Lucene search
K

377 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 6:34 p.m.7 views

CVE-2021-32812

Monkshu is an enterprise application server for mobile apps iOS and Android, responsive HTML 5 apps, and JSON API services. In version 2.90 and earlier, there is a reflected cross-site scripting vulnerability in frontend HTTP server. The attacker can send in a carefully crafted URL along with a...

6.1CVSS5.9AI score0.00831EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:58 a.m.5 views

CVE-2019-9749

An issue was discovered in the MQTT input plugin in Fluent Bit through 1.0.4. When this plugin acts as an MQTT broker server, it mishandles incoming network messages. After processing a crafted packet, the plugin's mqttpacketdrop function in /plugins/inmqtt/mqttprot.c executes the memmove functio...

7.5CVSS6.8AI score0.01657EPSS
Exploits1References1
Citrix
Citrix
added 2025/05/05 12:0 a.m.24 views

CWA Mac 2503: Launch Failure “no Citrix SSL server configured on the specified address”

Users who are on Citrix Workspace app for Mac 2503, attempting to launch Citrix sessions, may encounter a failure. The following error message is displayed to the end user: “No Citrix SSL Server configured on the specified address." as below...

7AI score
Exploits0
Citrix
Citrix
added 2025/04/29 12:0 a.m.24 views

Citrix License Server - Error "The License Activation Service entitlement could not be retrieved"

After upgrading the License Server to the latest version License Server 11.17.2.0, Build 51000, the following warning message is observed: "The License Activation Service entitlement could not be retrieved. Check your connection to License Activation Service and restart the web services used for...

7.1AI score
Exploits0
CVE
CVE
added 2025/04/22 5:45 p.m.55 views

CVE-2025-32959

CVE-2025-32959 affects CUBA Platform: before 7.2.23 the local file storage does not restrict uploaded file sizes, allowing an attacker to exhaust server disk space and cause HTTP 500 DoS. The issue is fixed in 7.2.23; a workaround is documented in Jmix files vulnerability guidance. Applied mitiga...

6.5CVSS6.3AI score0.00435EPSS
Exploits0References5
CVE
CVE
added 2025/04/14 12:5 p.m.80 views

CVE-2024-49705

Technical details are not publicly provided in the supplied documents. Monitor for updates.

6.5CVSS6.4AI score0.00269EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/03/20 12:32 p.m.2 views

GHSA-879V-FGGM-VXW2 LiteLLM Has a Leakage of Langfuse API Keys

In berriai/litellm version v1.52.1, an issue in proxyserver.py causes the leakage of Langfuse API keys when an error occurs while parsing team settings. This vulnerability exposes sensitive information, including langfusesecret and langfusepublickey, which can provide full access to the Langfuse...

7.5CVSS5.9AI score0.00523EPSS
Exploits1References3
NVD
NVD
added 2025/03/20 10:15 a.m.7 views

CVE-2024-11040

Rejected reason: REJECT DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-8939. Notes: All CVE users should reference CVE-2024-8939 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage...

Exploits0
CVE
CVE
added 2025/03/20 10:10 a.m.49 views

CVE-2024-11040

CVE-2024-11040 entry is rejected and not used; duplicate of CVE-2024-8939.

7.5AI score
Exploits0
Vulnrichment
Vulnrichment
added 2025/03/20 10:10 a.m.8 views

CVE-2024-11040

...

7.6AI score
Exploits0
Vulnrichment
Vulnrichment
added 2025/03/20 10:9 a.m.9 views

CVE-2025-0330 Exposure of Sensitive Information in berriai/litellm

In berriai/litellm version v1.52.1, an issue in proxyserver.py causes the leakage of Langfuse API keys when an error occurs while parsing team settings. This vulnerability exposes sensitive information, including langfusesecret and langfusepublickey, which can provide full access to the Langfuse...

7.5CVSS7.5AI score0.00523EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/02/05 12:0 a.m.6 views

Mobile Security Framework 安全漏洞

Mobile Security Framework MobSF is an automated all-in-one mobile application open-sourced by Mobile Security Framework. It is used for penetration testing, malware analysis, and security assessments, and is capable of performing both static and dynamic analysis. A security vulnerability exists i...

4.8CVSS6.4AI score0.00448EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/02/05 12:0 a.m.6 views

PT-2025-5746 · Unknown · Mobile Security Framework

Name of the Vulnerable Software and Affected Versions: Mobile Security Framework MobSF versions prior to 4.3.1 Description: The issue arises when an attacker manually modifies the CFBundleIdentifier value in the Info.plist file by adding special characters, which are not allowed according to...

4.8CVSS6.6AI score0.00448EPSS
Exploits1References12
Tenable Nessus
Tenable Nessus
added 2024/12/23 12:0 a.m.17 views

Amazon Linux 2 : postgresql (ALASPOSTGRESQL14-2024-014)

The version of postgresql installed on the remote host is prior to 14.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2POSTGRESQL14-2024-014 advisory. Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change...

8.8CVSS7.3AI score0.04422EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2024/12/23 12:0 a.m.29 views

Amazon Linux 2 : postgresql (ALASPOSTGRESQL13-2024-008)

The version of postgresql installed on the remote host is prior to 13.17-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2POSTGRESQL13-2024-008 advisory. Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change...

8.8CVSS7.3AI score0.04422EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2024/12/11 12:0 a.m.20 views

Amazon Linux 2023 : postgresql15, postgresql15-contrib, postgresql15-llvmjit (ALAS2023-2024-787)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-787 advisory. Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction...

8.8CVSS7.2AI score0.04422EPSS
Exploits1References10
SUSE Linux
SUSE Linux
added 2024/11/28 3:11 p.m.8 views

Security update for tomcat

This update for tomcat fixes the following issues: Update to Tomcat 9.0.97 Fixed CVEs: CVE-2024-52316: If the Jakarta Authentication fails with an exception, set a 500 status bsc1233434 Catalina Add: Add support for the new Servlet API method HttpServletResponse.sendEarlyHints. markt Add: 55470:...

10CVSS8.2AI score0.06287EPSS
Exploits1References4
AstraLinux
AstraLinux
added 2024/11/23 3:4 a.m.1 views

Astra Linux – Vulnerability in PostgresSQL-15

The use of server error messages by clients in PostgreSQL allows a server that is not trusted under current SSL or GSS settings to send arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message claiming that a human user or someone...

3.7CVSS6.8AI score0.0038EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/11/23 12:0 a.m.7 views

CBL Mariner 2.0 Security Update: postgresql (CVE-2024-10977)

The version of postgresql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-10977 advisory. - Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS...

3.7CVSS6.6AI score0.0038EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2024/11/18 8:20 a.m.9 views

CVE-2024-10977

A flaw was found in PostgreSQL's error message handling. This vulnerability allows a Man-in-the-middle attacker to inject arbitrary non-NUL bytes into the libpq application via a server error message. Mitigation Make sure PostgreSQL is configured to use trusted SSL or GSS settings to prevent...

3.1CVSS6.4AI score0.0038EPSS
Exploits0References4
Rows per page
Query Builder