Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.9 views

CVE-2026-5529

A vulnerability was detected in Dromara lamp-cloud up to 5.8.1. This vulnerability affects the function pageUser of the file /defUser/pageUser of the component DefUserController. Performing a manipulation results in improper authorization. The attack can be initiated remotely. The exploit is now...

5.3CVSS5.2AI score0.00273EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/08 7:57 p.m.8 views

CVE-2026-39348

OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source omits authorization on job specification and vacancy attachment download handlers, allowing authenticated low-privilege users to read attachments via direct reference to attachment identifier...

5.3CVSS5.9AI score0.00165EPSS
Exploits0References1
OSV
OSV
added 2026/03/06 6:16 p.m.6 views

CVE-2026-3419

Fastify incorrectly accepts malformed Content-Type headers containing trailing characters after the subtype token, in violation of RFC 9110 §8.3.1https://httpwg.org/specs/rfc9110.htmlfield.content-type. For example, a request sent with Content-Type: application/json garbage passes validation and ...

5.3CVSS5.8AI score0.00351EPSS
Exploits0References6
OSV
OSV
added 2023/07/20 6:15 a.m.4 views

CVE-2023-3779

The Essential Addons For Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 5.8.1 due to the plugin adding the API key to the source code of any page running the MailChimp block. This makes it possible for unauthenticated attackers...

5.3CVSS7.3AI score0.00487EPSS
Exploits0References2
OSV
OSV
added 2023/04/20 7:5 p.m.7 views

GHSA-H2PM-378C-PCXX Path traversal vulnerability in gatsby-plugin-sharp

Impact The gatsby-plugin-sharp plugin prior to versions 5.8.1 and 4.25.1 contains a path traversal vulnerability exposed when running the Gatsby develop server gatsby develop. The following steps can be used to reproduce the vulnerability: Create a new Gatsby project, and install...

4.3CVSS5.8AI score0.00882EPSS
Exploits1References5
OSV
OSV
added 2022/08/15 11:21 a.m.3 views

DEBIAN-CVE-2022-35948

undici is an HTTP/1.1 client, written from scratch for Node.js.= [email protected] users are vulnerable to CRLF Injection on headers when using unsanitized input as request headers, more specifically, inside the content-type header. Example: import request from 'undici' const unsanitizedContentTypeInp...

5.3CVSS5.5AI score0.01203EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2021/09/09 12:0 a.m.6 views

PT-2021-4505 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.8.1 Description: The issue is related to the wp die function in WordPress, which can leak output data under certain conditions, including sensitive information like nonces. This leaked data can be used to perform...

7.6CVSS5.7AI score0.02207EPSS
Exploits0References21
OSV
OSV
added 2019/11/12 8:15 p.m.4 views

CVE-2019-17330

The Web server component of TIBCO Software Inc.'s TIBCO EBX contains multiple vulnerabilities that theoretically allow authenticated users to perform stored cross-site scripting XSS attacks, and unauthenticated users to perform reflected cross-site scripting attacks. Affected releases are TIBCO...

9.6CVSS5.6AI score0.00968EPSS
Exploits0References2
Rows per page
Query Builder