Lucene search
K

34 matches found

NVD
NVD
added 2026/06/15 9:16 p.m.5 views

CVE-2026-40762

Unauthenticated SQL Injection in WPGraphQL 2.11.1 versions...

7.5CVSS0.00251EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/09 9:32 p.m.21 views

EUVD-2026-28941

A security vulnerability has been detected in aandrew-me tgpt up to 2.11.1 on Linux/macOS. Affected by this vulnerability is the function helper.Update of the file helper.go of the component Update Handler. The manipulation leads to command injection. Local access is required to approach this...

5.3CVSS5.3AI score0.00851EPSS
Exploits0References5
CVE
CVE
added 2026/05/09 7:16 p.m.20 views

CVE-2026-42333

CVE-2026-42333 affects Quarkus OpenAPI Generator. The issue: the generated authentication filter can match OpenAPI path templates too broadly, causing a security scheme for one operation to be applied to a different, similarly-named operation. This can cause bearer tokens, API keys, or basic cred...

6.3CVSS5.7AI score0.004EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/04 7:41 a.m.5 views

CVE-2025-15064 Ultimate Member <= 2.11.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via DOM Gadgets

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user description field in all versions up to, and including, 2.11.1 due to insufficient input sanitization a...

6.4CVSS6.1AI score0.00269EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/02/25 5:26 p.m.10 views

@enclave-vm/core is vulnerable to Sandbox Escape

Summary It is possible to escape the security boundraries set by @enclave-vm/core, which can be used to achieve remote code execution RCE. The issue has been fixed in version 2.11.1. --- Details It is possible to obtain the native Object constructor instead of the SafeObject wrapper. This can be...

10CVSS6.9AI score0.00878EPSS
Exploits2References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/25 3:56 a.m.3 views

CVE-2026-27597 @enclave-vm/core is vulnerable to Sandbox Escape

Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to version 2.11.1, it is possible to escape the security boundraries set by @enclave-vm/core, which can be used to achieve remote code execution RCE. The issue has been fixed in version 2.11.1...

10CVSS6.4AI score0.00878EPSS
Exploits2References2
UbuntuCve
UbuntuCve
added 2026/02/24 5:29 p.m.7 views

CVE-2026-27585

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, the path sanitization routine in file matcher doesn't sanitize backslashes which can lead to bypassing path related security protections. It affects users with specific Caddy and environment configurations...

8.2CVSS7.2AI score0.00323EPSS
Exploits1References5
OSV
OSV
added 2026/02/24 5:29 p.m.5 views

UBUNTU-CVE-2026-27585

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, the path sanitization routine in file matcher doesn't sanitize backslashes which can lead to bypassing path related security protections. It affects users with specific Caddy and environment configurations...

8.2CVSS7.3AI score0.00323EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/02/24 4:28 p.m.8 views

CVE-2026-27588

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's HTTP host request matcher is documented as case-insensitive, but when configured with a large host list 100 entries it becomes case-sensitive due to an optimized matching path. An attacker can bypass...

8.7CVSS5.6AI score0.0037EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/02/24 4:28 p.m.85 views

CVE-2026-27588

Summary (CVE-2026-27588) Caddy (v2.x) vulnerability in the host matcher: when a large allowlist (&gt;100 hosts) is configured, the MatchHost algorithm uses a fast path that enforces a case-sensitive comparison, which makes the host matching effectively case-sensitive and can bypass host-based rou...

9.1CVSS5.6AI score0.0037EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/24 4:6 p.m.5 views

CVE-2026-27585 Caddy's improper sanitization of glob characters in file matcher may lead to bypassing security protections

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, the path sanitization routine in file matcher doesn't sanitize backslashes which can lead to bypassing path related security protections. It affects users with specific Caddy and environment configurations...

8.2CVSS5.4AI score0.00323EPSS
Exploits1References4
Patchstack
Patchstack
added 2026/02/02 9:3 p.m.10 views

WordPress Paid Membership Subscriptions - Effortless Memberships, Recurring Payments & Content Restriction plugin <= 2.11.1 - Missing Authorization via pms_stripe_connect_handle_authorization_return vulnerability

WordPress Paid Membership Subscriptions - Effortless Memberships, Recurring Payments & Content Restriction plugin = 2.11.1 - Missing Authorization via pmsstripeconnecthandleauthorizationreturn vulnerability discovered by Lucio Sá in WordPress Plugin Paid Member Subscriptions versions = 2.11.1...

5.3CVSS6.8AI score0.00519EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 9:1 a.m.4 views

CVE-2023-25662

TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 are vulnerable to integer overflow in EditDistance. A fix is included in TensorFlow version 2.12.0 and version 2.11.1...

7.5CVSS7.2AI score0.00391EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/21 1:29 a.m.14 views

CVE-2025-64762 authkit-nextjs may let session cookies be cached in CDNs

The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js. In authkit-nextjs version 2.11.0 and below, authenticated responses do not defensively apply anti-caching headers. In environments where CDN caching is enable...

9.3CVSS0.00335EPSS
Exploits0References3
CVE
CVE
added 2025/11/21 1:29 a.m.17 views

CVE-2025-64762

Summary: The vulnerability CVE-2025-64762 affects the authkit-nextjs package (versions ≤ 2.11.0). Authenticated responses in these versions do not apply anti-caching headers, allowing session tokens to be cached by CDNs and potentially exposed to other users. The issue is resolved in 2.11.1, whic...

9.3CVSS7AI score0.00335EPSS
Exploits0References3Affected Software1
SUSE CVE
SUSE CVE
added 2024/11/29 3:48 a.m.6 views

SUSE CVE-2024-53859

go-gh is a Go module for interacting with the gh utility and the GitHub API from the command line. A security vulnerability has been identified in go-gh that could leak authentication tokens intended for GitHub hosts to non-GitHub hosts when within a codespace. go-gh sources authentication tokens...

7.5CVSS7AI score0.00534EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/06/06 12:0 a.m.8 views

PT-2024-23711 · Mlflow · Mlflow

Name of the Vulnerable Software and Affected Versions: mlflow/mlflow version 2.11.1 Description: A vulnerability in mlflow/mlflow allows attackers to create multiple models with the same name by exploiting URL encoding. This flaw can lead to Denial of Service DoS as an authenticated user might no...

5.4CVSS5.4AI score0.00442EPSS
Exploits1References6
OSV
OSV
added 2024/02/15 3:22 p.m.3 views

GHSA-CC65-XXVF-F7R9 Scrapy vulnerable to ReDoS via XMLFeedSpider

Impact The following parts of the Scrapy API were found to be vulnerable to a ReDoS attack: - The XMLFeedSpider class or any subclass that uses the default node iterator: iternodes, as well as direct uses of the scrapy.utils.iterators.xmliter function. - Scrapy 2.6.0 to 2.11.0: The openinbrowser...

7.5CVSS6.8AI score0.00553EPSS
Exploits1References8
OSV
OSV
added 2023/04/17 1:15 p.m.7 views

CVE-2023-1282

The Drag and Drop Multiple File Upload PRO - Contact Form 7 Standard WordPress plugin before 2.11.1 and Drag and Drop Multiple File Upload PRO - Contact Form 7 with Remote Storage Integrations WordPress plugin before 5.0.6.4 do not sanitise and escape a parameter before outputting it back in the...

6.1CVSS6.4AI score0.00542EPSS
Exploits3References2
SUSE CVE
SUSE CVE
added 2023/03/28 1:50 a.m.8 views

SUSE CVE-2023-27579

TensorFlow is an end-to-end open source platform for machine learning. Constructing a tflite model with a paramater filterinputchannel of less than 1 gives a FPE. This issue has been patched in version 2.12. TensorFlow will also cherrypick the fix commit on TensorFlow 2.11.1...

7.5CVSS6.9AI score0.00391EPSS
Exploits0References3
Rows per page
Query Builder