Lucene search
K

7112 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 11:39 a.m.8 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses qs-6.13.0.tgz, qs-6.14.0.tgz which is vulnerable to CVE-2025-15284.

Summary IBM Maximo Application Suite - Monitor Component uses qs-6.13.0.tgz, qs-6.14.0.tgz which is vulnerable to CVE-2025-15284. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability in qs...

6.3CVSS5.9AI score0.0041EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 11:37 a.m.12 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses transformers-4.53.0-py3-none-any.whl which is vulnerable to multiple CVEs.

Summary IBM Maximo Application Suite - Monitor Component uses transformers-4.53.0-py3-none-any.whl which is vulnerable to CVE-2025-14920, CVE-2025-14921, CVE-2025-14926, CVE-2025-14927, CVE-2025-14924, CVE-2025-14928, CVE-2025-14929, CVE-2025-14930. This bulletin contains information addressing t...

7.8CVSS6.3AI score0.00315EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 11:35 a.m.12 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses tornado-6.5-cp39-abi3-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl which is vulnerable to CVE-2025-67724, CVE-2025-67725, CVE-2025-67726.

Summary IBM Maximo Application Suite - Monitor Component uses tornado-6.5-cp39-abi3-manylinux25x8664.manylinux1x8664.manylinux217x8664.manylinux2014x8664.whl which is vulnerable to CVE-2025-67724, CVE-2025-67725, CVE-2025-67726. This bulletin contains information addressing the vulnerability...

7.5CVSS5.8AI score0.00396EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/02/27 9:30 a.m.5 views

EUVD-2026-9017

The Simple Download Monitor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

6.4CVSS6AI score0.00197EPSS
Exploits0References5
NVD
NVD
added 2026/02/27 9:16 a.m.6 views

CVE-2026-2383

The Simple Download Monitor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

6.4CVSS0.00197EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/27 8:24 a.m.2 views

CVE-2026-2383 Simple Download Monitor <= 4.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Field

The Simple Download Monitor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

6.4CVSS5.9AI score0.00197EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.4 views

PT-2026-22319

The Simple Download Monitor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

6.4CVSS6AI score0.00197EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.9 views

WordPress plugin Simple Download Monitor 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.6AI score0.00197EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/02/26 11:43 p.m.7 views

WordPress Simple Download Monitor plugin <= 4.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Field vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Custom Field vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Simple Download Monitor versions = 4.0.5...

6.4CVSS5.3AI score0.00197EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/02/26 6:23 p.m.6 views

CVE-2026-26932

Improper Validation of Array Index CWE-129 in the PostgreSQL protocol parser in Packetbeat can lead Denial of Service via Input Data Manipulation CAPEC-153. An attacker can send a specially crafted packet causing a Go runtime panic that terminates the Packetbeat process. This vulnerability requir...

7.5CVSS5.8AI score
Exploits0References1
OSV
OSV
added 2026/02/26 3:21 p.m.3 views

SUSE-SU-2026:0668-1 Security update for ucode-intel

This update for ucode-intel fixes the following issues: - Intel CPU Microcode was updated to the 20260210 release bsc1258046 - CVE-2024-24853: Updated fix for incorrect behavior order in transition between executive monitor and SMI transfer monitor STM in some IntelR Processor may allow a...

7.3CVSS5.8AI score0.00232EPSS
Exploits0References5
OSV
OSV
added 2026/02/26 10:48 a.m.4 views

SUSE-SU-2026:20522-1 Security update for ucode-intel

This update for ucode-intel fixes the following issues: - Intel CPU Microcode was updated to the 20260210 release bsc1258046: - CVE-2024-24853: Updated fix for incorrect behavior order in transition between executive monitor and SMI transfer monitor STM in some IntelR Processor may allow a...

7.3CVSS5.8AI score0.00232EPSS
Exploits0References5
EUVD
EUVD
added 2026/02/25 6:9 p.m.6 views

EUVD-2026-8684

OneUptime: OS Command Injection in Probe NetworkPathMonitor via unsanitized destination in traceroute exec...

9.9CVSS5.3AI score0.01729EPSS
Exploits1References2
OSV
OSV
added 2026/02/25 6:9 p.m.4 views

GHSA-JMHP-5558-QXH5 OneUptime: OS Command Injection in Probe NetworkPathMonitor via unsanitized destination in traceroute exec()

Summary An OS command injection vulnerability in NetworkPathMonitor.performTraceroute allows any authenticated project user to execute arbitrary operating system commands on the Probe server by injecting shell metacharacters into a monitor's destination field. Details The vulnerability exists in...

9.9CVSS6.6AI score0.01729EPSS
Exploits1References4
NVD
NVD
added 2026/02/25 5:25 p.m.12 views

CVE-2026-27728

OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.7, an OS command injection vulnerability in NetworkPathMonitor.performTraceroute allows any authenticated project user to execute arbitrary operating system commands on the Probe server by injecting shell...

9.9CVSS0.01729EPSS
Exploits1References2
CVE
CVE
added 2026/02/25 4:25 p.m.14 views

CVE-2026-27728

OneUptime prior to v10.0.7 contains an OS command injection vulnerability in NetworkPathMonitor.performTraceroute() that allows an authenticated project user to inject shell metacharacters into a monitor destination, enabling arbitrary commands on the Probe server. Affected version: before 10.0.7...

9.9CVSS6.2AI score0.01729EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/02/25 4:25 p.m.22 views

CVE-2026-27728 OneUptime: OS Command Injection in Probe NetworkPathMonitor via unsanitized destination in traceroute exec()

OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.7, an OS command injection vulnerability in NetworkPathMonitor.performTraceroute allows any authenticated project user to execute arbitrary operating system commands on the Probe server by injecting shell...

9.9CVSS0.01729EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.8 views

PT-2026-21959

Name of the Vulnerable Software and Affected Versions OneUptime versions prior to 10.0.7 Description OneUptime, a service monitoring solution, contains an OS command injection flaw in the NetworkPathMonitor.performTraceroute function. Any authenticated project user can execute arbitrary operating...

9.9CVSS5.8AI score0.01729EPSS
Exploits1References13
Snyk
Snyk
added 2026/02/24 4:0 p.m.2 views

Arbitrary Code Injection

Overview @oneuptime/common is a The OneUptime Common UI Library is a collection of shared components, utilities that are used across the OneUptime platform. It is designed to be easy to install and use, and to be extensible. This library is built with React and TypeScript. It includes c Affected...

9.9CVSS6.3AI score0.00504EPSS
Exploits2References2
Ubuntu
Ubuntu
added 2026/02/24 11:20 a.m.16 views

USN-8029-3: Linux kernel (Azure) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - Nios II architecture; - PA-RISC architecture; - RISC-V architecture; -...

7.8CVSS7.7AI score0.00544EPSS
Exploits4
Rows per page
Query Builder