Lucene search
K

5 matches found

Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.15 views

PT-2026-37337

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.1 Description When a NodeVM is created with the nesting variable set to true, sandbox code can unconditionally use require'vm2' regardless of the outer VM's require configuration, including when require is set to...

9.9CVSS6.6AI score0.009EPSS
Exploits1References16
Cvelist
Cvelist
added 2026/04/17 9:12 p.m.27 views

CVE-2026-40258 Gramps Web API has Zip Slip Path Traversal in Media Archive Import

The Gramps Web API is a Python REST API for the genealogical research software Gramps. Versions 1.6.0 through 3.11.0 have a path traversal vulnerability Zip Slip in the media archive import feature. An authenticated user with owner-level privileges can craft a malicious ZIP file with...

9.1CVSS0.00401EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.6 views

PT-2026-31028

Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records to be processed prior to the Finished message being received. A server which is attempting to enforce client authentication via certificates can by bypassed by a client which...

8.7CVSS5.9AI score0.00233EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/12/21 8:45 p.m.42 views

CVE-2023-6690

A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on transferred repositories by making a GraphQL mutation to alter repository permissions during the transfer. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed i...

3.9CVSS4.6AI score0.00326EPSS
Exploits0References4
Patchstack
Patchstack
added 2023/04/14 12:0 a.m.12 views

WordPress Easy Appointments Plugin <= 3.10.7 is vulnerable to Cross Site Scripting (XSS)

Software Easy Appointments Type Plugin Vulnerable versions = 3.10.7 Fixed in 3.11.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-30748 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 10936713e96a Credits István Márton...

6AI score0.00341EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder