affecting package moby-engine for versions less than 25.0.3-13

CVE-2024-51744 affecting package moby-engine for versions less than 25.0.3-13. A patched version of the package is available...

3.1CVSS7.3AI score0.00521EPSS
Exploits0
Cvelist
Cvelist
added 2025/07/04 1:44 a.m.33 views

CVE-2025-6238 AI Engine 2.8.4 - Insecure OAuth Implementation

The AI Engine plugin for WordPress is vulnerable to open redirect in version 2.8.4. This is due to an insecure OAuth implementation, as the 'redirecturi' parameter is missing validation during the authorization flow. This makes it possible for unauthenticated attackers to intercept the...

8CVSS0.00303EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/06/30 12:0 a.m.3 views

EulerOS 2.0 SP13 : docker-engine (EulerOS-SA-2025-1700)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers...

7.8CVSS6.4AI score0.00275EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/06/23 8:40 a.m.5 views

CVE-2025-50043

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jordy Meow Code Engine code-engine allows Stored XSS.This issue affects Code Engine: from n/a through = 0.3.2...

6.5CVSS5.9AI score0.00192EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/06/17 12:0 a.m.7 views

PT-2025-29591

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 138.0.7204.157 Description An integer overflow in V8, the JavaScript engine used in Google Chrome, could allow a remote attacker to exploit heap corruption via a crafted HTML page. The Chromium security severity...

10CVSS8.8AI score0.09185EPSS
Exploits0References41
Positive Technologies
Positive Technologies
added 2025/06/06 12:0 a.m.4 views

PT-2025-24236 · WordPress · Wp Travel Engine

Name of the Vulnerable Software and Affected Versions: WP Travel Engine versions through 6.5.1 Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion'. This allows PHP Local File Inclusion...

7.5CVSS7.4AI score0.00502EPSS
Exploits0References3
Exploit DB
Exploit DB
added 2025/06/05 12:0 a.m.337 views

Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)

!/usr/bin/env python3 Exploit Title: Microsoft Windows Server 2025 JScript Engine - Remote Code Execution RCE Exploit Author: Mohammed Idrees Banyamer Instagram: @@banyamersecurity GitHub: https://github.com/mbanyamer Date: 2025-05-31 CVE: CVE-2025-30397 Vendor: Microsoft Affected Versions: Windo...

7.5CVSS7.4AI score0.21562EPSS
Exploits7
CNNVD
CNNVD
added 2025/05/29 12:0 a.m.5 views

vLLM 安全漏洞

vLLM is a vLLM open source high throughput and memory efficient inference and service engine for LLM. A security vulnerability exists in vLLM versions prior to 0.9.0 that stems from a timing difference in the PageAttention mechanism that could be exploited...

2.6CVSS6.3AI score0.00249EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 10:28 a.m.9 views

CVE-2024-6451

AI Engine 2.4.3 is susceptible to remote-code-execution RCE via Log Poisoning. The AI Engine WordPress plugin before 2.5.1 fails to validate the file extension of "logspath", allowing Administrators to change log filetypes from .log to .php...

7.2CVSS6.7AI score0.00817EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:58 a.m.6 views

CVE-2024-56454

Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability...

5.5CVSS6.9AI score0.00105EPSS
Exploits0References1
Rows per page
Query Builder