Lucene search
K

82 matches found

OSV
OSV
added 2026/02/17 2:16 p.m.10 views

PYSEC-2026-113

Use After Free vulnerability in Apache Arrow C++. This issue affects Apache Arrow C++ from 15.0.0 through 23.0.0. It can be triggered when reading an Arrow IPC file but not an IPC stream with pre-buffering enabled, if the IPC file contains data with variadic buffers such as Binary View and String...

7CVSS5.6AI score0.00807EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/19 12:0 a.m.9 views

PT-2026-3464

Name of the Vulnerable Software and Affected Versions OpenProject versions 16.3.0 through 16.6.4 Description OpenProject is a web-based project management software. A stored cross-site scripting issue exists in the Roadmap view. The issue occurs when a version contains work packages from a...

8.7CVSS4.8AI score0.00207EPSS
Exploits0References11
EUVD
EUVD
added 2026/01/05 10:3 p.m.5 views

EUVD-2026-0825

Craft is a platform for creating digital experiences. In versions 5.0.0-RC1 through 5.8.20 and 3.0.0 through 4.16.16, unauthenticated users can trigger database backup operations via specific admin actions, potentially leading to resource exhaustion or information disclosure. Users should update ...

8.3CVSS6.2AI score0.00471EPSS
Exploits1References4
Veeam
Veeam
added 2025/11/19 12:0 a.m.24 views

Veeam Backup & Replication 13.0.1 In-Place Upgrade Version Requirement

Challenge When attempting to upgrade an existing Veeam Backup & Replication deployment to version 13.0.1, the installer displays a message stating: Unable to upgrade Veeam Backup & Replication: you can upgrade from version 12.3.1.1139 or later only. Solution Before attempting an in-place upgrade ...

6.9AI score
Exploits0Affected Software1
OSV
OSV
added 2025/09/09 8:26 p.m.7 views

CVE-2025-59037 DuckDB NPM packages 1.3.3 and 1.29.2 briefly compromised with malware

DuckDB is an analytical in-process SQL database management system. On 08 September 2025, the DuckDB distribution for Node.js on npm was compromised with malware along with several other packages. An attacker published new versions of four of DuckDB's packages that included malicious code to...

8.6CVSS7.4AI score0.00349EPSS
Exploits0References5
CNVD
CNVD
added 2025/09/02 12:0 a.m.1 views

D-Link DI-500WF os Command Injection Vulnerability

The D-Link DI-500WF is a panel type wireless access point AP, mainly used to build wireless network coverage environment, supports 802.11n protocol with a theoretical maximum transmission rate of 150Mbps. The D-Link DI-500WF suffers from an os command injection vulnerability that stems from the...

7.2CVSS7.6AI score0.09746EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/08/31 12:0 a.m.3 views

D-Link DI-500WF 安全漏洞

The D-Link DI-500WF is a panel type wireless access point AP, mainly used to build wireless network coverage environment, supports 802.11n protocol with a theoretical maximum transmission rate of 150Mbps. The D-Link DI-500WF suffers from an os command injection vulnerability that stems from the...

7.2CVSS7.5AI score0.09746EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2023-1428

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There exists an vulnerability causing an abort to be called in gRPC. The following headers cause gRPC's C++ implementation to abort when called via http2: te: x...

7.5CVSS6.8AI score0.00412EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2023-50291

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0. One of th...

7.5CVSS6.8AI score0.03306EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/11 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-5889

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the functi...

3.1CVSS3.9AI score0.00459EPSS
Exploits0References4
Snyk
Snyk
added 2025/08/06 6:31 p.m.1 views

CRLF Injection

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to CRLF Injection during the e-mail registration. An attacker can cause the system to send unsolicited emails...

6.9CVSS7.1AI score0.00411EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/06/27 12:0 a.m.3 views

PT-2025-27253 · Sublinkx · Sublinkx

Name of the Vulnerable Software and Affected Versions: gooaclok819 sublinkX versions up to 1.8 Description: A critical issue has been found, affecting the function AddTemp of the file api/template.go. The manipulation of the argument filename leads to path traversal. This issue can be exploited...

6.5CVSS7.3AI score0.00349EPSS
Exploits0References12
OSV
OSV
added 2025/06/17 6:0 a.m.7 views

CVE-2025-6166 frdel Agent-Zero image_get.py image_get path traversal

A vulnerability was found in frdel Agent-Zero up to 0.8.4. It has been rated as problematic. This issue affects the function imageget of the file /python/api/imageget.py. The manipulation of the argument path leads to path traversal. Upgrading to version 0.8.4.1 is able to address this issue. The...

5.1CVSS4.8AI score0.0052EPSS
Exploits1References9
Elastic
Elastic
added 2025/05/06 4:29 p.m.9 views

Kibana 8.17.6, 8.18.1, or 9.0.1 Security Update (ESA-2025-07)

Kibana arbitrary code execution via prototype pollution ESA-2025-07 A Prototype pollution vulnerability in Kibana leads to arbitrary code execution via crafted HTTP requests to machine learning and reporting endpoints. Affected Versions: 8.3.0 to 8.17.5, and 8.18.0, and 9.0.0 Affected...

9.8CVSS7.8AI score0.14795EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2025/01/22 12:0 a.m.2 views

PT-2025-4819 · Node.Js · Node.Js

Name of the Vulnerable Software and Affected Versions: Node.js versions prior to the latest supported version Description: The issue concerns the use of End-of-Life EOL versions of Node.js, which are no longer supported and do not receive updates, including security patches. This may expose syste...

8.8CVSS6.2AI score
Exploits0References16
Github Security Blog
Github Security Blog
added 2025/01/21 7:52 p.m.36 views

Websites were able to send any requests to the development server and read the response in vite

Summary Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation on the Origin header for WebSocket connections. !WARNING This vulnerability even applies to users that only run the Vite dev server on the loc...

6.5CVSS6.4AI score0.00283EPSS
Exploits1References3Affected Software1
Oracle linux
Oracle linux
added 2025/01/02 12:0 a.m.165 views

python-requests security update

2.20.0-5 - Security fix for CVE-2024-35195 Resolves: RHEL-37605 2.20.0-4 - Bump release to fix upgrade path from 2.20.0-2.1.el81 via 2.20.0-3.el88 to 2.20.0-4.el8 Related: rhbz2209469...

5.6CVSS6.3AI score0.0034EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/11/17 12:0 a.m.6 views

PT-2024-35496 · Unknown · Lemonldap::Ng

Name of the Vulnerable Software and Affected Versions: LemonLDAP::NG versions prior to 2.20.1 Description: An issue allows an authenticated user to raise their authentication level if the admin configured an "Adaptative authentication rule" with an increment instead of an absolute value. This can...

8.8CVSS6.9AI score0.00473EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2024/09/19 12:0 a.m.9 views

PT-2024-32379 · Zitadel · Zitadel

Name of the Vulnerable Software and Affected Versions: Zitadel versions prior to 2.54.10 Zitadel versions from 2.55.0 through 2.55.7 Zitadel versions from 2.56.0 through 2.56.5 Zitadel versions from 2.57.0 through 2.57.4 Zitadel versions from 2.58.0 through 2.58.4 Zitadel versions from 2.59.0...

7.4CVSS7.2AI score0.00357EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/08/06 12:0 a.m.5 views

PT-2024-29502 · Qwik +1 · Qwik +1

Name of the Vulnerable Software and Affected Versions: Qwik versions prior to 1.6.0 @builder.io/qwik versions prior to 1.7.3 Description: A potential mutation XSS vulnerability exists in Qwik due to improper HTML escaping on server-side rendering. This occurs because Qwik converts strings accordi...

6.3CVSS5.9AI score0.00469EPSS
Exploits1References9
Rows per page
Query Builder