Lucene search
K

8 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-43915

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.11.0 contain a stored cross-site scripting XSS vulnerability in the...

5.4CVSS5.6AI score0.00141EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/29 12:0 a.m.7 views

PT-2025-44322

Name of the Vulnerable Software and Affected Versions Wazuh versions prior to 4.11.0 Description Wazuh is a platform for threat prevention, detection, and response. A flaw exists in the w copy event for log function where it references memory after it has been freed, initially allocated in OS...

7.5CVSS6.5AI score0.00295EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/10/06 3:17 p.m.11 views

CVE-2025-10692

The endpoint POST /api/staff/get-new-tickets concatenates the user-controlled parameter departmentId directly into the SQL WHERE clause without parameter binding. As a result, an authenticated staff user level ≥ 1 can inject SQL to alter the filter logic, effectively bypassing department scoping...

7.1CVSS7.4AI score0.0034EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/03 8:35 p.m.9 views

CVE-2025-10696 OpenSupports 4.11.0 — Insecure Direct Object Reference in supervised list

OpenSupports exposes an endpoint that allows the list of 'supervised users' for any account to be edited, but it does not validate whether the actor is the owner of that list. A Level 1 staff member can modify the supervision relationship of a third party the target user, who can then view the...

7.1CVSS0.00203EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:30 p.m.4 views

EUVD-2025-32372

The endpoint POST /api/staff/get-new-tickets concatenates the user-controlled parameter departmentId directly into the SQL WHERE clause without parameter binding. As a result, an authenticated staff user level ≥ 1 can inject SQL to alter the filter logic, effectively bypassing department scoping...

7.1CVSS6.8AI score0.0034EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/06/10 12:0 a.m.2 views

Red Hat FreeIPA Access Control Error Vulnerability

Red Hat FreeIPA is a comprehensive security information management solution. An access control error vulnerability exists in FreeIPA version 4.11.0 that stems from a lack of granting, resulting in requests being accepted regardless of rule compliance...

8.8CVSS6.6AI score0.00667EPSS
Exploits0References9
PyPA
PyPA
added 2023/12/22 9:15 p.m.6 views

PYSEC-2023-249

Gradio is an open-source Python package that allows you to quickly build a demo or web application for your machine learning model, API, or any arbitary Python function. Versions of gradio prior to 4.11.0 contained a vulnerability in the /file route which made them susceptible to file traversal...

7.5CVSS6.9AI score0.0228EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2020/08/21 7:15 p.m.4 views

CVE-2019-11853

Several potential command injections vulnerabilities exist in the AT command interface of ALEOS before 4.11.0, and 4.9.4...

7.2CVSS7.1AI score0.01249EPSS
Exploits0References1
Rows per page
Query Builder