Lucene search
+L

84 matches found

cnnvd
cnnvd
added 2025/03/27 12:0 a.m.5 views

UPX 安全漏洞

UPX is a free, secure, portable, scalable, high-performance executable shelling program for a wide range of executable formats. A security vulnerability exists in UPX 5.0.0 and earlier versions, which stems from an incorrect operation of the PackLinuxElf64::unDTINIT function that can cause a heap...

5.5CVSS4.7AI score0.00274EPSS
Exploits1References1
osv
osv
added 2025/03/06 12:31 a.m.5 views

GHSA-P34J-R3CH-C985 Jenkins reveals encrypted values of secrets stored in agent configuration to users with Agent/Extended Read permission

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of agents via REST API or CLI. This allows attackers with Agent/Extended Read permission to view encrypted values of secrets. Jenkins 2.500, LTS 2.492.2 redacts the encrypted...

4.3CVSS6.9AI score0.00727EPSS
Exploits0References4
osv
osv
added 2025/02/26 2:15 p.m.3 views

CVE-2025-0719

IBM Cloud Pak for Data 4.0.0 through 4.8.5 and 5.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a truste...

6.1CVSS5.5AI score0.00302EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/02/24 12:0 a.m.5 views

MITRE Caldera 安全漏洞

MITRE Caldera is a MITRE open source automated adversarial simulation platform. A security vulnerability exists in MITRE Caldera versions 4.2.0 and earlier and 5.0.0 and earlier, which stems from remote code execution in the Dynamic Proxy Compilation feature and allows an attacker to execute...

10CVSS8.9AI score0.23813EPSS
Exploits2References7
osv
osv
added 2025/01/29 5:15 p.m.3 views

CVE-2023-35907

IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts...

9.8CVSS5.8AI score0.00314EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/01/24 12:0 a.m.5 views

IBM Cognos Dashboards on Cloud Pak for Data 代码问题漏洞

IBM Cognos Dashboards on Cloud Pak for Data is a business intelligence tool from International Business Machines IBM. A code issue vulnerability exists in IBM Cognos Dashboards on Cloud Pak for Data versions 4.0.7 and 5.0.0 that stems from dependency obfuscation...

8.8CVSS6.8AI score0.00427EPSS
Exploits0References2
cnnvd
cnnvd
added 2025/01/20 12:0 a.m.6 views

IBM DevOps Velocity和IBM UrbanCode Velocity 安全漏洞

IBM DevOps Velocity and IBM UrbanCode Velocity are both products of International Business Machines IBM.IBM DevOps Velocity is an enterprise-class release management application that supports cloud-native and local deployments.IBM UrbanCode Velocity is an enterprise-class release management and...

4CVSS6AI score0.00206EPSS
Exploits0References2
patchstack
patchstack
added 2025/01/06 1:7 p.m.3 views

WordPress Smart Custom FIelds plugin <= 5.0.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Robert DeVore Patchstack Alliance in WordPress Plugin Smart Custom Fields versions = 5.0.0...

6.5CVSS6.1AI score0.00258EPSS
Exploits0Affected Software1
patchstack
patchstack
added 2024/12/06 1:7 p.m.3 views

WordPress Mollie for Contact Form 7 plugin <= 5.0.0 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Colin Xu in WordPress Plugin Mollie for Contact Form 7 versions = 5.0.0...

6.1CVSS6.3AI score0.0026EPSS
Exploits0References1Affected Software1
cnnvd
cnnvd
added 2024/12/06 12:0 a.m.4 views

SICK InspectorP61x和SICK InspectorP62x 安全漏洞

The SICK InspectorP61x and SICK InspectorP62x are both ultra-compact industrial 2D vision sensors from SICK, Germany. A security vulnerability exists in the SICK InspectorP61x version prior to 5.0.0 and InspectorP62x version prior to 5.0.0, which stems from an unverified firmware update that allo...

8.8CVSS6.8AI score0.00334EPSS
Exploits0References6
cnnvd
cnnvd
added 2024/09/09 12:0 a.m.4 views

Craft CMS 安全漏洞

Craft CMS is a content management system CMS from Craft CMS open source. A security vulnerability exists in Craft CMS versions 5.0.0 through 5.1.1 that stems from the presence of a stored cross-site scripting vulnerability...

5.5CVSS5.8AI score0.00334EPSS
Exploits1References3
osv
osv
added 2024/09/05 4:15 p.m.4 views

CVE-2024-45098

IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification...

8.1CVSS5.8AI score0.00354EPSS
Exploits0References1
cnnvd
cnnvd
added 2024/08/06 12:0 a.m.7 views

DataGear 安全漏洞

DataGear is an open source, free data visualization and analysis platform from DataGear, Inc. A security vulnerability exists in DataGear version 5.0.0 and earlier versions, which originates in the function evaluationVariableExpression in the file ConversionSqlParamValueMapper.java that causes...

8.8CVSS6.5AI score0.0059EPSS
Exploits1References5
vulnersosv
vulnersosv
added 2024/07/10 6:33 a.m.5 views

11x-wagtail-blog (>=0.0.0 <=0.2.0), aldryn-django (>=5.0.2.0 <=5.0.11.0) +234 more potentially affected by CVE-2024-38875 via django (>=5.0.0 <=5.0.6)

django PYPI version =5.0.0, =0.0.0, =5.0.2.0, =0.0.15, =1.14.3, =0.0.20, =0.0.13, =0.0.19, =0.0.34, =0.0.50, =0.0.5, =0.0.11, =1.0.3, =0.1.0, =0.2.5 and more Source cves: CVE-2024-38875 Source advisory: OSV:GHSA-QG2P-9JWR-MMQF...

7.5CVSS6.7AI score0.01187EPSS
Exploits0
cnnvd
cnnvd
added 2024/05/28 12:0 a.m.8 views

IBM Aspera 跨站脚本漏洞

IBM Aspera is a set of fast file transfer and streaming solutions built on the IBM FASP protocol from International Business Machines IBM. A cross-site scripting vulnerability exists in IBM Aspera Faspex versions 5.0.0 through 5.0.6, which stems from the application's lack of effective filtering...

5.4CVSS6AI score0.00247EPSS
Exploits0References3
osv
osv
added 2024/04/19 5:15 p.m.5 views

CVE-2023-37397

IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain or modify sensitive information due to improper encryption of certain data. IBM X-Force ID: 259672...

4.4CVSS5.8AI score0.00078EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2024/04/19 12:0 a.m.5 views

PT-2024-11636 · Ibm · Ibm Aspera Faspex

Name of the Vulnerable Software and Affected Versions: IBM Aspera Faspex versions 5.0.0 through 5.0.7 Description: The issue allows a local user to obtain sensitive information due to weaker than expected security. Recommendations: For IBM Aspera Faspex versions 5.0.0 through 5.0.7, update to a...

5.5CVSS6.3AI score0.00137EPSS
Exploits0References4
cnnvd
cnnvd
added 2024/03/17 12:0 a.m.8 views

JFinalCMS SQL注入漏洞

JFinalCMS is a content management system. JFinalCMS version 5.0.0 suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the file /admin/divdata/delete. An attacker can exploit this vulnerability to execute illegal SQL comman...

7.2CVSS8.1AI score0.00698EPSS
Exploits1References4
osv
osv
added 2024/02/17 2:15 a.m.5 views

CVE-2024-20917

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Log Management. The supported version that is affected is 13.5.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

7.5CVSS7.3AI score0.00378EPSS
Exploits0References1
cnvd
cnvd
added 2024/01/12 12:0 a.m.4 views

JFinalCMS Cross-Site Scripting Vulnerability (CNVD-2024-02993)

JFinalCMS is a content management system. A cross-site scripting vulnerability exists in JFinalcms version 5.0.0, which stems from the application's lack of effective filtering and escaping of user-supplied data, and can be exploited by an attacker to run arbitrary code when creating a new custom...

5.4CVSS6.5AI score0.00408EPSS
Exploits1References1
Rows per page
Query Builder