Lucene search
+L

157 matches found

OSV
OSV
added 2025/07/14 10:15 a.m.6 views

UBUNTU-CVE-2025-53689

Blind XXE Vulnerabilities in jackrabbit-spi-commons and jackrabbit-core in Apache Jackrabbit 2.23.2 due to usage of an unsecured document build to load privileges. Users are recommended to upgrade to versions 2.20.17 Java 8, 2.22.1 Java 11 or 2.23.2 Java 11, beta versions, which fix this issue...

8.8CVSS5.7AI score0.00466EPSS
Exploits0References3
OSV
OSV
added 2025/06/27 5:22 a.m.4 views

SUSE-SU-2025:02150-1 Security update for google-osconfig-agent

This update for google-osconfig-agent fixes the following issues: - Update to version 20250416.02 bsc1244304, bsc1244503 defaultSleeper: tolerate 10% difference to reduce test flakiness Add output of some packagemanagers to the testdata - from version 20250416.01 Refactor OS Info package - from...

7.1CVSS7.5AI score0.0029EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/06/03 12:0 a.m.1 views

PT-2025-32985

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 11.0.0-M1 through 11.0.7 Apache Tomcat versions 10.1.0-M1 through 10.1.41 Apache Tomcat versions 9.0.0.M1 through 9.0.105 Description: A session fixation issue exists in Apache Tomcat due to a flaw in the rewrite valve...

7.8CVSS7.6AI score0.00831EPSS
Exploits0References37
RedhatCVE
RedhatCVE
added 2025/05/23 9:10 a.m.7 views

CVE-2024-56145

Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected by this vulnerability if their php.ini configuration has registerargcargv enabled. For these users an unspecified remote code execution vector is present...

9.8CVSS8.2AI score0.97446EPSS
Exploits9References1
OSV
OSV
added 2025/05/22 1:15 p.m.5 views

CVE-2025-3936

Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Niagara Framework: before 4.14.2, before 4.15.1,...

9.8CVSS5.8AI score0.00366EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/05/22 12:0 a.m.7 views

PT-2025-22467 · Linux +3 · Linux +4

Name of the Vulnerable Software and Affected Versions: Tridium Niagara Framework versions prior to 4.14.2, prior to 4.15.1, prior to 4.10.11 Tridium Niagara Enterprise Security versions prior to 4.14.2, prior to 4.15.1, prior to 4.10.11 Description: The issue is related to the improper use of a...

9.8CVSS6.4AI score0.003EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/05/16 7:14 p.m.37 views

CVE-2025-22233 Spring Framework DataBinder Case Sensitive Match Exception

CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, there are still cases where it is possible to bypass the disallowedFields checks. Affected Spring Products and Versions Spring Framework: 6.2...

3.1CVSS7.1AI score0.00351EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 12:30 p.m.14 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses dompurify-3.2.3.tgz which is vulnerable to CVE-2025-26791.

Summary IBM Maximo Application Suite - Manage Component uses dompurify-3.2.3.tgz which is vulnerable to CVE-2025-26791. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-26791 DESCRIPTION: DOMPurify before 3.2.4 has an incorrect...

6.1CVSS5.8AI score0.00583EPSS
Exploits1Affected Software1
OSV
OSV
added 2025/04/14 11:0 p.m.14 views

GHSA-3988-Q8Q7-P787 ash_authentication has email link auto-click account confirmation vulnerability

Impact The confirmation flow for account creation currently uses a GET request triggered by clicking a link sent via email. Some email clients and security tools e.g., Outlook, virus scanners, and email previewers may automatically follow these links, unintentionally confirming the account. This...

5.3CVSS6.7AI score0.00298EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/01 11:17 a.m.32 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to systeminformation-5.22.11.tgz CVE-2024-56334

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to systeminformation-5.22.11.tgz CVE-2024-56334. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-56334 DESCRIPTION: systeminformation is a System and OS informati...

7.8CVSS7.7AI score0.00698EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2025/03/12 12:0 a.m.3 views

PT-2025-11151 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 17.2 through 17.7.7 GitLab EE versions 17.8 through 17.8.5 GitLab EE versions 17.9 through 17.9.2 Description: An issue was discovered in the Google Cloud IAM integration feature, where an input validation problem could hav...

7.4CVSS7.2AI score0.00228EPSS
Exploits1References11
Tenable Nessus
Tenable Nessus
added 2025/02/27 12:0 a.m.14 views

SUSE SLED15 / SLES15 / openSUSE 15 : Recommended update for Maven (SUSE-SU-2025:0719-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0719-1 advisory. maven-dependency-analyzer was updated from version 1.13.2 to 1.15.1: - Key changes across versions: Bug...

9CVSS6.8AI score0.22709EPSS
Exploits0References3
SUSE Linux
SUSE Linux
added 2025/02/26 7:26 a.m.3 views

Recommended update for Maven

This update for Maven fixes the following issues: maven-dependency-analyzer was updated from version 1.13.2 to 1.15.1: Key changes across versions: Bug fixes and improved support of dynamic types Dependency upgrades ASM, Maven core, and notably the removal of commons-io Improved error handling by...

8.8CVSS8.4AI score0.22709EPSS
Exploits0References2
Snyk
Snyk
added 2025/02/24 9:31 p.m.2 views

Exposure of Sensitive Information Through Metadata

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Exposure of Sensitive Information Through Metadata via the tag search page or in the tags block which allows users to discover tags that are not expected to be visible. Remediation Upgrade...

6.9CVSS6.8AI score0.00335EPSS
Exploits0References2
NVD
NVD
added 2025/02/04 8:15 p.m.28 views

CVE-2025-24964

Vitest is a testing framework powered by Vite. Affected versions are subject to arbitrary remote Code Execution when accessing a malicious website while Vitest API server is listening by Cross-site WebSocket hijacking CSWSH attacks. When api option is enabled Vitest UI enables it, Vitest starts a...

9.6CVSS0.0067EPSS
Exploits1References4
Snyk
Snyk
added 2025/01/23 10:42 p.m.6 views

SQL Injection

Overview centreon/centreon is a network, system, applicative supervision and monitoring tool. Affected versions of this package are vulnerable to SQL Injection through the form used to create virtual metrics. An attacker can manipulate the underlying database queries and potentially access, modif...

9.1CVSS7.8AI score0.0109EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/11/13 12:0 a.m.2 views

PT-2024-8695 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 16.0 through 17.3.7 GitLab CE/EE versions 17.4 through 17.4.4 GitLab CE/EE versions 17.5 through 17.5.2 Description: The issue is related to a flaw in the authorization mechanism of GitLab CE/EE, which could allow...

8.8CVSS6.5AI score0.00482EPSS
Exploits0References28
Snyk
Snyk
added 2024/11/11 12:47 p.m.1 views

Improper Privilege Management

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Improper Privilege Management due to insufficient capability checks in the process of restoring glossaries which allows an attacker to restore glossaries in courses into the global site glossary...

6.9CVSS6.7AI score0.00336EPSS
Exploits0References2
OSV
OSV
added 2024/11/07 8:15 a.m.4 views

UBUNTU-CVE-2024-38286

Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89. The following versions were EOL at the time the CVE was created but are known to be...

8.6CVSS6.9AI score0.01702EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/11/06 12:0 a.m.7 views

PT-2024-34873 · Unknown · Symphony Php Framework

Name of the Vulnerable Software and Affected Versions: Symphony PHP framework versions prior to 5.4.46 Symphony PHP framework versions prior to 6.4.14 Symphony PHP framework versions prior to 7.1.7 Description: The Symphony process module in the Symphony PHP framework executes commands in...

8.6CVSS7.2AI score0.00426EPSS
Exploits0References15
Rows per page
Query Builder