Lucene search
K

11 matches found

OSV
OSV
added 2026/03/05 2:16 a.m.4 views

AZL-79469 CVE-2026-3381 affecting package rubygem-mini_portile2 2.8.4-1

Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib. Compress::Raw::Zlib includes a copy of the zlib library. Compress::Raw::Zlib version 2.220 includes zlib 1.3.2, which addresses findings fron the 7ASecurity audit of zlib. The includes fixs for...

9.8CVSS5.8AI score0.00548EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/30 8:28 a.m.10 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses node-forge which is vulnerable to CVE-2025-66030, CVE-2025-66031

Summary IBM Maximo Application Suite - Visual Inspection component uses node-forge which is vulnerable to CVE-2025-66030, CVE-2025-66031, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-66030 DESCRIPTION: Forge also called...

8.7CVSS5.7AI score0.00373EPSS
Exploits0Affected Software1
Snyk
Snyk
added 2025/11/26 10:43 p.m.1 views

Integer Overflow or Wraparound

Overview node-forge is a JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities. Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the derToOid function in the asn1.js file, which decodes ASN.1...

6.3CVSS6.8AI score0.00276EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-1393

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.0212EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 2:27 a.m.3 views

CVE-2023-27603

In Apache Linkis =1.3.1, due to the Manager module engineConn material upload does not check the zip path, This is a Zip Slip issue, which will lead to a potential RCE vulnerability. We recommend users upgrade the version of Linkis to version 1.3.2...

9.8CVSS7AI score0.01808EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/01/11 12:0 a.m.4 views

PT-2026-20360

Name of the Vulnerable Software and Affected Versions zlib versions prior to 1.3.2 Description The software contains an issue where CPU consumption can occur through the crc32 combine64 and crc32 combine gen64 functions. This is due to the x2nmodp function potentially performing right shifts with...

5.5CVSS5.9AI score0.00204EPSS
Exploits1References77
Positive Technologies
Positive Technologies
added 2023/04/10 12:0 a.m.5 views

PT-2023-21469 · Apache · Apache Linkis

Name of the Vulnerable Software and Affected Versions: Apache Linkis versions 1.3.1 and earlier Description: The issue arises due to the default token generated by Linkis Gateway deployment being too simple, making it easy for attackers to obtain the default token for the attack. Generation rules...

9.1CVSS6.9AI score0.00811EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2023/01/06 12:0 a.m.5 views

PT-2023-10330 · Unknown · E-Contract Dssp

Name of the Vulnerable Software and Affected Versions: e-Contract dssp versions up to 1.3.1 Description: A vulnerability was found in the function checkSignResponse of the file dssp-client/src/main/java/be/e contract/dssp/client/SignResponseVerifier.java. The manipulation leads to xml external...

9.8CVSS5.8AI score0.00731EPSS
Exploits0References9
Snyk
Snyk
added 2022/12/06 4:11 p.m.3 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the writeFileToTmpDirAndOpenIt function due to improper user-input sanitization. PoC js var root = require"cycle-import-check" root.writeFileToTmpDirAndOpenIt"& touch JHU ", "aaa" Remediation Upgrade...

9.8CVSS7.4AI score0.02309EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/11/23 12:0 a.m.6 views

PT-2022-27312 · Artifex · Artifex Mujs

Name of the Vulnerable Software and Affected Versions: Artifex MuJS versions 1.0.0 through 1.3.1 Description: A logical issue in the O getOwnPropertyDescriptor function allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file...

9.8CVSS7.5AI score0.03645EPSS
Exploits5References29
Positive Technologies
Positive Technologies
added 2016/09/20 12:0 a.m.2 views

PT-2016-7118 · Apache +2 · Apache Shiro +2

Name of the Vulnerable Software and Affected Versions: Apache Shiro versions prior to 1.3.2 Description: The issue allows attackers to bypass intended servlet filters and gain access by leveraging the use of a non-root servlet context path. Recommendations: For versions prior to 1.3.2, update to...

9.8CVSS8.1AI score0.0968EPSS
Exploits1References26
Rows per page
Query Builder