CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

31 matches found

Gradio - Server-Side Request Forgery

A Server-Side Request Forgery SSRF vulnerability exists in the gradio-app/gradio version 4.21.0, specifically within the /queue/join endpoint and the saveurltocache function. The vulnerability arises when the path value, obtained from the user and expected to be a URL, is used to make an HTTP...

8.6CVSS7.5AI score0.65093EPSS

Exploits1References2

Fedora•added 2026/01/22 1:8 a.m.•5 views

[SECURITY] Fedora 43 Update: mingw-libtasn1-4.21.0-1.fc43

libtasn1 is the ASN.1 library used in GNUTLS. This package contains the MinGW Windows cross compiled libtasn1 library...

7.5CVSS6AI score0.0005EPSS

Exploits0

CNNVD•added 2025/07/26 12:0 a.m.•3 views

WordPress plugin Kallyas 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

8.1CVSS6.6AI score0.00434EPSS

Exploits0References3

Patchstack•added 2025/07/25 9:59 p.m.•2 views

WordPress Kallyas theme <= 4.21.0 - Authenticated (Contributor+) Local File Inclusion vulnerability

Authenticated Contributor+ Local File Inclusion vulnerability discovered by stealthcopter in WordPress Theme KALLYAS versions = 4.21.0...

7.5CVSS5.4AI score0.00243EPSS

Exploits0References1Affected Software1

UbuntuCve•added 2025/06/03 12:0 a.m.•8 views

CVE-2025-0620

A flaw was found in Samba. The smbd service daemon does not pick up group membership changes when re-authenticating an expired SMB session. This issue can expose file shares until clients disconnect and then connect again...

4.9CVSS5.8AI score0.0025EPSS

Exploits0References3

RedhatCVE•added 2025/05/23 4:51 a.m.•6 views

CVE-2023-28439

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after fulfilling special conditions: using one of the affected packages ...

6.1CVSS6.5AI score0.0054EPSS

Exploits0References1

RedhatCVE•added 2025/02/05 12:7 a.m.•7 views

CVE-2024-4325

8.6CVSS8.2AI score0.65093EPSS

Exploits1

Github Security Blog•added 2024/06/06 6:30 p.m.•19 views

Server-Side Request Forgery in gradio

A Server-Side Request Forgery SSRF vulnerability exists in the gradio-app/gradio and was discovered in version 4.21.0, specifically within the /queue/join endpoint and the saveurltocache function. The vulnerability arises when the path value, obtained from the user and expected to be a URL, is us...

8.6CVSS8.3AI score0.65093EPSS

Exploits1References4Affected Software1

OSV•added 2024/06/06 6:15 p.m.•9 views

CVE-2024-4325

8.6CVSS6.6AI score

Exploits0References1

Vulnrichment•added 2024/06/06 5:55 p.m.•20 views

CVE-2024-4325 Server-Side Request Forgery (SSRF) in gradio-app/gradio

8.6CVSS6.7AI score0.65093EPSS

Exploits1References1

Cvelist•added 2024/06/06 5:55 p.m.•18 views

CVE-2024-4325 Server-Side Request Forgery (SSRF) in gradio-app/gradio

8.6CVSS0.65093EPSS

Exploits1References1

CNNVD•added 2024/06/06 12:0 a.m.•1 views

Gradio Code Issue Vulnerability

Gradio is an open source Python library that is a way to demonstrate machine learning models through a friendly web interface. A code issue vulnerability exists in Gradio version 4.21.0, which stems from a server-side request forgery vulnerability due to insufficient validation of values retrieve...

8.6CVSS7AI score0.65093EPSS

Exploits1References2

Tenable Nessus•added 2023/05/03 12:0 a.m.•38 views

Atlassian Jira Service Management 4.21.0 < 4.22.4 Multiple Vulnerabilities

According to its self-reported version number, the Atlassian Jira Service Management application running on the remote host is version 4.14.0 prior to version 4.20.10 or 4.21.0 prior to 4.22.4. It is, therefore, affected by multiple vulnerabilities: - A flaw which permits authenticated remote...

9.8CVSS8.2AI score0.84005EPSS

Exploits1References5

Tenable Nessus•added 2023/05/03 12:0 a.m.•12 views

Atlassian Jira Service Management 4.14.0 < 4.20.6 Seraph Authentication Bypass

According to its self-reported version number, the Atlassian Jira Service Management application running on the remote host is version 4.14.0 prior to 4.20.6 or 4.21.0 prior to 4.22.6. It is, therefore, affected by a authentication bypass vulnerability in Jira Seraph which may allow remote,...

9.8CVSS7.7AI score0.92567EPSS

Exploits2References2

Tenable Nessus•added 2023/05/03 12:0 a.m.•17 views

Atlassian Jira Service Management 4.21.0 < 4.22.6 Seraph Authentication Bypass

9.8CVSS7.7AI score0.92567EPSS

Exploits2References2

NVD•added 2023/03/22 9:15 p.m.•9 views

CVE-2023-28439

6.1CVSS5.7AI score0.0054EPSS

Exploits0References6

Debian CVE•added 2023/03/22 8:55 p.m.•24 views

CVE-2023-28439

6.1CVSS7AI score0.0054EPSS

Exploits0

NVD•added 2022/02/24 5:15 a.m.•14 views

CVE-2021-43943

Affected versions of Atlassian Jira Service Management Server and Data Center allow attackers with administrator privileges to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in the "Object Schema" field of /secure/admin/InsightDefaultCustomFieldConfig.jspa. The...

4.8CVSS0.00266EPSS

Exploits0References1

Vulnrichment•added 2022/02/24 4:40 a.m.•12 views

CVE-2021-43943

5.5AI score0.00266EPSS

Exploits0References1

CNNVD•added 2022/02/24 12:0 a.m.•2 views

Atlassian Jira 跨站脚本漏洞

Atlassian Jira is a defect tracking management system from Atlassian Australia. A cross-site scripting vulnerability exists in Atlassian Jira Service Management Server and Data Center versions prior to 4.21.0, which originates in /secure/admin/ The "Object Schema" field of...

4.8CVSS5.6AI score0.00266EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by