Lucene search
K

18 matches found

Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.6 views

PT-2026-33321

Name of the Vulnerable Software and Affected Versions @fastify/static versions 8.0.0 through 9.1.0 Description Path traversal occurs when directory listing is enabled via the list option. The dirList.path function resolves directories outside the configured static root using path.join without a...

5.3CVSS5.9AI score0.00506EPSS
Exploits0References9
NVD
NVD
added 2026/04/09 4:16 p.m.4 views

CVE-2026-34020

Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings. The REST login endpoint uses HTTP GET method with username and password passed as query parameters. Please check references regarding possible impact This issue affects Apache OpenMeetings: from 3.1.3...

7.5CVSS0.00509EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/09 3:52 p.m.18 views

CVE-2026-33005 Apache OpenMeetings: Insufficient checks in FileWebService

Improper Handling of Insufficient Privileges vulnerability in Apache OpenMeetings. Any registered user can query web service with their credentials and get files/sub-folders of any folder by ID metadata only NOT contents. Metadata includes id, type, name and some other field. Full list of fields...

0.00418EPSS
Exploits0References2
CVE
CVE
added 2026/04/09 3:52 p.m.15 views

CVE-2026-33005

Apache OpenMeetings is affected by an Improper Handling of Insufficient Privileges vulnerability. A registered user can query the web service with their credentials and retrieve metadata (e.g., id, type, name, and other FileItemDTO fields) for files and sub-folders of any folder by ID, with no co...

4.3CVSS5.8AI score0.00418EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/09 3:52 p.m.7 views

CVE-2026-33005

Improper Handling of Insufficient Privileges vulnerability in Apache OpenMeetings. Any registered user can query web service with their credentials and get files/sub-folders of any folder by ID metadata only NOT contents. Metadata includes id, type, name and some other field. Full list of fields...

5.8AI score0.00418EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/04/09 3:52 p.m.22 views

CVE-2026-34020

CVE-2026-34020 affects Apache OpenMeetings (versions 3.1.3 through 8.9.99). The REST login endpoint uses HTTP GET with username and password passed as query parameters, exposing credentials in server logs, browser history, and potentially network monitoring. The issue is mitigated by upgrading to...

7.5CVSS5.8AI score0.00509EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/09 3:52 p.m.3 views

CVE-2026-34020

Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings. The REST login endpoint uses HTTP GET method with username and password passed as query parameters. Please check references regarding possible impact This issue affects Apache OpenMeetings: from 3.1.3...

5.8AI score0.00509EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/03/25 4:57 p.m.19 views

CVE-2026-23635

Kiteworks Secure Data Forms (PDN) has a vulnerability affecting versions prior to 9.2.1 due to a misconfiguration of security attributes that could lead to Unprotected Transport of Credentials. The issue is documented across CVE-2026-23635 with a CVSSv3.1 base score of 6.5 (Network, High attack v...

6.5CVSS5.8AI score0.00317EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2021-39210

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, the cookie used to store the autologin cookie when a user uses the remember...

6.5CVSS7AI score0.01014EPSS
Exploits0References2
Snyk
Snyk
added 2024/11/12 11:3 p.m.4 views

Access of Resource Using Incompatible Type ('Type Confusion')

Overview System.Formats.Nrbf is a package that exposes only one component: NrbfDecoder: a stateless, forward-only decoder class that can decode .NET Remoting Binary Format NRBF binary data from a stream. Affected versions of this package are vulnerable to Access of Resource Using Incompatible Typ...

9.8CVSS7.8AI score0.03512EPSS
Exploits0References2
OSV
OSV
added 2023/11/27 11:15 p.m.1 views

GHSA-PJJW-QHG8-P2P9 aiohttp has vulnerable dependency that is vulnerable to request smuggling

Summary llhttp 8.1.1 is vulnerable to two request smuggling vulnerabilities. Details have not been disclosed yet, so refer to llhttp for future information. The issue is resolved by using llhttp 9+ which is included in aiohttp 3.8.6+...

5.8AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/08/20 12:0 a.m.8 views

PT-2023-25855 · Unity +1 · Unity Parsec +1

Name of the Vulnerable Software and Affected Versions: Unity Parsec versions prior to 9 Parsec Loader versions prior to 9 Description: The issue is a Time-of-check-to-time-of-use TOCTOU race condition that allows local attackers to escalate privileges to SYSTEM if Parsec was installed in "Per Use...

7CVSS7.1AI score0.00298EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/06/28 12:0 a.m.7 views

PT-2023-3347

Name of the Vulnerable Software and Affected Versions: Arcserve UDP versions 7.0 through 9.0.6034 Description: The issue allows authentication bypass, enabling an attacker to obtain a valid session and execute tasks as an administrator. This is achieved by exploiting the getVersionInfo method at...

10CVSS9.8AI score0.37715EPSS
Exploits2References20
Positive Technologies
Positive Technologies
added 2023/04/28 12:0 a.m.8 views

PT-2023-21746 · Unknown · Concrete Cms

Name of the Vulnerable Software and Affected Versions: Concrete CMS previously concrete5 versions 9.0 through 9.1.3 Concrete CMS previously concrete5 versions prior to 9.2 Description: The issue is related to Stored XSS on Tags on uploaded files. This allows for malicious code to be stored and...

5.4CVSS5.3AI score0.00544EPSS
Exploits0References12
OSV
OSV
added 2023/03/13 9:15 a.m.5 views

CVE-2023-1369

A vulnerability was found in TG Soft Vir.IT eXplorer 9.4.86.0. It has been rated as problematic. This issue affects the function 0x82730088 in the library VIRAGTLT.sys of the component IoControlCode Handler. The manipulation leads to denial of service. The attack needs to be approached locally. T...

5.5CVSS4.5AI score0.0024EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2022/06/14 11:55 a.m.3 views

CVE-2022-32156

In Splunk Enterprise and Universal Forwarder versions before 9.0, the Splunk command-line interface CLI did not validate TLS certificates while connecting to a remote Splunk platform instance by default. After updating to version 9.0, see Configure TLS host name validation for the Splunk CLI...

8.1CVSS5.5AI score0.00762EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2021/01/20 12:0 a.m.3 views

PT-2021-24261 · Raw-Cpuid · Raw-Cpuid

Name of the Vulnerable Software and Affected Versions: raw-cpuid crate versions prior to 9.1.1 Description: The issue arises when the non-default serialize feature is activated, allowing most structs to implement serde::Deserialize without sufficient validation. This can lead to breaking invarian...

9.8CVSS9.2AI score0.01123EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2020/07/17 12:0 a.m.8 views

PT-2020-4343 · Teclib +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 9.5.1 Description: The issue is related to the Clone feature in the GLPI system, which is vulnerable due to incorrect neutralization of special elements used in SQL queries. This allows a remote attacker to execute...

10CVSS7AI score0.99628EPSS
Exploits32References127
Rows per page
Query Builder