Lucene search
K

25 matches found

RedHat Linux
RedHat Linux
added 2026/05/27 10:37 a.m.16 views

Important: Red Hat Security Advisory: .NET 10.0 security update

An update for .NET 10.0 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

7.5CVSS5.8AI score0.0243EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/12 7:22 p.m.9 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound due to improper validation of user-supplied input in the authentication process. An attacker can gain elevated privileges by providing crafted input during local interaction. Remediation Upgrade...

8.3CVSS5.8AI score0.00662EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/10 8:8 p.m.5 views

CVE-2024-45671 IBM Security Verify Information Queue information disclosure

IBM Security Verify Information Queue 10.0.5, 10.0.6, 10.0.7, and 10.0.8 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

5.9CVSS6.1AI score0.00176EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/10 12:0 a.m.6 views

IBM Security Verify Information Queue 加密问题漏洞

IBM Security Verify Information Queue is an integration product from International Business Machines IBM, Inc. utilizes Kafka technology and a publish/subscribe model to integrate data between IBM Security products. A cryptographic issue vulnerability exists in IBM Security Verify Information Que...

7.5CVSS6.3AI score0.00176EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/21 7:27 p.m.13 views

CVE-2025-25036 Jalios JPlatform 10 Authenticated XML External Entity Injection (XXE)

Improper Restriction of XML External Entity Reference vulnerability in Jalios JPlatform allows XML Injection.This issue affects all versions of JPlatform 10 before 10.0.8 SP8...

6.8CVSS0.00407EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/03/21 7:27 p.m.11 views

CVE-2025-25036 Jalios JPlatform 10 Authenticated XML External Entity Injection (XXE)

Improper Restriction of XML External Entity Reference vulnerability in Jalios JPlatform allows XML Injection.This issue affects all versions of JPlatform 10 before 10.0.8 SP8...

6.8CVSS7.2AI score0.00407EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/08/29 12:0 a.m.6 views

IBM Security Verify Access 输入验证错误漏洞

IBM Security Verify Access ISAM is a service from International Business Machines IBM that improves user access security. The service enables secure and simple access to platforms such as the Web, mobile, IoT and cloud using risk-based access, single sign-on, integrated access management controls...

8.2CVSS6.6AI score0.0163EPSS
Exploits2References5
NVD
NVD
added 2023/07/05 9:15 p.m.26 views

CVE-2023-36808

GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.8, Computer Virtual Machine form and GLPI inventory request can be used to perform a SQL injection attack. Version 10.0.8 has a patch for this issue. As a workaround, one may disable native...

9.8CVSS9.4AI score0.47557EPSS
Exploits1References2
Prion
Prion
added 2023/07/05 9:15 p.m.24 views

Sql injection

GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.8, Computer Virtual Machine form and GLPI inventory request can be used to perform a SQL injection attack. Version 10.0.8 has a patch for this issue. As a workaround, one may disable native...

7.5CVSS9.7AI score0.47557EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2023/07/05 9:15 p.m.24 views

Design/Logic Flaw

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a file allows an unauthenticated user to be able to access dashboards data. Version 10.0.8 contains a patch for this issue...

5CVSS7.6AI score0.00659EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/07/05 9:15 p.m.23 views

Design/Logic Flaw

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a on a file accessible by an authenticated user or not for certain actions, allows a threat actor to interact, modify, or see Dashboard data. Version 10.0.8...

5.5CVSS7.9AI score0.00576EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/07/05 9:15 p.m.2 views

UBUNTU-CVE-2023-35940

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a file allows an unauthenticated user to be able to access dashboards data. Version 10.0.8 contains a patch for this issue...

7.5CVSS5.8AI score0.00659EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/07/05 8:46 p.m.30 views

CVE-2023-35940 GLPI vulnerable to unauthenticated access to Dashboard data

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a file allows an unauthenticated user to be able to access dashboards data. Version 10.0.8 contains a patch for this issue...

7.5CVSS7.8AI score0.00659EPSS
Exploits0References2
OSV
OSV
added 2023/07/05 8:46 p.m.20 views

CVE-2023-35940 GLPI vulnerable to unauthenticated access to Dashboard data

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a file allows an unauthenticated user to be able to access dashboards data. Version 10.0.8 contains a patch for this issue...

7.5CVSS7.4AI score0.00659EPSS
Exploits0References4
Prion
Prion
added 2023/07/05 8:15 p.m.17 views

Cross site scripting

GLPI is a free asset and IT management software package. Starting in version 9.4.0 and prior to version 10.0.8, a malicious link can be crafted by an unauthenticated user that can exploit a reflected XSS in case any authenticated user opens the crafted link. Users should upgrade to version 10.0.8...

5.8CVSS6AI score0.00511EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/07/05 8:15 p.m.15 views

Sql injection

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.8, GLPI inventory endpoint can be used to drive a SQL injection attack. By default, GLPI inventory endpoint requires no authentication. Version 10.0.8 has a patch for this issue. As a...

7.5CVSS9.7AI score0.52381EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/07/05 7:35 p.m.24 views

CVE-2023-35924 GLPI vulnerable to SQL injection via inventory agent request

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.8, GLPI inventory endpoint can be used to drive a SQL injection attack. By default, GLPI inventory endpoint requires no authentication. Version 10.0.8 has a patch for this issue. As a...

8.6CVSS9.6AI score0.52381EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/07/05 7:22 p.m.18 views

CVE-2023-34244 GLPI vulnerable to reflected XSS in search pages

GLPI is a free asset and IT management software package. Starting in version 9.4.0 and prior to version 10.0.8, a malicious link can be crafted by an unauthenticated user that can exploit a reflected XSS in case any authenticated user opens the crafted link. Users should upgrade to version 10.0.8...

6.5CVSS6AI score0.00511EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2023/07/05 12:0 a.m.20 views

GLPI vulnerable to unauthenticated access to Dashboard data

[email protected] reports: GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a file allows an unauthenticated user to be able to access dashboards data. Version 10.0.8 contains a patch for this...

7.5CVSS7.4AI score0.00659EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2023/07/05 12:0 a.m.23 views

GLPI vulnerable to reflected XSS in search pages

[email protected] reports: GLPI is a free asset and IT management software package. Starting in version 9.4.0 and prior to version 10.0.8, a malicious link can be crafted by an unauthenticated user that can exploit a reflected XSS in case any authenticated user opens the crafted link...

6.5CVSS7.2AI score0.00511EPSS
Exploits0References1
Rows per page
Query Builder