Lucene search
+L

9 matches found

OSV
OSV
added 2026/07/06 8:3 a.m.5 views

PYSEC-2026-773 Remote code execution in Apache Airflow Docker's Provider

Apache Airflow Docker's Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to authenticated remote code exploit of code on the Airflow worker host. Disable loading of example DAGs or upgrade apache-airflow-providers-docker to 3.0.0 or above...

8.8CVSS6.3AI score0.01602EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.14 views

PT-2026-55955

Name of the Vulnerable Software and Affected Versions Apache OpenNLP versions prior to 3.0.0-M4 Description Untrusted Java deserialization occurs in the SvmDoccatModel.deserializeInputStream function. The function uses java.io.ObjectInputStream to read an attacker-controlled stream and calls...

7.3CVSS6.3AI score0.08786EPSS
Exploits0References5
OSV
OSV
added 2026/06/25 9:16 a.m.3 views

DEBIAN-CVE-2026-56130

"Remember me" cookie age is not verified on the server. This potentially allows an attacker to intercept a valid cookie and reuse it indefinitely, even after the configured expiration time has passed. This issue affects all Apache Shiro versions from 1.2.4 through 2.x, and 3.0.0-alpha-1, only whe...

2CVSS5.8AI score0.00224EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 8:44 a.m.8 views

CVE-2026-56130

"Remember me" cookie age is not verified on the server. This potentially allows an attacker to intercept a valid cookie and reuse it indefinitely, even after the configured expiration time has passed. This issue affects all Apache Shiro versions from 1.2.4 through 2.x, and 3.0.0-alpha-1, only whe...

2CVSS5.9AI score0.00224EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/17 6:11 p.m.15 views

EUVD-2026-36728

Multer vulnerable to Denial of Service via incomplete cleanup of aborted uploads...

7.5CVSS5.2AI score0.00278EPSS
Exploits0References3
CVE
CVE
added 2026/06/15 1:56 p.m.297 views

CVE-2026-5079

The CVE-2026-5079 issue affects the Multer library (versions 1.0.0–2.1.1 and 3.0.0-alpha.1). The vulnerability arises from the append-field dependency parsing bracket notation in field names with no limit on nesting depth, which can cause the allocation of deeply nested object structures and cons...

7.5CVSS5.4AI score0.00278EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2015-10005

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in markdown-it up to 2.x. It has been classified as problematic. Affected is an unknown function of the file lib/common/htmlre.js. The...

7.5CVSS5.1AI score0.00946EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/12/16 12:0 a.m.4 views

PT-2024-36311 · Evernote · Evernote Sync

Name of the Vulnerable Software and Affected Versions: Evernote Sync versions prior to 3.0.0 Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows reflected XSS. Recommendations: For versions prior to...

7.1CVSS7AI score0.00418EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/11/08 12:0 a.m.8 views

PT-2024-40198 · Sp1 · Sp1

Name of the Vulnerable Software and Affected Versions: SP1 versions prior to 3.0.0 Description: The issue arises during proof generation, where the prover must observe all values sent to the verifier to generate valid Fiat-Shamir challenges. In versions prior to 3.0.0, the cumulative sum of the...

6.3CVSS7.2AI score
Exploits0References4
Rows per page
Query Builder