Lucene search
K

280 matches found

Github Security Blog
Github Security Blog
added 2025/05/20 7:35 p.m.20 views

TYPO3 Allows Unrestricted File Upload in File Abstraction Layer

Problem By design, the file management module in TYPO3’s backend user interface has historically allowed the upload of any file type, with the exception of those that are directly executable in a web server context. This lack of restriction means it is possible to upload files that may be...

5.4CVSS7.2AI score0.00158EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2025/05/20 12:0 a.m.4 views

PT-2025-22142 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions 10.0.0 through 10.4.49 ELTS TYPO3 versions 11.0.0 through 11.5.43 ELTS TYPO3 versions 12.0.0 through 12.4.30 LTS TYPO3 versions 13.0.0 through 13.4.11 LTS Description: The issue allows administrator-level backend users without...

9CVSS6.6AI score0.00384EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2025/05/16 12:0 a.m.5 views

PT-2025-21662 · Nextcloud · Nextcloud Enterprise Server +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 29.0.13, 30.0.7, and 31.0.1 Nextcloud Enterprise Server versions prior to 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, and 31.0.1 Description: The issue allows an attacker on a multi-user system to re...

2.6CVSS6.2AI score0.00409EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/05/15 12:0 a.m.4 views

PT-2025-21449 · WordPress · The Form Maker

Name of the Vulnerable Software and Affected Versions: The Form Maker by 10Web WordPress plugin versions prior to 1.15.33 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible even when the unfiltered html capability i...

4.8CVSS4.5AI score0.00266EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/05/07 12:0 a.m.11 views

PT-2025-20572 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 17.3 through 17.9.7 GitLab CE/EE versions 17.10 through 17.10.5 GitLab CE/EE versions 17.11 through 17.11.1 Description: An issue has been discovered in GitLab CE/EE that allows attackers to bypass Device OAuth flow...

7.1CVSS6AI score0.0033EPSS
Exploits1References12
NVD
NVD
added 2025/04/30 3:16 p.m.33 views

CVE-2025-32970

XWiki is a generic wiki platform. In versions starting from 13.5-rc-1 to before 15.10.13, from 16.0.0-rc-1 to before 16.4.4, and from 16.5.0-rc-1 to before 16.8.0, an open redirect vulnerability in the HTML conversion request filter allows attackers to construct URLs on an XWiki instance that...

6.1CVSS0.00539EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/04/15 12:0 a.m.3 views

PT-2025-16427

Name of the Vulnerable Software and Affected Versions MySQL Server versions 8.0.0 through 8.0.41 MySQL Server versions 8.4.0 through 8.4.4 MySQL Server versions 9.0.0 through 9.2.0 Description The issue allows a high-privileged attacker with network access via multiple protocols to compromise MyS...

7.5CVSS5.9AI score0.00869EPSS
Exploits0References290
Positive Technologies
Positive Technologies
added 2025/04/10 12:0 a.m.3 views

PT-2025-16009 · Mediawiki +2 · Mediawiki +2

Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.39.12 MediaWiki versions prior to 1.42.6 MediaWiki versions prior to 1.43.1 Description: The issue is related to an Improper Preservation of Permissions vulnerability in MediaWiki, affecting program files...

8.8CVSS6AI score0.00454EPSS
Exploits0References38
Positive Technologies
Positive Technologies
added 2025/04/09 12:0 a.m.5 views

PT-2025-15800 · Foliopress · Foliopress Wysiwyg

Name of the Vulnerable Software and Affected Versions: Foliopress WYSIWYG versions n/a through 2.6.18 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows unauthorized actions to be performed on a user's account without their knowledge or consent. This is due to...

7.1CVSS7.5AI score0.00178EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/04/01 12:0 a.m.2 views

PT-2025-14438 · Unknown · Sliced Invoices

Name of the Vulnerable Software and Affected Versions: Sliced Invoices versions 3.9.4 and earlier Description: The issue is related to a Missing Authorization vulnerability. Recommendations: For versions 3.9.4 and earlier, update to a version later than 3.9.4 to resolve the issue...

5.3CVSS6AI score0.00367EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/03/31 12:0 a.m.4 views

PT-2025-13972 · Apple · Macos Sonoma +7

Name of the Vulnerable Software and Affected Versions: visionOS versions prior to 2.4 macOS Ventura versions prior to 13.7.5 tvOS versions prior to 18.4 iOS versions prior to 18.4 iPadOS versions prior to 18.4 macOS Sequoia versions prior to 15.4 macOS Sonoma versions prior to 14.7.5 Description:...

5.5CVSS5.3AI score0.00274EPSS
Exploits0References11
NVD
NVD
added 2025/03/26 9:15 p.m.32 views

CVE-2025-2787

KNIME Business Hub is affected by the Ingress-nginx CVE-2025-1974 a.k.a IngressNightmare vulnerability which affects the ingress-nginx component. In the worst case a complete takeover of the Kubernetes cluster is possible. Since the affected component is only reachable from within the cluster, i....

8.8CVSS0.00471EPSS
Exploits0References1
OSV
OSV
added 2025/03/26 9:15 p.m.4 views

CVE-2025-2787

KNIME Business Hub is affected by the Ingress-nginx CVE-2025-1974 a.k.a IngressNightmare vulnerability which affects the ingress-nginx component. In the worst case a complete takeover of the Kubernetes cluster is possible. Since the affected component is only reachable from within the cluster, i....

8.8CVSS7.2AI score0.00471EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/26 9:8 p.m.18 views

CVE-2025-2787 Ingress-nginx vulnerability in KNIME Business Hub

KNIME Business Hub is affected by the Ingress-nginx CVE-2025-1974 a.k.a IngressNightmare vulnerability which affects the ingress-nginx component. In the worst case a complete takeover of the Kubernetes cluster is possible. Since the affected component is only reachable from within the cluster, i....

8.7CVSS6.2AI score0.00471EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2025/03/24 7:0 a.m.26 views

Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller

Ingress Controllers play a critical role within Kubernetes clusters by enabling the functionality of Ingress resources. Azure Kubernetes Service AKS is aware of several security vulnerabilities affecting the Kubernetes ingress-nginx controller, including CVE-2025-1098, CVE-2025-1974, CVE-2025-109...

9.8CVSS7.5AI score0.99098EPSS
Exploits21
Microsoft CVE
Microsoft CVE
added 2025/03/24 7:0 a.m.30 views

Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller

Ingress Controllers play a critical role within Kubernetes clusters by enabling the functionality of Ingress resources. Azure Kubernetes Service AKS is aware of several security vulnerabilities affecting the Kubernetes ingress-nginx controller, including CVE-2025-1098, CVE-2025-1974, CVE-2025-109...

9.8CVSS7.5AI score0.99098EPSS
Exploits21
Microsoft CVE
Microsoft CVE
added 2025/03/24 7:0 a.m.33 views

Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller

Ingress Controllers play a critical role within Kubernetes clusters by enabling the functionality of Ingress resources. Azure Kubernetes Service AKS is aware of several security vulnerabilities affecting the Kubernetes ingress-nginx controller, including CVE-2025-1098, CVE-2025-1974, CVE-2025-109...

9.8CVSS7.5AI score0.99098EPSS
Exploits21
Positive Technologies
Positive Technologies
added 2025/03/21 12:0 a.m.3 views

PT-2025-12401

Name of the Vulnerable Software and Affected Versions Varnish Cache versions prior to 7.6.2 Varnish Enterprise versions prior to 6.0.13r10 Description The issue allows client-side desync via HTTP/1 requests. Recommendations For Varnish Cache versions prior to 7.6.2, update to version 7.6.2 or...

5.4CVSS6AI score0.00289EPSS
Exploits0References37
CVE
CVE
added 2025/03/17 1:25 p.m.59 views

CVE-2025-29788

CVE-2025-29788 affects the Sylius PayPal Plugin (Sylius Core Team) for PayPal Commerce. In versions prior to 1.6.1, 1.7.1, and 2.0.1, a vulnerability allows manipulating the final PayPal payment amount when a user changes the item quantity in the cart after initiating PayPal Express Checkout. Pay...

6.5CVSS6.5AI score0.00464EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2025/03/13 12:0 a.m.14 views

MariaDB DoS Vulnerability (MDEV-32082)

MariaDB is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mariadb:mariadb"; if...

4.9CVSS5AI score0.00396EPSS
Exploits0References10
Rows per page
Query Builder