Lucene search
K

20 matches found

Broadcom
Broadcom
added 2026/05/19 12:0 a.m.12 views

Flask-Reuploaded vulnerable to Remote Code Execution via Server-Side Template Injection (CVE-2026-27641)

Flask-Reuploaded provides file uploads for Flask. A critical path traversal and extension bypass vulnerability in versions prior to 1.5.0 allows remote attackers to achieve arbitrary file write and remote code execution through Server-Side Template Injection SSTI. Flask-Reuploaded has been patche...

9.8CVSS6.5AI score0.01046EPSS
Exploits1
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.11 views

Gravitl Netmaker 数据伪造问题漏洞

Gravitl Netmaker is a platform developed by the American company Gravitl, which uses WireGuard to create and manage fast, secure, and dynamic virtual overlay networks. It is used to create and control automated virtual networks. Versions of Gravitl Netmaker prior to 1.5.0 contained a data...

8.2CVSS5.8AI score0.00298EPSS
Exploits1References2
NVD
NVD
added 2026/03/26 9:17 p.m.5 views

CVE-2026-3532

Improper Handling of Case Sensitivity vulnerability in Drupal OpenID Connect / OAuth client allows Privilege Escalation.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0...

4.2CVSS0.00133EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/26 8:4 p.m.2 views

CVE-2026-3532 OpenID Connect / OAuth client - Less critical - Access bypass - SA-CONTRIB-2026-027

Improper Handling of Case Sensitivity vulnerability in Drupal OpenID Connect / OAuth client allows Privilege Escalation.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0...

5.9AI score0.00133EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/26 8:3 p.m.21 views

CVE-2026-3531 OpenID Connect / OAuth client - Moderately critical - Access bypass - SA-CONTRIB-2026-026

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal OpenID Connect / OAuth client allows Authentication Bypass.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0...

0.00246EPSS
Exploits0References1
CVE
CVE
added 2026/03/26 8:3 p.m.11 views

CVE-2026-3531

CVE-2026-3531 affects Drupal OpenID Connect / OAuth client prior to 1.5.0. The root cause is an authentication bypass via an alternate path or channel, enabling unauthorized access to resources protected by authentication. Public descriptions from Red Hat, ENISA/EUVD, NVD/NVD, CVE lists and the D...

6.5CVSS5.8AI score0.00246EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/22 2:41 a.m.5 views

CVE-2026-24034

Horilla is a free and open source Human Resource Management System HRMS. In versions prior to 1.5.0, a cross-site scripting vulnerability can be triggered because the extension and content-type are not checked during the profile photo update step. Version 1.5.0 fixes the issue...

5.4CVSS5AI score0.00222EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/10/21 8:29 p.m.9 views

CVE-2025-62527

Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for an attacker to request password reset email containing a malicious link, allowing the attacker to set the email if clicked by the victim. This issue has been...

7.1CVSS6.9AI score0.00231EPSS
Exploits0References1
OSV
OSV
added 2025/08/11 7:15 p.m.3 views

CVE-2025-52931

Mattermost Confluence Plugin version 1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to update channel subscription endpoint with an invalid request body...

7.5CVSS5.8AI score0.00312EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/11 6:56 p.m.11 views

CVE-2025-44001 Unauthorized Channel Subscription Read in Mattermost Confluence Plugin

Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via API call to the Get Channel Subscriptions details endpoint...

4CVSS0.00192EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/07/10 12:0 a.m.4 views

PT-2025-32579 · Mattermost · Mattermost Confluence Plugin

Name of the Vulnerable Software and Affected Versions: Mattermost Confluence Plugin versions prior to 1.5.0 Description: The Mattermost Confluence Plugin does not verify user access to a channel, enabling attackers to create channel subscriptions without authorization through an API call to the...

4CVSS7.1AI score0.00183EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2025/05/23 3:7 a.m.4 views

CVE-2023-2103

Cross-site Scripting XSS - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0...

5.4CVSS5.9AI score0.00475EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:58 a.m.5 views

CVE-2023-1269

Use of Hard-coded Credentials in GitHub repository alextselegidis/easyappointments prior to 1.5.0...

9.8CVSS6.7AI score0.00743EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:39 a.m.5 views

CVE-2018-8728

server/app/views/static/code.html in Kontena before 1.5.0 allows XSS in "kontena master login --remote" code display, as demonstrated by /codecode= in a URI...

6.1CVSS6.2AI score0.01112EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/05/10 2:15 p.m.5 views

CVE-2022-1397

API Privilege Escalation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Full system takeover...

9CVSS7.6AI score0.01115EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/12/13 12:0 a.m.3 views

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. display Post Metadata plugin is a WordPress open source application plugin. WordPress Display Post Metadata plugin ...

5.4CVSS5.7AI score0.00604EPSS
Exploits2References2
OSV
OSV
added 2020/12/15 11:15 p.m.4 views

CVE-2020-35122

An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A malicious user could bypass the access controls for using a saved database connection profile to submit arbitrary SQL against a saved database connection...

7.5CVSS7.2AI score0.00823EPSS
Exploits0References1
CNVD
CNVD
added 2018/12/04 12:0 a.m.4 views

LiteSpeed OpenLiteSpeed Buffer Overflow Vulnerability

LiteSpeed OpenLiteSpeed is an open source lightweight HTTP server . A buffer overflow vulnerability exists in versions prior to LiteSpeed OpenLiteSpeed 1.5.0 RC6, which can be exploited by a local attacker to cause a denial of service by creating a symbolic link...

6.7CVSS6.5AI score0.00428EPSS
Exploits1References1
CNVD
CNVD
added 2018/04/02 12:0 a.m.3 views

Jumio SDK for Android Arbitrary Code Execution Vulnerability

Jumio SDK for Android is a software development kit for building authentication applications using biometrics based on the Android platform. A security vulnerability exists in versions of Jumio SDK for Android prior to 1.5.0. The vulnerability can be exploited to execute arbitrary code via the...

9.8CVSS7.9AI score0.02052EPSS
Exploits0References1
CNVD
CNVD
added 2018/03/20 12:0 a.m.3 views

Kontena server/app/views/static/code.html page cross-site scripting vulnerability

Kontena is a suite of open source microservices platforms capable of running applications as containers. The 'kontena master login --remote' code on the server/app/views/static/code.html page in Kontena versions prior to 1.5.0 indicates a cross-site scripting vulnerability. A remote attacker coul...

6.1CVSS6.3AI score0.01112EPSS
Exploits0References1
Rows per page
Query Builder