Lucene search
K

11269 matches found

CNNVD
CNNVD
added 2025/10/02 12:0 a.m.4 views

LXD 安全漏洞

LXD is a Canonical open source container for managing applications on Linux-based systems. A security vulnerability exists in LXD 4.0 and later versions, which stems from a template injection when the instance snapshot creation component uses the Pongo2 template engine, which could result in...

7.1CVSS6.9AI score0.00339EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/10/01 11:46 a.m.7 views

CVE-2023-53511 io_uring: fix fget leak when fs don't support nowait buffered read

In the Linux kernel, the following vulnerability has been resolved: iouring: fix fget leak when fs don't support nowait buffered read Heming reported a BUG when using iouring doing link-cp on ocfs2. 1 Do the following steps can reproduce this BUG: mount -t ocfs2 /dev/vdc /mnt/ocfs2 cp testfile...

0.00134EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/01 12:0 a.m.5 views

PT-2025-40311

Name of the Vulnerable Software and Affected Versions Apache Kylin versions 4.0.0 through 5.0.2 Description A flaw exists in Apache Kylin that could allow external parties to access files or directories. Proper protection of Kylin's system and project admin access is crucial to prevent...

7.5CVSS6.5AI score0.01262EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2025/10/01 12:0 a.m.7 views

PT-2025-40312

Name of the Vulnerable Software and Affected Versions Apache Kylin versions 4.0.0 through 5.0.2 Description A Server-Side Request Forgery SSRF issue exists in Apache Kylin. The impact is limited if Kylin's system and project admin access is well protected. Recommendations Upgrade to version 5.0.3...

7.3CVSS6.7AI score0.00499EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2025/10/01 12:0 a.m.5 views

PT-2025-40310

Name of the Vulnerable Software and Affected Versions Apache Kylin versions 4.0.0 through 5.0.2 Description An authentication bypass issue exists in Apache Kylin. This allows bypassing normal authentication mechanisms through an alternate path or channel. Recommendations Upgrade to version 5.0.3 ...

7.5CVSS6.9AI score0.01224EPSS
Exploits0References11
CNNVD
CNNVD
added 2025/09/30 12:0 a.m.1 views

WordPress plugin All in One Music Player 路径遍历漏洞

WordPress All in One Music Player plugin is a plugin with integrated music playback functionality, mainly used for WooCommerce, Dokan, WCFM Marketplace and other multi-platform e-commerce systems. A path traversal vulnerability exists in the WordPress All in One Music Player plugin, which stems...

6.5CVSS6.6AI score0.00379EPSS
Exploits0References3
NVD
NVD
added 2025/09/29 8:15 a.m.3 views

CVE-2025-48006

Improper restriction of XML external entity reference issue exists in DataSpider Servista 4.4 and earlier. If a specially crafted request is processed, arbitrary files on the file system where the server application for the product is installed may be read, or a denial-of-service DoS condition ma...

9.1CVSS0.00496EPSS
Exploits0References2
OSV
OSV
added 2025/09/29 8:15 a.m.1 views

CVE-2025-48006

Improper restriction of XML external entity reference issue exists in DataSpider Servista 4.4 and earlier. If a specially crafted request is processed, arbitrary files on the file system where the server application for the product is installed may be read, or a denial-of-service DoS condition ma...

9.1CVSS5.8AI score0.00496EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/29 7:40 a.m.15 views

CVE-2025-48006

Improper restriction of XML external entity reference issue exists in DataSpider Servista 4.4 and earlier. If a specially crafted request is processed, arbitrary files on the file system where the server application for the product is installed may be read, or a denial-of-service DoS condition ma...

8.8CVSS6.6AI score0.00496EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/29 7:40 a.m.8 views

CVE-2025-48006

Improper restriction of XML external entity reference issue exists in DataSpider Servista 4.4 and earlier. If a specially crafted request is processed, arbitrary files on the file system where the server application for the product is installed may be read, or a denial-of-service DoS condition ma...

8.8CVSS0.00496EPSS
Exploits0References2
CVE
CVE
added 2025/09/29 7:40 a.m.19 views

CVE-2025-48006

CVE-2025-48006 affects DataSpider Servista 4.4 and earlier. Root cause: improper restriction of XML external entity references (CWE-611). Impact: potential to read arbitrary files on the server filesystem and DoS; network-based exposure with low attack complexity. Exploitation details are not pro...

9.1CVSS6.6AI score0.00496EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2025/09/29 12:0 a.m.2 views

Ashisuto DataSpider Servista 代码问题漏洞

Ashisuto DataSpider Servista is an enterprise data integration platform from Ashisuto Japan. A code issue vulnerability exists in Ashisuto DataSpider Servista 4.4 and prior versions, which stems from an improperly restricted XML external entity reference that could result in the reading of...

9.1CVSS8.3AI score0.00496EPSS
Exploits0References2
OSV
OSV
added 2025/09/24 7:21 p.m.3 views

GO-2025-3971 DragonFly vulnerable to arbitrary file read and write on a peer machine in d7y.io/dragonfly

DragonFly vulnerable to arbitrary file read and write on a peer machine in d7y.io/dragonfly...

9.8CVSS7AI score0.0068EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/09/24 12:0 a.m.8 views

CVE-2025-60020

nncp before 8.12.0 allows path traversal for reading or writing during freqing and file saving via a crafted path in packet data...

6.4CVSS0.00243EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/23 9:30 a.m.11 views

CVE-2025-6544

A deserialization vulnerability exists in h2oai/h2o-3 versions = 3.46.0.8, allowing attackers to read arbitrary system files and execute arbitrary code. The vulnerability arises from improper handling of JDBC connection parameters, which can be exploited by bypassing regular expression checks and...

9.8CVSS7.3AI score0.00839EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/09/23 12:0 a.m.2 views

Autodesk Fusion 安全漏洞

Autodesk Fusion is a data management software platform from the US-based Autodesk, Inc. A security vulnerability exists in Autodesk Fusion that stems from a stored cross-site scripting vulnerability in the handling of specially crafted HTML payloads, which could result in reading a local file or...

8.7CVSS6AI score0.00418EPSS
Exploits0References3
OSV
OSV
added 2025/09/22 6:30 p.m.2 views

GHSA-5W3J-GWGH-4RFV H2O affected by a deserialization vulnerability

A deserialization vulnerability exists in h2oai/h2o-3 versions = 3.46.0.7, allowing attackers to read arbitrary system files and execute arbitrary code. The vulnerability arises from improper handling of JDBC connection parameters, which can be exploited by bypassing regular expression checks and...

9.8CVSS6.1AI score0.00839EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/09/21 12:0 a.m.4 views

H2O 安全漏洞

H2O is an open source in-memory platform for distributed, scalable machine learning from H2O.ai. A security vulnerability exists in H2O 3.46.0.8 and earlier versions, which stems from improper handling of JDBC connection parameters and could lead to reading arbitrary system files and executing...

9.8CVSS9.3AI score0.00839EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/09/19 6:25 a.m.10 views

CVE-2025-9215

The StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.0 via the filedownload function. This makes it possible for authenticated attackers, with...

6.5CVSS5.9AI score0.00563EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/09/19 12:0 a.m.8 views

PT-2025-38624

A vulnerability. When org.apache.linkis.metadata.util.HiveUtils.decode fails to perform Base64 decoding, it records the complete input parameter string in the log via logger.errorstr + "decode failed", e. If the input parameter contains sensitive information such as Hive Metastore keys, plaintext...

5.5AI score0.00403EPSS
Exploits0References4
Rows per page
Query Builder