Lucene search
K

11 matches found

Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-54929

FatFs R0.16 and earlier contains a stack overflow bug in f getlabel because exFAT label length XDIR NumLabel is trusted without enforcing spec maximums. This maps to CWE-121 Stack-based Buffer Overflow. Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 7.6, High. The...

7.6CVSS5.8AI score0.00232EPSS
Exploits2References6
SUSE CVE
SUSE CVE
added 2026/04/02 11:27 p.m.6 views

SUSE CVE-2026-27489

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. Prior to version 1.21.0, a path traversal vulnerability via symlink allows to read arbitrary files outside model or user-provided directory. This issue has been patched in version 1.21.0...

8.7CVSS5.9AI score0.00593EPSS
Exploits1References3
CVE
CVE
added 2026/04/01 5:33 p.m.23 views

CVE-2026-27489

CVE-2026-27489: Open Neural Network Exchange (ONNX) prior to 1.21.0 suffers a path-traversal via symlink vulnerability that allows reading files outside the model or user directory. Affected product detail in IBM Watson Speech Services Cartridge (versions 4.0.0–5.3.1); fix is in 5.3.1 Patch 5 (5....

8.7CVSS5.9AI score0.00593EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/28 5:49 p.m.7 views

InventoryGui allows item duplication in GUIs which use GuiStorageElement

Impact Any plugin using a GUI with the GuiStorageElement and allows taking out items out of that element. Patches InventoryGui 1.6.5 included in latest 1.6.5-SNAPSHOT by disabling GuiStorageElement when not running on 1.21.9 or later. Workarounds Not using the GuiStorageElement...

5.3CVSS6.9AI score0.00202EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 5:18 a.m.6 views

CVE-2023-30785

Unauth. Reflected Cross-Site Scripting XSS vulnerability in I Thirteen Web Solution Video Grid plugin = 1.21 versions...

7.1CVSS5.8AI score0.00379EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/01/02 8:28 a.m.5 views

Mozilla: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6

The Mozilla Foundation Security Advisory describes this flaw as: Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run...

8.8CVSS7.5AI score0.01194EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/12/19 12:0 a.m.1 views

Mozilla Firefox Security Vulnerability

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox, which stems from a security flaw in the ShutdownObserver function. Affected products and versions: Firefox ESR before 115.6, Thunderbird before 115.6...

8.8CVSS6.6AI score0.01037EPSS
Exploits0References14
OSV
OSV
added 2023/10/27 8:15 a.m.2 views

CVE-2023-44219

A local privilege escalation vulnerability in SonicWall Directory Services Connector Windows MSI client 4.1.21 and earlier versions allows a local low-privileged user to gain system privileges through running the recovery feature...

7.8CVSS5.8AI score0.00175EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/05/06 5:15 p.m.2 views

CVE-2022-28507

Dragon Path Technologies Bharti Airtel Routers Hardware BDT-121 version 1.0 is vulnerable to Cross Site Scripting XSS via Dragon path router admin page...

4.8CVSS5.9AI score0.00528EPSS
Exploits1References3
CNVD
CNVD
added 2017/11/03 12:0 a.m.2 views

iTech Gigs Script SQL Injection Vulnerability

iTech Gigs Script is an e-commerce website building system. The system features user registration, quotes and comments. A SQL injection vulnerability exists in iTech Gigs Script version 1.21. A remote attacker can inject SQL commands by sending the 'sc' parameter to the browse-scategory.php file ...

9.8CVSS10AI score0.02066EPSS
Exploits4References1
RedHat Linux
RedHat Linux
added 2017/02/09 12:5 p.m.4 views

OpenJDK: ECDSA implementation timing attack (Libraries, 8168724)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protoco...

6.5CVSS7.4AI score0.03144EPSS
Exploits0References4
Rows per page
Query Builder