Lucene search
K

9 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/27 8:43 a.m.12 views

CVE-2025-66592

An origin validation error vulnerability in Synology Active Backup for Business Agent before 3.1.0-4967 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation...

6.1CVSS5.9AI score0.00086EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/23 7:52 p.m.33 views

CVE-2026-41278 Flowise: Public chatflow endpoints return unsanitized flowData including plaintext API keys, passwords, and credential IDs

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GET /api/v1/public-chatflows/:id endpoint returns the full chatflow object without sanitization for public chatflows. Docker validation revealed this is worse than initially assessed: the...

8.7CVSS0.00421EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.8 views

Distribution 访问控制错误漏洞

Distribution is an open-source toolset developed by Distribution, used for packaging, transporting, storing, and delivering content. Versions of Distribution prior to 3.1.0 contained a access control vulnerability; this vulnerability stemmed from the possibility of restoring read access to the...

7.5CVSS5.8AI score0.00443EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2019-19191

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Shibboleth Service Provider SP 3.x before 3.1.0 shipped a spec file that calls chown on files in a directory controlled by the service user the shibd account...

7.8CVSS7.4AI score0.0048EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/03/17 12:0 a.m.3 views

PT-2023-21570 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.1.0.beta3 Description: The issue allows attackers to bypass Discourse's server-side request forgery SSRF protection for private IPv4 addresses by using an IPv4-mapped IPv6 address. Recommendations: For versions...

7.5CVSS7.6AI score0.00555EPSS
Exploits0References8
CNNVD
CNNVD
added 2023/02/14 12:0 a.m.5 views

mruby 缓冲区错误漏洞

mruby is a lightweight implementation of the Ruby language. A security vulnerability exists in versions prior to mruby 3.1.0-rc, which stems from an untrusted pointer destructor in the function mrbvmexec, which can be exploited by an attacker to cause a segmentation error and application crash...

7.5CVSS7.2AI score0.00776EPSS
Exploits1References3
CNVD
CNVD
added 2019/05/14 12:0 a.m.5 views

Gemalto Ezio Server Operating System Command Injection Vulnerability

Gemalto Ezio Server is an authentication server from Gemalto USA. An operating system command injection vulnerability exists in Gemalto Ezio Server versions prior to 3.1.0, which can be exploited by an attacker to execute illegal operating system commands...

8CVSS8AI score0.03248EPSS
Exploits2References1
OSV
OSV
added 2019/01/09 11:29 p.m.3 views

CVE-2018-16175

SQL injection vulnerability in the LearnPress prior to version 3.1.0 allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors...

7.2CVSS6.1AI score0.01306EPSS
Exploits0References2
CNVD
CNVD
added 2015/01/04 12:0 a.m.3 views

Facebook HipHop Virtual Machine Expected Access Restriction Bypass Vulnerability

Facebook HipHop Virtual Machine is a HipHop virtual machine developed by Facebook Inc. that significantly improves PHP performance for loading dynamic pages. Facebook HipHop Virtual Machine versions prior to 3.1.0 suffer from an Expected Access Restriction Bypass vulnerability that allows remote...

5CVSS6.9AI score0.02073EPSS
Exploits0References1
Rows per page
Query Builder