Lucene search
K

19 matches found

CVE
CVE
added 2026/05/11 9:9 p.m.15 views

CVE-2026-43890

The CVE-2026-43890 issue in Outline affects the subscriptions.create API (server/routes/api/subscriptions/subscriptions.ts) from versions 0.84.0–1.7.0. When a request provides both collectionId and documentId, the route authorizes only the collection branch (if (collectionId)), while the downstre...

7.7CVSS5.8AI score0.00205EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/08 8:21 p.m.11 views

CVE-2026-41654

Weblate is a web based localization tool. Prior to version 5.17.1, an authenticated user with project.add permission default on hosted Weblate SaaS and for any user holding an active billing/trial plan can import a crafted project backup ZIP whose components/.json contains an attacker-chosen repo...

8.1CVSS5.7AI score0.00371EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/24 1:14 p.m.17 views

CVE-2026-33497 Langflow: /profile_pictures/{folder_name}/{file_name} endpoint file reading

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.1, in the downloadprofilepicture function of the /profilepictures/foldername/filename endpoint, the foldername and filename parameters are not strictly filtered, which allows the secretkey to be re...

8.7CVSS0.07992EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.6 views

PT-2026-26369

Summary AWS-LC is an open-source, general-purpose cryptographic library. Impact A logic error in CRL distribution point matching in AWS-LC allows a revoked certificate to bypass revocation checks during certificate validation, when the application enables CRL checking and uses partitioned CRLs wi...

9.1CVSS5.9AI score0.00252EPSS
Exploits0References16
OSV
OSV
added 2026/03/03 9:15 p.m.4 views

CVE-2026-1713

IBM MQ 9.1.0.0 through 9.1.0.33 LTS, 9.2.0.0 through 9.2.0.40 LTS, 9.3.0.0 through 9.3.0.36 LTS, 9.30.0 through 9.3.5.1 CD, 9.4.0.0 through 9.4.0.17 LTS, and 9.4.0.0 through 9.4.4.1 CD...

5CVSS5.8AI score0.00114EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/18 8:59 p.m.21 views

CVE-2026-24743 InvoicePlane has a Stored Cross-Site Scripting (XSS) issue

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability occurs in the upload Invoice Logo functions of InvoicePlane version 1.7.0. The Upload Invoice Logo function allows the application to upload svg file...

5.7CVSS0.0022EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2026/02/12 9:48 p.m.6 views

CVE-2026-26076

ntpd-rs is a full-featured implementation of the Network Time Protocol. Prior to 1.7.1, an attacker can remotely induce moderate increases 2-4 times above normal in cpu usage. When having NTS enabled on an ntpd-rs server, an attacker can create malformed NTS packets that take significantly more...

7.5CVSS5.4AI score0.00349EPSS
Exploits0
CNNVD
CNNVD
added 2025/12/03 12:0 a.m.7 views

EyouCMS 安全漏洞

EyouCMS is an open source content management system CMS based on ThinkPHP by China Eyou Eyou. A security vulnerability exists in EyouCMS v1.7.1, which originates from XML external entity injection and could lead to a denial of service attack...

9.1CVSS6.9AI score0.00372EPSS
Exploits1References2
EUVD
EUVD
added 2025/11/06 3:53 p.m.4 views

EUVD-2025-38027

Path Traversal: '.../...//' vulnerability in Mikado-Themes Wanderland wanderland allows PHP Local File Inclusion.This issue affects Wanderland: from n/a through = 1.7.1...

8.5AI score0.00561EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/23 12:0 a.m.4 views

PT-2025-34514 · WordPress · Shortcodehub

Name of the Vulnerable Software and Affected Versions: ShortcodeHub plugin for WordPress versions up to and including 1.7.1 Description: The ShortcodeHub plugin for WordPress is susceptible to Stored Cross-Site Scripting via the author link target parameter due to insufficient input sanitization...

6.4CVSS5.8AI score0.00222EPSS
Exploits0References7
OSV
OSV
added 2025/05/21 3:16 p.m.4 views

ALPINE-CVE-2024-23337

jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch for the issue...

6.5CVSS6.9AI score0.00351EPSS
Exploits1References1
Patchstack
Patchstack
added 2025/03/11 9:47 p.m.4 views

WordPress Display Template Name plugin <= 1.7.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Display Template Name versions = 1.7.1...

4.3CVSS8.9AI score0.00158EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2025/01/02 12:0 a.m.3 views

WordPress plugin Metorik 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site reques...

4.3CVSS6.6AI score0.00191EPSS
Exploits0References1
OSV
OSV
added 2024/09/13 6:15 a.m.5 views

AZL-49173 CVE-2024-46674 affecting package kernel for versions less than 5.15.167.1-1

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: st: fix probed platform device ref count on probe error path The probe function never performs any paltform device allocation, thus error path "undoplatformdevalloc" is entirely bogus. It drops the reference count from...

7.8CVSS6.3AI score0.00278EPSS
Exploits0References1
OSV
OSV
added 2023/12/13 9:15 p.m.2 views

DEBIAN-CVE-2023-50246

jq is a command-line JSON processor. Version 1.7 is vulnerable to heap-based buffer overflow. Version 1.7.1 contains a patch for this issue...

5.5CVSS6.4AI score0.00514EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2022/03/06 12:0 a.m.4 views

PT-2022-13368 · Archivy · Archivy

Name of the Vulnerable Software and Affected Versions: archivy versions prior to 1.7.0 archivy versions prior to 1.7.1 Description: The issue is an Open Redirect in the GitHub repository archivy/archivy. Recommendations: For versions prior to 1.7.0, update to version 1.7.0 or later. For versions...

6.1CVSS4.5AI score0.00618EPSS
Exploits1References12
CNVD
CNVD
added 2018/12/19 12:0 a.m.1 views

ABB CMS-770 Authentication Bypass Vulnerability

The CMS-770 is a multi-loop monitoring system from ABB for monitoring branch circuits in electrical systems. An authentication bypass vulnerability exists in ABB CMS-770 version 1.7.1 and earlier. An attacker could exploit the vulnerability to read sensitive configuration files, which could be us...

6.5CVSS7.4AI score0.00766EPSS
Exploits0References1
CNVD
CNVD
added 2017/11/29 12:0 a.m.2 views

Zulip Server invitation system unauthorized operation vulnerability

Zulip Server is a set of open source group chat application written in Python based on the Django framework. invitation system is one of the invitation system . A security vulnerability exists in the invitation system in Zulip Server versions prior to 1.7.1. An attacker can exploit this...

8.8CVSS6.7AI score0.01087EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2015/04/28 12:0 a.m.4 views

The vulnerability of the Red Hat Enterprise Linux operating system allows a remote attacker to compromise the integrity of protected information.

The vulnerability of the git-1.7.1 package for the Red Hat Enterprise Linux operating system can lead to a breach of protected information. This vulnerability can be exploited remotely...

4.3CVSS5.4AI score0.01661EPSS
Exploits0References2
Rows per page
Query Builder