Lucene search
K

26 matches found

OSV
OSV
added 2026/05/18 7:52 a.m.9 views

SUSE-SU-2026:1952-1 Security update for ovmf

This update for ovmf fixes the following issues - CVE-2026-25833: mbedtls: buffer underflow in x509inetptonipv6 bsc1261476. - CVE-2026-25834: mbedtls: Algorithm downgrade vulnerability bsc1261477. - CVE-2026-25835: mbedtls: PSA random generator cloning bsc1261478. - CVE-2026-34874: mbedtls: NULL...

7.7CVSS5.9AI score0.00308EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/03/26 9:14 p.m.2 views

CVE-2026-33669 SiYuan has Arbitrary Document Reading within the Publishing Service

SiYuan is a personal knowledge management system. Prior to version 3.6.2, document IDs were retrieved via the /api/file/readDir interface, and then the /api/block/getChildBlocks interface was used to view the content of all documents. Version 3.6.2 patches the issue...

9.8CVSS5.9AI score0.00523EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:0 p.m.4 views

CVE-2026-33136

WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting XSS vulnerability in the listarmemorandosativos.php endpoint. An attacker can inject arbitrary JavaScript or HTML tags into the sccd GET parameter, which is then directly echoed into...

9.3CVSS6AI score0.00214EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.7 views

Adobe Substance3D Stager 缓冲区错误漏洞

Substance 3D Stager is the United States of America Ordoby Adobe company launched a dedicated to the 3D scene set, lighting settings and high-quality rendering of professional software. An out-of-bounds write vulnerability exists in Adobe Substance 3D Stager 3.1.6 and earlier versions, which can ...

7.8CVSS6.1AI score0.00176EPSS
Exploits0References1
CVE
CVE
added 2026/01/16 7:37 p.m.17 views

CVE-2026-23724

CVE-2026-23724 affects the WeGIA web manager. A Stored Cross‑Site Scripting (XSS) vulnerability exists in the html/atendido/cadastro_ocorrencia.php endpoint where user-controlled data is rendered in the “Atendido” dropdown without sanitization. This could allow injection in Attendido_idatendido f...

5.4CVSS5AI score0.00181EPSS
Exploits1References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.2 views

MiracleLinux 4 : firefox-3.6.26-1.0.1.AXS4, xulrunner-1.9.2.26-1.0.1.AXS4 (AXSA:2012-194:02)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-194:02 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security issues fixed with this releas...

10CVSS8.8AI score0.36511EPSS
Exploits11References6
RedhatCVE
RedhatCVE
added 2026/01/09 10:8 a.m.12 views

CVE-2019-20221

In Support Incident Tracker SiT! 3.67, Load Plugins input in the config.php page is affected by XSS. The XSS payload is, for example, executed on the about.php page...

6.1CVSS6.1AI score0.00668EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:6 a.m.7 views

CVE-2019-20220

In Support Incident Tracker SiT! 3.67, the searchid parameter in the searchincidentsadvanced.php page is affected by XSS...

6.1CVSS6.9AI score0.00668EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:25 a.m.3 views

CVE-2023-4995

The Embed Calendly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'calendly' shortcode in versions up to, and including, 3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

6.4CVSS5AI score0.00348EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/24 6:31 p.m.3 views

CVE-2025-58648

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nicu Micle Simple JWT Login simple-jwt-login allows Stored XSS.This issue affects Simple JWT Login: from n/a through = 3.6.4...

6.5CVSS5.9AI score0.00196EPSS
Exploits0References1
CVE
CVE
added 2025/08/19 6:45 a.m.43 views

CVE-2025-6758

The CVE covers the Real Spaces – WordPress Properties Directory Theme for WordPress, vulnerable to unauthenticated privilege escalation via the imic_agent_register function in all versions up to 3.6. The flaw stems from insufficient restrictions on the registration role, allowing an attacker to s...

9.8CVSS6.8AI score0.00352EPSS
Exploits3References2
CVE
CVE
added 2025/03/31 12:55 p.m.53 views

CVE-2025-31542

CVE-2025-31542 identifies an authenticated SQL Injection in the WordPress plugin My auctions allegro (free edition). Affected: My auctions allegro

8.5CVSS7.3AI score0.00304EPSS
Exploits0References1
OSV
OSV
added 2024/07/22 2:15 p.m.2 views

DEBIAN-CVE-2024-25638

dnsjava is an implementation of DNS in Java. Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. This vulnerability is fixed in 3.6.0...

8.9CVSS7AI score0.00392EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/02/13 12:0 a.m.7 views

CVE-2024-25407

SteVe v3.6.0 was discovered to use predictable transaction ID's when receiving a StartTransaction request. This vulnerability can allow attackers to cause a Denial of Service DoS by using the predicted transaction ID's to terminate other transactions...

7.5AI score0.00562EPSS
Exploits0References1
OSV
OSV
added 2023/09/26 8:25 a.m.10 views

SUSE-SU-2023:3778-1 Security update for wireshark

This update for wireshark fixes the following issues: - Wireshark update to v3.6.16. - CVE-2023-4512: Fixed a bug in CBOR dissector which could lead to crash. bsc1214561 - CVE-2023-4511: Fixed a bug in BT SDP dissector which could lead to an infinite loop. bsc1214560 - CVE-2023-4513: Fixed a bug ...

7.5CVSS6.8AI score0.02771EPSS
Exploits3References9
CNNVD
CNNVD
added 2023/09/14 12:0 a.m.5 views

Super Store Finder SQL Injection Vulnerability

Super Store Finder is an easy-to-use Google Maps API store finder program Super Store Finder by Super Store Finder. A security vulnerability exists in Super Store Finder version v.3.6, which stems from a vulnerability that allows a remote attacker to execute arbitrary code via a carefully crafted...

9.8CVSS7.8AI score0.01409EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/07/18 12:0 a.m.5 views

Super Store Finder SQL注入漏洞

Super Store Finder is an easy to use Google Maps API store finder program Super Store Finder by Super Store Finder. A SQL injection vulnerability exists in Super Store Finder version 3.6, which stems from an incorrect manipulation of the parameter products that can lead to sql injection...

9.8CVSS7.1AI score0.00425EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:57 a.m.4 views

SUSE CVE-2010-3399

The jsInitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a context pointer in conjunction with its successor pointer for seeding of a random number generator, which makes it easier for remote attackers to guess th...

5.8CVSS6.5AI score0.01914EPSS
Exploits2References3
OSV
OSV
added 2022/02/14 10:13 a.m.9 views

OPENSUSE-SU-2022:0375-1 Security update for wireshark

This update for wireshark fixes the following issues: Update to version 3.6.1: - CVE-2021-4185: RTMPT dissector infinite loop bsc1194166 - CVE-2021-4184: BitTorrent DHT dissector infinite loop bsc1194167 - CVE-2021-4183: pcapng file parser crash bsc1194168 - CVE-2021-4182: RFC 7468 file parser...

7.5CVSS6.5AI score0.03879EPSS
Exploits6References14
Positive Technologies
Positive Technologies
added 2021/07/16 12:0 a.m.2 views

PT-2021-7872 · Offis +5 · Dcmtk +5

Name of the Vulnerable Software and Affected Versions: OFFIS DCMTK versions prior to 3.6.7 Description: The issue is related to a NULL pointer dereference vulnerability while processing DICOM files, which may result in a denial-of-service condition. This vulnerability is associated with errors in...

9.8CVSS6.9AI score0.07629EPSS
Exploits10References100
Rows per page
Query Builder