Lucene search
+L

624 matches found

Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.7 views

PT-2026-6751

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.13.4 Gogs versions 0.14.0+dev Description Gogs, an open source self-hosted Git service, has a flaw in its Two-Factor Authentication 2FA recovery code validation process. The validation does not verify that the recovery...

9.9CVSS5.5AI score0.34346EPSS
Exploits45References122
Snyk
Snyk
added 2026/02/05 8:51 p.m.3 views

SQL Injection

Overview @payloadcms/db-vercel-postgres is a Vercel Postgres adapter for Payload Affected versions of this package are vulnerable to SQL Injection when querying JSON or richText fields. An attacker can extract sensitive information and gain unauthorized access to user accounts by injecting crafte...

9.8CVSS5.8AI score0.00453EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/28 7:14 p.m.25 views

CVE-2025-68666 Discourse users archives leaked to users with moderation privileges

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, users archives are viewable by users with moderation privileges even though moderators should not have access to the archives. Private topic/post content made by the users are leaked...

5.9CVSS0.00238EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/28 12:30 a.m.37 views

CVE-2026-21569

This High severity XXE XML External Entity Injection vulnerability was introduced in version 7.1.0 of Crowd Data Center and Server. This XXE XML External Entity Injection vulnerability, with a CVSS Score of 7.9, allows an authenticated attacker to access local and remote content which has high...

7.9CVSS0.00297EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.7 views

Azure Linux 3.0 Security Update: python-tensorboard (CVE-2024-43788)

The version of python-tensorboard installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-43788 advisory. - Webpack is a module bundler. Its main purpose is to bundle JavaScript files for usage in a...

6.4CVSS5.2AI score0.00904EPSS
Exploits1References2
Snyk
Snyk
added 2026/01/21 1:6 a.m.6 views

NULL Pointer Dereference

Overview Magick.NET-Q16-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

7.5CVSS5.7AI score0.0043EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/09 12:32 p.m.15 views

CVE-2023-31007

Improper Authentication vulnerability in Apache Software Foundation Apache Pulsar Broker allows a client to stay connected to a broker after authentication data expires if the client connected through the Pulsar Proxy when the broker is configured with authenticateOriginalAuthData=false or if a...

6.5CVSS7.1AI score0.0102EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:13 a.m.10 views

CVE-2022-31066

EdgeX Foundry is an open source project for building a common open framework for Internet of Things edge computing. Prior to version 2.1.1, the /api/v2/config endpoint exposes message bus credentials to local unauthenticated users. In security-enabled mode, message bus credentials are supposed to...

5.9CVSS6.7AI score0.00308EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:4 a.m.7 views

CVE-2024-39681

Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Cross-Site Request Forgery CSRF in versions up to, and including, 1.7.15.4 due to missing or incorrect nonce validation on the AJAX action handler. This vulnerability could allow an attacker to trick users...

8.8CVSS6.9AI score0.00334EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:0 a.m.9 views

CVE-2023-29519

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A registered user can perform remote code execution leading to privilege escalation by injecting the proper code in the "property" field of an attachment selector, as a gadget of their own...

9CVSS7.9AI score0.01945EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:56 a.m.8 views

CVE-2023-40168

TurboWarp is a desktop application that compiles scratch projects to JavaScript. TurboWarp Desktop versions prior to version 1.8.0 allowed a malicious project or custom extension to read arbitrary files from disk and upload them to a remote server. The only required user interaction is opening th...

7.4CVSS6.8AI score0.00574EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:42 a.m.15 views

CVE-2022-31092

Pimcore is an Open Source Data & Experience Management Platform. Pimcore offers developers listing classes to make querying data easier. This listing classes also allow to order or group the results based on one or more columns which should be quoted by default. The actual issue is that quoting i...

8.1CVSS7.2AI score0.01346EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/01/02 12:0 a.m.5 views

PT-2026-1135

Name of the Vulnerable Software and Affected Versions Nuvation Energy Multi-Stack Controller versions 2.3.8 through 2.5.0 Description A flaw exists in Nuvation Energy Multi-Stack Controller that allows for OS Command Injection. This issue could allow an attacker to execute arbitrary commands on t...

9.4CVSS7.4AI score0.009EPSS
Exploits0References6
CBLMariner
CBLMariner
added 2025/12/15 4:3 p.m.5 views

CVE-2025-40308 affecting package kernel for versions less than 6.6.117.1-1

CVE-2025-40308 affecting package kernel for versions less than 6.6.117.1-1. An upgraded version of the package is available that resolves this issue...

6.8AI score0.00171EPSS
Exploits0
Snyk
Snyk
added 2025/11/24 4:46 p.m.1 views

Improper Validation of Specified Type of Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input via the NudmSubscriberDataManagement API. An attacker can disrupt service availability by sending crafted requests to this API endpoint. Remediation Upgrade...

7.1CVSS6.6AI score0.00319EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.7 views

TencentOS Server 4: tomcat (TSSA-2025:0440)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0440 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

9.8CVSS7.7AI score0.66933EPSS
Exploits7References4
Snyk
Snyk
added 2025/11/14 8:57 p.m.5 views

Unverified Password Change

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Unverified Password Change via the profile update process. An attacker can gain unauthorized access to user accounts by changing the authentication password without additional verification steps. Note: This...

8.3CVSS7.2AI score
Exploits0References3
vulnersOsv
vulnersOsv
added 2025/11/13 8:43 p.m.11 views

com.databricks:automatedml_2.11 (=0.7.2), com.github.aishfenton:vegas-flink_2.11 (=0.3.4) +11 more potentially affected by CVE-2025-59840 via org.webjars.bower:vega (>=1.5.4 <=3.0.0-rc4)

org.webjars.bower:vega MAVEN version =1.5.4, =0.3.6, =0.3.6, =0.3.6, =1.1.0, =2.1.0, =1.0.10, =2.0.1 Source cves: CVE-2025-59840 Source advisory: SNYK:JAVA-ORGWEBJARSBOWER-13961288...

8.1CVSS6AI score0.00383EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/11/07 12:0 a.m.13 views

PT-2025-45409

Name of the Vulnerable Software and Affected Versions WP Airbnb Review Slider plugin for WordPress versions up to and including 4.2 Description The WP Airbnb Review Slider plugin for WordPress is susceptible to Stored Cross-Site Scripting through admin settings. Insufficient URL validation allows...

4CVSS5.1AI score0.00213EPSS
Exploits0References9
Snyk
Snyk
added 2025/10/24 11:43 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in DisposalDaemon.java. In high-core environments under heavy load, the disposal thread can fall behind and allow excessive memory use. Note This issue was reported for environments...

5.9CVSS7AI score0.00142EPSS
Exploits0References2
Rows per page
Query Builder