Lucene search
K

11 matches found

NVD
NVD
added 5 days ago7 views

CVE-2026-14178

openGauss 在处理带 NLS 参数的 totimestamp 调用时,totimestampwithfmtnls 会将 nlsfmtstr 保存到 usess-parsercxt.nlsfmtstr。在 seqscan + sort 执行路径下,该字符串原本被分配在 SeqScan 的表达式上下文中;当 SeqScan 完成后,该内存上下文会被 reset,但后续结果输出阶段 timestampout 仍会通过 CheckNlsFormat 访问 usess-parsercxt.nlsfmtstr,导致访问已释放内存。攻击者在具备数据库 SQL 执行权限的情况下,可构造特定...

5.9CVSS0.00351EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.10 views

PT-2026-36988

Name of the Vulnerable Software and Affected Versions Axios versions 1.0.0 through 1.15.1 Description Axios is a promise-based HTTP client for the browser and Node.js. The HTTP adapter reads five configuration properties—auth, baseURL, socketPath, beforeRedirect, and insecureHTTPParser—via direct...

9.1CVSS5.8AI score0.00549EPSS
Exploits1References236
Positive Technologies
Positive Technologies
added 2025/12/19 12:0 a.m.6 views

PT-2025-52408

Name of the Vulnerable Software and Affected Versions ABB T-MAC Plus version 4.0-24 Firebox affected versions not specified Description ABB T-MAC Plus is affected by improper neutralization of input during web page generation, which leads to cross-site scripting XSS, a condition where malicious...

8CVSS5.6AI score0.00181EPSS
Exploits0References3
HackRead
HackRead
added 2025/11/19 3:29 p.m.8 views

Fortinet Issues Fixes as FortiWeb Takeover Flaw Sees Active Attacks

Two FortiWeb vulnerabilities, including a critical unauthenticated bypass CVE-2025-64446, are under attack. Check logs for rogue admin accounts and upgrade immediately...

9.8CVSS7.3AI score0.89177EPSS
Exploits17
Tenable Nessus
Tenable Nessus
added 2025/10/16 12:0 a.m.7 views

Debian dsa-6026 : chromium - security update

The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6026 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6026-1 [email protected] https://www.debian.org/security/...

8.8CVSS6.4AI score0.00419EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-25425

Malicious code in bioql PyPI...

8.5CVSS6.5AI score0.00537EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-2240

Malicious code in bioql PyPI...

8.8CVSS6.3AI score0.00618EPSS
Exploits0References9
NVD
NVD
added 2025/08/21 2:15 p.m.3 views

CVE-2025-34158

Plex Media Server PMS 1.41.7.x through 1.42.0.x before 1.42.1 is affected by incorrect resource transfer between spheres because /myplex/account provides the credentials of the server owner and a /api/resources call reveals other servers accessible by that server owner...

8.5CVSS0.00537EPSS
Exploits0References8
OSV
OSV
added 2024/02/02 4:15 p.m.5 views

CVE-2022-34381

Dell BSAFE SSL-J version 7.0 and all versions prior to 6.5, and Dell BSAFE Crypto-J versions prior to 6.2.6.1 contain an unmaintained third-party component vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to the compromise of the impacted...

9.8CVSS5.8AI score0.00846EPSS
Exploits0References1
OSV
OSV
added 2022/10/07 9:15 p.m.2 views

UBUNTU-CVE-2022-39290

ZoneMinder is a free, open source Closed-circuit television software application. In affected versions authenticated users can bypass CSRF keys by modifying the request supplied to the Zoneminder web application. These modifications include replacing HTTP POST with an HTTP GET and removing the CS...

8CVSS7AI score0.05444EPSS
Exploits4References3
ATTACKERKB
ATTACKERKB
added 2022/03/28 10:15 p.m.2 views

CVE-2021-43099

An Archive Extraction AKA "Zip Slip vulnerability exists in bbs 5.3 in the UpgradeNow function in UpgradeManageAction.java, which unzips the arbitrary upladed zip file without checking filenames. The vulnerability is exploited using a specially crafted archive that holds directory traversal...

4.9CVSS6AI score0.01092EPSS
Exploits1References2
Rows per page
Query Builder