Lucene search
K

27 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/03/26 6:49 a.m.43 views

Security Bulletin: IBM SPSS Modeler is vulnerabile to SSL private key exposure (CVE-2023-33842)

Summary An SSL private key exposure in IBM SPSS Modeler could allow a local user to decrypt and obtain sensitive information Vulnerability Details CVEID:CVE-2023-33842 DESCRIPTION: IBM SPSS Modeler on Windows requires the end user to have access to the server SSL key which could allow a local use...

6.2CVSS6.2AI score0.00188EPSS
Exploits0Affected Software1
SUSE CVE
SUSE CVE
added 2026/02/13 12:26 a.m.5 views

SUSE CVE-2026-2007

Heap buffer overflow in PostgreSQL pgtrgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of attacks that lead to privilege escalation. PostgreSQL 18.1 and...

8.2CVSS5.8AI score0.00481EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/02/12 1:0 p.m.39 views

CVE-2026-2007 PostgreSQL pg_trgm heap buffer overflow writes pattern onto server memory

Heap buffer overflow in PostgreSQL pgtrgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of attacks that lead to privilege escalation. PostgreSQL 18.1 and...

8.2CVSS0.00481EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/12 1:0 p.m.4 views

CVE-2026-2007

Heap buffer overflow in PostgreSQL pgtrgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of attacks that lead to privilege escalation. PostgreSQL 18.1 and...

8.2CVSS5.8AI score0.00481EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-24603

Malicious code in bioql PyPI...

6.5CVSS6.3AI score0.00264EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-2627

Malicious code in bioql PyPI...

6.1CVSS5.5AI score0.00385EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-21640

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.01274EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/08/29 3:35 p.m.3 views

CVE-2025-55202 Opencast has a partial path traversal vulnerability in UI config

Opencast is a free, open-source platform to support the management of educational audio and video content. In version 18.0 and versions before 17.7, the protections against path traversal attacks in the UI config module are insufficient, still partially allowing for attacks in very specific cases...

6.9CVSS6.2AI score0.00359EPSS
Exploits0References3
OSV
OSV
added 2025/08/13 5:26 p.m.5 views

CVE-2025-8770 Authorization Bypass Through User-Controlled Key in GitLab

An issue has been discovered in GitLab EE affecting all versions from 18.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that could have allowed authenticated users with specific access to bypass merge request approval policies by manipulating approval rule identifiers...

6.5CVSS6.3AI score0.00264EPSS
Exploits0References4
OSV
OSV
added 2025/06/26 5:31 a.m.3 views

CVE-2025-2938 Business Logic Errors in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to gain elevated project privileges by requesting access to projects where role modifications during the approval...

3.1CVSS6.5AI score0.00266EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/06/26 12:0 a.m.10 views

GitLab 16.10 < 17.11.5 / 18.0 < 18.0.3 / 18.1 < 18.1.1 (CVE-2025-5846)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab EE affecting all versions from 16.10 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to assign unrelated...

4.3CVSS5.5AI score0.00211EPSS
Exploits0References3
NVD
NVD
added 2025/06/20 6:15 p.m.8 views

CVE-2025-5121

An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.4 and 18.0 before 18.0.2. A missing authorization check may have allowed compliance frameworks to be applied to projects outside the compliance framework's group...

9.9CVSS0.07524EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/06/20 12:0 a.m.7 views

GitLab 17.11 < 17.11.4 / 18.0 < 18.0.2 (CVE-2025-5121)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue that, under certain conditions, could have allowed a successful attacker with authenticated access to a GitLab instance with a GitLab Ultimate license applied paid...

9.9CVSS6AI score0.07524EPSS
Exploits0References4
NVD
NVD
added 2025/06/12 10:16 a.m.16 views

CVE-2025-4278

An issue has been discovered in GitLab CE/EE affecting all versions starting with 18.0 before 18.0.2. Under certain conditions html injection in new search page could lead to account takeover...

8.7CVSS0.06582EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 12:46 a.m.7 views

CVE-2022-4328

The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server...

9.8CVSS7.1AI score0.04427EPSS
Exploits2References1
CNNVD
CNNVD
added 2024/06/11 12:0 a.m.18 views

Microsoft Azure Backlink Vulnerability

Microsoft Azure is a suite of open, enterprise-grade cloud computing platforms from Microsoft Corporation USA. A backlink vulnerability exists in Microsoft Azure File Sync. An attacker could exploit the vulnerability to elevate privileges. The following products and versions are affected:Azure Fi...

4.4CVSS6.7AI score0.00738EPSS
Exploits0References3
Microsoft Security Update
Microsoft Security Update
added 2024/05/06 4:0 p.m.14 views

Azure File Sync Agent v18.0 Release – May 2024 (KB5023057)

Update for Azure File Sync agent version 18.0.0.0. For more details, see the associated Microsoft Knowledge Base article...

7.3AI score
Exploits0
Prion
Prion
added 2023/01/13 9:15 p.m.24 views

Cross site scripting

Adobe InCopy versions 18.0 and earlier, 17.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

4.4CVSS7.8AI score0.00294EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/01/13 8:15 p.m.11 views

Design/Logic Flaw

Adobe InDesign version 18.0 and earlier, 17.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction i...

1.9CVSS5.1AI score0.00313EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/01/13 8:15 p.m.16 views

Input validation

Adobe InDesign version 18.0 and earlier, 17.4 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

4.4CVSS7.7AI score0.00326EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder