Lucene search
+L

197 matches found

cve
cve
added 2 days ago10 views

CVE-2026-45419

DataEase contains an arbitrary file write vulnerability present before version 2.10.23. The flaw resides in template handling: the TemplateManageService#save, StaticResourceServer#saveFilesToServe methods and the /de2api/templateManage/save endpoint accept attacker-controlled staticResource names...

8.5CVSS6.2AI score0.00313EPSS
Exploits0References3
nvd
nvd
added last week7 views

CVE-2026-54149

MaxKB is an open-source AI assistant for enterprise. Prior to 2.10.0-lts, MaxKB tool import functionality in apps/tools/serializers/tool.py and MCP referencing mode in apps/application/chatpipeline/step/chatstep/impl/basechatstep.py do not consistently validate MCP transport type, allowing an...

8.8CVSS0.00384EPSS
Exploits0References2
euvd
euvd
added last week8 views

EUVD-2026-42924

MaxKB is an open-source AI assistant for enterprise. Prior to 2.10.0-lts, MaxKB tool import functionality in apps/tools/serializers/tool.py and MCP referencing mode in apps/application/chatpipeline/step/chatstep/impl/basechatstep.py do not consistently validate MCP transport type, allowing an...

8.8CVSS6.2AI score0.00384EPSS
Exploits0References2
nvd
nvd
added last week5 views

CVE-2026-40007

Uncontrolled Recursion, Uncontrolled Resource Consumption vulnerability in Apache IoTDB. When pipeairgapreceiverenabled=true, the IoTDB AirGap receiver's readLength method calls itself recursively each time it recognises the E-language prefix in socket data, with no depth limit. An unauthenticate...

7.5CVSS0.00278EPSS
Exploits0References2
cvelist
cvelist
added last week31 views

CVE-2026-40454 Apache IoTDB C++ client: Out-of-bounds reads in C++ client TsBlock deserializer crash client process on malformed server data

Out-of-bounds Read, Improper Input Validation vulnerability in Apache IoTDB C++ client. Out-of-bounds reads in IoTDB C++ client TsBlock deserializer crash client process on malformed server data. This issue affects Apache IoTDB C++ client: from 1.3.5 before 1.3.8, from 2.0.5 before 2.0.10. Users...

0.00278EPSS
Exploits0References1
euvd
euvd
added last week7 views

EUVD-2026-42799

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to blind SQL Injection via the search parameter in all versions up to, and including, 2.10.1 due to insufficient escaping on the user supplied...

7.5CVSS6AI score0.00393EPSS
Exploits0References5
cvelist
cvelist
added 2026/07/07 8:41 p.m.28 views

CVE-2026-50530 DataEase: Token with Overly Broad Privileges in Share Mode: Access to Unshared Datasets

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, a share mode chart data interface only validates that sceneId matches the resourceId in the link token and fails to validate whether tableId and field IDs in the request body belong to the shared resource, allowing...

7.1CVSS0.00238EPSS
Exploits0References3
osv
osv
added 2026/07/07 10:17 a.m.3 views

PYSEC-2026-1041 TensorFlow vulnerable to `CHECK` fail in `FractionalMaxPoolGrad`

Impact FractionalMaxPoolGrad validates its inputs with CHECK failures instead of with returning errors. If it gets incorrectly sized inputs, the CHECK failure can be used to trigger a denial of service attack: python import tensorflow as tf overlapping = True originput = tf.constant.453409232,...

5.9CVSS5.9AI score0.00396EPSS
Exploits0References7
osv
osv
added 2026/06/12 8:56 p.m.3 views

CVE-2026-47268 Nezha Monitoring: Authenticated DDNS webhook configuration allows blind SSRF from the dashboard host

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to before version 2.0.10, an authenticated Nezha dashboard user can create or update a DDNS profile with provider webhook and configure an arbitrary webhookurl, HTTP method, request...

6.4CVSS6AI score0.00182EPSS
Exploits0References3
osv
osv
added 2026/06/08 3:2 p.m.5 views

CLEANSTART-2026-XV65906 Security fixes for CVE-2023-45288, CVE-2023-48795, CVE-2024-24786, CVE-2024-45337, CVE-2024-45338, CVE-2025-22868, CVE-2025-22869, CVE-2025-22870, CVE-2025-22872, CVE-2025-47911, CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-58190, CVE-2026-25680, CVE-2026-25681, CVE-2026-27136, CVE-2026-27140, CVE-2026-27143, CVE-2026-27144, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32288, CVE-2026-32289, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39821, CVE-2026-39823, CVE-2026-39824, CVE-2026-39825, CVE-2026-39826, CVE-2026-39827, CVE-2026-39828, CVE-2026-39829, CVE-2026-39830, CVE-2026-39831, CVE-2026-39832, CVE-2026-39833, CVE-2026-39834, CVE-2026-39835, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, CVE-2026-42502, CVE-2026-42506, CVE-2026-42508, CVE-2026-46595, CVE-2026-46597, CVE-2026-46598 applied in versions: 2.10.1-r0, 2.10.1-r1, 2.10.1-r2

Multiple security vulnerabilities affect the kube-state-metrics package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS7.6AI score0.93305EPSS
Exploits11References111
redhatcve
redhatcve
added 2026/06/05 7:17 p.m.11 views

CVE-2026-33121

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource saving process. The deTableName field from the Base64-encoded datasource configuration is used to construct a DDL statement via simple strin...

8.8CVSS5.7AI score0.00328EPSS
Exploits1References1
cvelist
cvelist
added 2026/05/23 6:30 p.m.30 views

CVE-2018-25351 Joomla! Component EkRishta 2.10 SQL Injection via username

Joomla! Component EkRishta 2.10 contains an error-based SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the username parameter. Attackers can submit POST requests to the login endpoint with SQL injection payloads ...

8.8CVSS0.00358EPSS
Exploits0References4
cvelist
cvelist
added 2026/05/23 6:30 p.m.16 views

CVE-2018-25348 Joomla! Component Ek Rishta 2.10 SQL Injection via user_detail

Joomla! Component Ek Rishta 2.10 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send GET requests to the userdetail view with malicious cid values containing SQL commands t...

8.8CVSS0.00358EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/05/15 7:57 p.m.19 views

CVE-2026-42031

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastoresearchsql allowed attackers to inject SQL in order to gain access to private resources and PostgreSQL system information This vulnerability is fixed ...

9.8CVSS5.9AI score0.01815EPSS
Exploits0References1
nvd
nvd
added 2026/05/13 7:17 p.m.18 views

CVE-2026-42031

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastoresearchsql allowed attackers to inject SQL in order to gain access to private resources and PostgreSQL system information This vulnerability is fixed ...

9.8CVSS0.01815EPSS
Exploits0References1
patchstack
patchstack
added 2026/05/05 11:30 a.m.9 views

WordPress Gravity Forms plugin <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by tadokun in WordPress Plugin Gravity Forms versions = 2.10.0...

7.2CVSS5.8AI score0.00247EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2026/05/05 11:8 a.m.9 views

WordPress Gravity Forms plugin <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by tadokun in WordPress Plugin Gravity Forms versions = 2.10.0...

7.2CVSS5.8AI score0.00232EPSS
Exploits0References1Affected Software1
osv
osv
added 2026/05/04 9:30 p.m.7 views

GHSA-RM34-FG4M-39MW OpenSTAManager contains an arbitrary file upload vulnerability in its module update functionality

OpenSTAManager versions 2.10 and earlier contain an arbitrary file upload vulnerability in the module update functionality modules/aggiornamenti/uploadmodules.php...

7.2CVSS5.9AI score0.00372EPSS
Exploits5References3
osv
osv
added 2026/05/04 6:16 p.m.10 views

UBUNTU-CVE-2026-42052

Beets is the media library management system. Prior to version 2.10.0, the bundled web UI uses Underscore template interpolation mode for untrusted metadata fields. In this runtime, is raw insertion and HTML escaping is only performed by . Rendered output is then inserted with .html..., allowing...

6CVSS5.7AI score0.003EPSS
Exploits0References3
cnnvd
cnnvd
added 2026/05/04 12:0 a.m.12 views

OpenSTAManager 代码问题漏洞

OpenSTAManager is an open-source management software for technical assistance and billing developed by Devcode. Versions of OpenSTAManager 2.10 and earlier had code-related vulnerabilities, which stemmed from arbitrary file upload vulnerabilities in the module update function...

7.2CVSS5.9AI score0.00372EPSS
Exploits5References2
Rows per page
Query Builder