Lucene search
+L

400 matches found

CNVD
CNVD
added 2025/12/15 12:0 a.m.8 views

Adobe ColdFusion XML External Entity References Improperly Restricted Vulnerability

Adobe ColdFusion is a dynamic Web server platform and application development framework maintained by Adobe for rapidly building and deploying data-driven dynamic Web sites, Web applications, and enterprise-class services. Adobe ColdFusion suffers from an improperly restricted XML external entity...

6.2CVSS6AI score0.00429EPSS
Exploits0References1
CNVD
CNVD
added 2025/12/15 12:0 a.m.5 views

Adobe ColdFusion XML External Entity References Improperly Restricted Vulnerability (CNVD-2026-0494441)

Adobe ColdFusion is a dynamic Web server platform and application development framework maintained by Adobe for rapidly building and deploying data-driven dynamic Web sites, Web applications, and enterprise-class services. Adobe ColdFusion suffers from an improperly restricted XML external entity...

8.6CVSS6AI score0.00474EPSS
Exploits0References1
CNVD
CNVD
added 2025/12/15 12:0 a.m.5 views

Adobe ColdFusion XML External Entity References Improperly Restricted Vulnerability (CNVD-2026-0494343)

Adobe ColdFusion is a dynamic Web server platform and application development framework maintained by Adobe for rapidly building and deploying data-driven dynamic Web sites, Web applications, and enterprise-class services. Adobe ColdFusion suffers from an improperly restricted XML external entity...

8.6CVSS6AI score0.00468EPSS
Exploits0References1
Veracode
Veracode
added 2025/12/13 7:22 a.m.7 views

XML External Entity (XXE) Injection

peppolpy is vulnerable to XML External Entity XXE injection. The vulnerability is due to insecure Saxon XML parser configuration, where external entities are allowed during XML invoice validation, enabling attackers to read local files and exfiltrate their contents to a remote host...

5CVSS5.7AI score0.00306EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2025/12/01 10:45 p.m.16 views

CVE-2025-66448 vLLM vulnerable to remote code execution via transformers_utils/get_config

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.11.1, vllm has a critical remote code execution vector in a config class named NemotronNanoVLConfig. When vllm loads a model config that contains an automap entry, the config class resolves that mapping with...

7.1CVSS0.00598EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/11/27 3:30 a.m.35 views

Ray's New Token Authentication is Disabled By Default

Anyscale Ray 2.52.0 contains an insecure default configuration in which token-based authentication for Ray management interfaces including the dashboard and Jobs API is disabled unless explicitly enabled by setting RAYAUTHMODE=token. In the default unauthenticated state, a remote attacker with...

8.2AI score0.00474EPSS
Exploits5References10Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/22 3:33 p.m.9 views

CVE-2025-13357

Vault’s Terraform Provider incorrectly set the default denynullbind parameter for the LDAP auth method to false by default, potentially resulting in an insecure configuration. If the underlying LDAP server allowed anonymous or unauthenticated binds, this could result in authentication bypass. Thi...

9.8CVSS7.1AI score0.00503EPSS
Exploits0References1
OSV
OSV
added 2025/11/21 3:2 p.m.5 views

CVE-2025-13357 Vault Terraform Provider Applied Incorrect Defaults for LDAP Auth Method

Vault’s Terraform Provider incorrectly set the default denynullbind parameter for the LDAP auth method to false by default, potentially resulting in an insecure configuration. If the underlying LDAP server allowed anonymous or unauthenticated binds, this could result in authentication bypass. Thi...

7.4CVSS6.1AI score0.00503EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/11/11 1:44 p.m.5 views

CVE-2025-64690

In JetBrains YouTrack before 2025.3.104432 insecure Junie configuration could lead to data exposure and unauthorized changes...

6.5CVSS6.8AI score0.00004EPSS
Exploits0References1
NVD
NVD
added 2025/11/10 2:15 p.m.8 views

CVE-2025-64690

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers...

0.00004EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2025/10/30 9:41 p.m.5 views

CVE-2025-34134 Nagios XI < 2024R1.4.2 RCE via Business Process Intelligence (BPI)

Nagios XI versions prior to 2024R1.4.2 contain a remote code execution vulnerability in the Business Process Intelligence BPI component. Insufficient validation and sanitization of administrator-controlled BPI configuration parameters notably bpilogfile and bpiconfigfile allow an authenticated...

9.4CVSS8AI score0.02194EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2020-7253

Malware in sbrugna...

7.2CVSS7AI score0.02807EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2015-0028

Malware in sbrugna...

4.3CVSS6AI score0.02586EPSS
Exploits0References18
EUVD
EUVD
added 2025/10/07 12:30 a.m.13 views

EUVD-2021-0872

Malware in sbrugna...

6.5CVSS6.4AI score0.01001EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-21860

Malware in sbrugna...

10CVSS9AI score0.01736EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2021-1431

Malware in sbrugna...

4.4CVSS4.4AI score0.00262EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2007-6687

Malware in sbrugna...

5CVSS6.4AI score0.01298EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-13792

Malware in sbrugna...

8.3CVSS8.3AI score0.0059EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-7264

Malware in sbrugna...

9.8CVSS9.2AI score0.03441EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-23128

Malware in sbrugna...

6.8CVSS6.6AI score0.00235EPSS
Exploits0References3
Rows per page
Query Builder