Lucene search
K

17 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/25 10:52 p.m.6 views

CVE-2026-33913

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an authenticated user with access to the Carecoordination module can upload a crafted CCDA document containing to read arbitrary files from the server. Version 8.0.0....

7.7CVSS5.9AI score0.00294EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/07 9:58 p.m.4 views

CVE-2026-25567

WeKan versions prior to 8.19 contain an insecure direct object reference IDOR in the card comment creation API. The endpoint accepts an authorId from the request body, allowing an authenticated user to spoof the recorded comment author by supplying another user's identifier...

5.3CVSS5.3AI score0.00246EPSS
Exploits0References4
OSV
OSV
added 2024/10/08 4:15 a.m.7 views

AZL-50144 CVE-2024-9026 affecting package php for versions less than 8.1.30-1

In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catchworkersoutput = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log...

3.3CVSS6.5AI score0.00482EPSS
Exploits1References1
OSV
OSV
added 2024/07/16 11:15 p.m.4 views

AZL-49077 CVE-2024-21171 affecting package mysql for versions less than 8.0.40-1

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL...

6.5CVSS7.3AI score0.00876EPSS
Exploits0References1
OSV
OSV
added 2024/06/26 4:15 a.m.5 views

CVE-2024-37138

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 on DDMC contain a relative path traversal vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the application sending over an unauthorized file to the manag...

6.8CVSS5.8AI score0.00401EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/05/18 12:0 a.m.4 views

Accellion Kiteworks 安全漏洞

Accellion Kiteworks is a private cloud file sharing solution. A security vulnerability exists in Accellion Kiteworks version 7.x and version 8.x prior to 8.3.0, which stems from the presence of directory traversal that can lead to unauthenticated file read, file delete, and file write operations...

9.8CVSS6.9AI score0.00856EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/06/02 12:0 a.m.7 views

PT-2023-22899 · Unknown · Tsolucio/Corebos

Name of the Vulnerable Software and Affected Versions: tsolucio/corebos versions prior to 8 Description: The issue is related to Cross-site Scripting XSS - Stored, which affects the GitHub repository tsolucio/corebos. Recommendations: For versions prior to 8, update to version 8 or later to resol...

7.6CVSS5.9AI score0.00569EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/11/14 12:0 a.m.4 views

PortlandLabs Concrete CMS 授权问题漏洞

PortlandLabs Concrete CMS is a team-oriented open source content management system from PortlandLabs, Inc. in the United States. A security vulnerability exists in Concrete CMS concrete5 versions prior to 8.5.10 and versions 9.0.0 through 9.1.2, which stems from a new session ID not being issued...

5.4CVSS5.7AI score0.00584EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2022/09/20 1:42 p.m.4 views

mysql: Server: Security: Encryption unspecified vulnerability (CPU Jul 2022)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Encryption. Supported versions that are affected are 8.0.29 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server...

3.1CVSS7.3AI score0.00705EPSS
Exploits0References4
OSV
OSV
added 2022/06/27 4:15 p.m.0 views

DEBIAN-CVE-2022-2210

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2...

7.8CVSS7.6AI score0.01331EPSS
Exploits1References1
OSV
OSV
added 2022/01/19 12:15 p.m.4 views

AZL-7719 CVE-2022-21329 affecting package mysql for versions less than 8.0.28-1

Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physica...

6.3CVSS6.7AI score0.02621EPSS
Exploits0References1
OSV
OSV
added 2022/01/19 12:15 p.m.4 views

AZL-7695 CVE-2022-21279 affecting package mysql for versions less than 8.0.28-1

Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physica...

6.3CVSS6.7AI score0.78951EPSS
Exploits0References1
OSV
OSV
added 2020/01/30 6:15 p.m.3 views

CVE-2020-8092

A privilege escalation vulnerability in BDLDaemon as used in Bitdefender Antivirus for Mac allows a local attacker to obtain authentication tokens for requests submitted to the Bitdefender Cloud. This issue affects: Bitdefender Bitdefender Antivirus for Mac versions prior to 8.0.0...

5.5CVSS6.1AI score0.00264EPSS
Exploits0References1
OSV
OSV
added 2018/07/18 1:29 p.m.2 views

CVE-2018-2905

Vulnerability in the Sun ZFS Storage Appliance Kit AK component of Oracle Sun Systems Products Suite subcomponent: Core Services. The supported version that is affected is Prior to 8.7.20. Easily exploitable vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromi...

5.3CVSS7.3AI score0.0211EPSS
Exploits0References3
CNVD
CNVD
added 2018/03/14 12:0 a.m.2 views

libvips vips_region_generate function denial of service vulnerability

libvips is an open source 2D image processing library . A security vulnerability exists in the 'vipsregiongenerate' function of the region.c file in versions of libvips prior to 8.6.3. A remote attacker can exploit this vulnerability to cause a denial of service with a specially crafted image fil...

7.5CVSS6.7AI score0.0188EPSS
Exploits1References1
CNVD
CNVD
added 2017/01/19 12:0 a.m.3 views

Zimbra Collaboration suffers from multiple cross-site scripting vulnerabilities (CNVD-2017-00757)

Zimbra can provide open source email server software and shared calendars. Multiple cross-site scripting vulnerabilities in versions prior to Zimbra Collaboration 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors also known as Bugs 104222,104910,105071 an...

6.1CVSS6.1AI score0.01449EPSS
Exploits0References1
OSV
OSV
added 2017/01/18 10:59 p.m.2 views

CVE-2016-3411

Cross-site scripting XSS vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 103609...

6.1CVSS5.9AI score
Exploits0References4
Rows per page
Query Builder