Lucene search
K

16 matches found

Vulnrichment
Vulnrichment
added 2026/02/10 9:28 a.m.6 views

CVE-2026-24343 Apache HertzBeat: Uncontrolled Resource Consumption via Crafted XPath Expressions

Improper Neutralization of Data within XPath Expressions 'XPath Injection' vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat: from 1.7.1 before 1.8.0. Users are recommended to upgrade to version 1.8.0, which fixes the issue...

5.5AI score0.00717EPSS
Exploits0References1
OSV
OSV
added 2026/01/19 9:30 a.m.5 views

GHSA-C399-Q49H-QWC8 Apache Linkis: Arbitrary File Read via Double URL Encoding Bypass

A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system's checks. This bypass can trigger a vulnerability that allows...

7.5CVSS5.6AI score0.00744EPSS
Exploits0References5
CVE
CVE
added 2026/01/19 8:37 a.m.23 views

CVE-2025-59355

Apache Linkis CVE-2025-59355 affects 1.0.0–1.7.0, where HiveUtils.decode() may log the full input parameter on Base64 decode failure, risking leakage of sensitive values (e.g., hive-site.xml passwords) if error logs are readable. A fix is available in 1.8.0+ that desensitizes the log (logger.erro...

6.5CVSS5.5AI score0.00403EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2021-29476

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Requests is a HTTP library written in PHP. Requests mishandles deserialization in FilteredIterator. The issue has been patched and users of Requests 1.6.0, 1.6....

9.8CVSS7.2AI score0.02142EPSS
Exploits0References2
OSV
OSV
added 2025/06/30 5:52 p.m.3 views

GHSA-373J-MHPF-84WG Janssen Config API returns results without scope verification

Impact What kind of vulnerability is it? Who is impacted? The configAPI is an internal service and hence should never be exposed to the internet. With that said, this is a serious vulnerability that has a large internal surface attack area that exposes all sorts of information from the IDP...

8.2CVSS6.8AI score0.00343EPSS
Exploits0References7
NVD
NVD
added 2024/11/26 12:15 p.m.14 views

CVE-2024-51569

Out-of-bounds Read vulnerability in Apache NimBLE. Missing proper validation of HCI Number Of Completed Packets could lead to out-of-bound access when parsing HCI event and invalid read from HCI transport memory. This issue requires broken or bogus Bluetooth controller and thus severity is...

7.5CVSS0.01155EPSS
Exploits0References3
CVE
CVE
added 2024/11/26 11:17 a.m.55 views

CVE-2024-47250

CVE-2024-47250 affects Apache NimBLE (through 1.7.0). The issue is an out-of-bounds read caused by missing validation of the HCI advertising report, which can trigger out-of-bound access while parsing HCI events and may generate bogus GAP “device found” events. The vulnerability requires a broken...

5CVSS6.6AI score0.00664EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/07/17 12:0 a.m.5 views

PT-2024-28621 · WordPress · Cooked

Name of the Vulnerable Software and Affected Versions: Cooked plugin for WordPress versions up to, and including, 1.7.15.4 Description: The issue is related to Cross-Site Request Forgery CSRF due to missing or incorrect nonce validation on the AJAX action handler. This could allow an attacker to...

8.8CVSS7AI score0.00334EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2024/07/17 12:0 a.m.9 views

PT-2024-28620 · WordPress · Cooked

Name of the Vulnerable Software and Affected Versions: Cooked plugin for WordPress versions up to, and including, 1.7.15.4 Description: The issue is related to Cross-Site Request Forgery CSRF due to missing or incorrect nonce validation on the AJAX action handler. This could allow an attacker to...

8.8CVSS6.8AI score0.00334EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2024/07/17 12:0 a.m.8 views

PT-2024-28617 · WordPress · Cooked

Name of the Vulnerable Software and Affected Versions: Cooked versions up to, and including, 1.7.15.4 Description: The Cooked plugin for WordPress is affected by a Cross-Site Request Forgery CSRF issue due to missing or incorrect nonce validation on the AJAX action handler. This could allow an...

8.8CVSS7AI score0.00343EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2024/07/17 12:0 a.m.9 views

PT-2024-28618 · WordPress · Cooked

Name of the Vulnerable Software and Affected Versions: Cooked plugin for WordPress versions up to, and including, 1.7.15.4 Description: The issue is related to Cross-Site Request Forgery CSRF due to missing or incorrect nonce validation on the AJAX action handler. This could allow an attacker to...

8.8CVSS6.8AI score0.00343EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2023/07/25 12:0 a.m.7 views

PT-2023-25137 · Apache · Apache Inlong

Name of the Vulnerable Software and Affected Versions: Apache InLong versions 1.4.0 through 1.7.0 Description: The issue is related to an SQL injection vulnerability due to improper neutralization of special elements used in an SQL command. This occurs in the toAuditCkSql method where the groupId...

9.8CVSS7.7AI score0.01193EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2023/07/25 12:0 a.m.4 views

PT-2023-5268 · Apache · Apache Inlong

Name of the Vulnerable Software and Affected Versions: Apache InLong versions 1.4.0 through 1.7.0 Description: The issue affects Apache InLong, allowing an attacker to bypass the current logic and achieve arbitrary file reading by exploiting a deserialization of untrusted data vulnerability. This...

8.7CVSS7AI score0.01323EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2023/01/07 12:0 a.m.4 views

PT-2023-10204 · Unknown · Luelista Miniconf

Name of the Vulnerable Software and Affected Versions: luelista miniConf versions up to 1.7.6 Description: A vulnerability has been found in the component URL Scanning, affecting an unknown functionality of the file miniConf/MessageView.cs. The manipulation leads to denial of service...

7.5CVSS4.6AI score0.00875EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2019/11/07 12:0 a.m.9 views

PT-2019-12758 · Phpoffice · Phpoffice Phpspreadsheet

Name of the Vulnerable Software and Affected Versions: PHPOffice PhpSpreadsheet versions prior to 1.8.0 Description: The issue arises from the XmlScanner decoding sheet1.xml from an .xlsx file to utf-8 if a different encoding is declared in the header. This was initially intended as a security...

8.8CVSS7.3AI score0.0135EPSS
Exploits1References10
Snyk
Snyk
added 2014/06/04 2:55 p.m.3 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS. PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote attackers to read arbitrary files, cause a denial of...

7.5CVSS7.7AI score0.01538EPSS
Exploits1References2
Rows per page
Query Builder