Lucene search
K

7 matches found

Cvelist
Cvelist
added 2026/06/30 1:36 p.m.39 views

CVE-2025-53648 Apache Gravitino: SQL misconfiguration can access or truncate files

SQL misconfiguration in the Gravitino UI, in versions 1.0.0 and below, can allow a malicious user to read or truncate files. Users are recommended to upgrade to version 1.0.0, which fixes this issue...

0.00348EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.27 views

CVE-2026-48207

Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resolution. An application is vulnerable if it deserializes attacker-controlled data using PyFory...

9.8CVSS5.4AI score0.00574EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/07/24 12:0 a.m.16 views

PT-2024-28615 · Apache · Apache Pinot

Name of the Vulnerable Software and Affected Versions: Apache Pinot versions 0.1 through 1.0.0 Description: The issue affects Apache Pinot, allowing the exposure of sensitive information to unauthorized actors. When a request is made to the /appconfigs path, it can lead to the disclosure of syste...

8.7CVSS6.3AI score0.00846EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2023/09/21 12:0 a.m.18 views

PT-2023-10323 · Composer · Composer

Name of the Vulnerable Software and Affected Versions: Composer versions through 1.0.0-alpha11 Description: The issue allows cache poisoning from other projects built on the same host, resulting in attacker-controlled code entering a server-side build process. This occurs because of the way that...

8.8CVSS8.6AI score0.00697EPSS
Exploits1References16
Positive Technologies
Positive Technologies
added 2023/01/07 12:0 a.m.7 views

PT-2023-10125 · Agnivade · Easy-Scrypt

Name of the Vulnerable Software and Affected Versions: agnivade easy-scrypt versions prior to 1.0.0 Description: A vulnerability was found in agnivade easy-scrypt, affecting the VerifyPassphrase function of the file scrypt.go. The manipulation leads to observable timing discrepancy. The complexit...

5.3CVSS7.2AI score0.00704EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2023/01/06 12:0 a.m.9 views

PT-2023-10197 · Unknown · Dbrisinajumi D2Files

Name of the Vulnerable Software and Affected Versions: DBRisinajumi d2files versions prior to 1.0.0 Description: A critical vulnerability has been found in DBRisinajumi d2files, affecting the actionUpload/actionDownloadFile function of the file controllers/D2filesController.php. This vulnerabilit...

9.8CVSS6.1AI score0.00672EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2022/04/10 12:0 a.m.5 views

PT-2022-18347 · Inhand Networks · Inrouter 900 Industrial 4G Router

Name of the Vulnerable Software and Affected Versions: InHand Networks InRouter 900 Industrial 4G Router versions prior to 1.0.0.r11700 Description: A remote code execution issue was discovered, which can be triggered by a crafted packet via the function sub 12168. Recommendations: For versions...

9.8CVSS9.6AI score0.03252EPSS
Exploits1References4
Rows per page
Query Builder