Lucene search
K

25 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Mariadb 10.3

A issue was discovered in the Field::setdefault component of MariaDB Server v10.6 and earlier versions. This issue allows attackers to cause a Denial of Service DoS attack through specially crafted SQL statements...

7.5CVSS7.5AI score0.02159EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.17 views

PT-2026-40928

Name of the Vulnerable Software and Affected Versions Verba versions prior to 10.0.6 Description A Stored Cross-Site Scripting XSS issue exists in the login logging mechanism. An unauthenticated remote attacker can inject a malicious payload into the username field during a failed login attempt...

6.1CVSS5.8AI score0.00205EPSS
Exploits0References3
OSV
OSV
added 2026/05/04 6:16 p.m.6 views

UBUNTU-CVE-2026-37459

An integer underflow in FRRouting FRR stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...

7.5CVSS5.8AI score0.00371EPSS
Exploits0References3
CVE
CVE
added 2026/05/04 12:0 a.m.24 views

CVE-2026-37458

CVE-2026-37458 involves FRRouting (FRR) with a missing input validation in the MP_REACH_NLRI component, affecting FRR stable/10.0 to stable/10.6. An authenticated attacker can cause a Denial of Service by sending a crafted UPDATE message. The available connected documents confirm the affected sof...

6.5CVSS5.8AI score0.00249EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.6 views

openSUSE 16 Security Update : ghostscript (openSUSE-SU-2026:20592-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20592-1 advisory. Update to version 10.06.0. Security issues fixed: - CVE-2025-59800: an integer overflow can lead to a heap-based buffer overflow in ocrline8...

5.5CVSS6.2AI score0.00276EPSS
Exploits0References18
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 8 : pki-deps:10.6 (AXSA:2021-2278:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2278:01 advisory. resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class CVE-2020-1695 Tenable has extracted the preceding description block...

7.5CVSS5.6AI score0.02023EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 8 : pki-deps:10.6 (AXSA:2024-8412:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8412:01 advisory. jackson-databind: denial of service via a large depth of nested objects CVE-2020-36518 Tenable has extracted the preceding description block directly from th...

7.5CVSS7.7AI score0.0486EPSS
Exploits1References2
OSV
OSV
added 2025/08/20 10:3 a.m.5 views

RHSA-2025:14126 Red Hat Security Advisory: pki-deps:10.6 security update

Bulletin has no description...

7.5CVSS7.2AI score0.00634EPSS
Exploits0References9
OSV
OSV
added 2025/08/20 10:3 a.m.4 views

RHSA-2025:14116 Red Hat Security Advisory: pki-deps:10.6 security update

Bulletin has no description...

7.5CVSS7.2AI score0.00634EPSS
Exploits0References9
OSV
OSV
added 2025/06/10 11:51 a.m.3 views

BIT-MARIADB-MIN-2022-27457

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component mymbwclatin1 at /strings/ctype-latin1.c...

7.5CVSS7AI score0.01663EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/05/23 8:42 a.m.10 views

CVE-2024-5077

The wp-eMember WordPress plugin before 10.6.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

6.8CVSS5.9AI score0.00216EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/15 5:8 p.m.25 views

CVE-2025-27103

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass for the patch for CVE-2024-55953 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.6. ...

8.6CVSS6.9AI score0.01032EPSS
Exploits2References1
OSV
OSV
added 2024/10/04 7:15 a.m.2 views

CVE-2024-9306

The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 10.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.8CVSS5.7AI score
Exploits0References2
CNNVD
CNNVD
added 2024/10/04 12:0 a.m.3 views

WordPress plugin WP Booking Calendar 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

4.8CVSS6.1AI score0.00296EPSS
Exploits0References3
OSV
OSV
added 2023/01/26 9:18 p.m.1 views

UBUNTU-CVE-2023-22500

GLPI is a Free Asset and IT Management Software package. Versions 10.0.0 and above, prior to 10.0.6 are vulnerable to Incorrect Authorization. This vulnerability allow unauthorized access to inventory files. Thus, if anonymous access to FAQ is allowed, inventory files are accessbile by...

7.5CVSS5.8AI score0.00844EPSS
Exploits0References3
OSV
OSV
added 2023/01/26 9:18 p.m.3 views

UBUNTU-CVE-2023-22724

GLPI is a Free Asset and IT Management Software package. Versions prior to 10.0.6 are subject to Cross-site Scripting via malicious RSS feeds. An Administrator can import a malicious RSS feed that contains Cross Site Scripting XSS payloads inside RSS links. Victims who wish to visit an RSS conten...

6.2CVSS5.8AI score0.00569EPSS
Exploits0References3
OSV
OSV
added 2022/09/07 12:33 p.m.4 views

SUSE-SU-2022:3159-1 Security update for mariadb

This update for mariadb fixes the following issues: - Updated to 10.6.9: - CVE-2022-32082: Fixed a reachable assertion that would crash the server bsc1201162. - CVE-2022-32089: Fixed a segmentation fault that coudl be triggered via a crafted query bsc1201169. - CVE-2022-32081: Fixed a buffer...

7.5CVSS7.3AI score0.02082EPSS
Exploits10References22
Microsoft CVE
Microsoft CVE
added 2022/04/21 7:0 a.m.4 views

An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

...

7.5CVSS7.8AI score0.02159EPSS
Exploits1
OSV
OSV
added 2021/11/05 12:15 a.m.3 views

UBUNTU-CVE-2021-39898

In all versions of GitLab CE/EE since version 10.6, a project export leaks the external webhook token value which may allow access to the project which it was exported from...

5.3CVSS6AI score0.01245EPSS
Exploits0References2
CNVD
CNVD
added 2020/12/22 12:0 a.m.2 views

IBM Security Secret Server Information Disclosure Vulnerability (CNVD-2020-74624)

IBM Security Secret Server is a set of privileged access management solutions from IBM USA. The product supports password management, privileged account identification and privileged session access monitoring and logging. An information disclosure vulnerability exists in IBM Security Secret Serve...

4.9CVSS6.2AI score0.01093EPSS
Exploits0References1
Rows per page
Query Builder