Lucene search
K

25 matches found

Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.15 views

PT-2026-55266

Name of the Vulnerable Software and Affected Versions Craft CMS versions 5.0.0-RC1 through 5.9.20 Craft CMS versions 4.0.0-RC1 through 4.17.13 Description An authorization issue exists where a forced folder move can delete a conflicting destination folder even if the user lacks the required...

7.1CVSS6AI score0.00207EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/06/22 3:51 p.m.8 views

Important: Red Hat Security Advisory: OpenShift Virtualization v4.17 Images

Red Hat OpenShift Virtualization release v4.17 is now available with updates to packages and images that fix several bugs and add enhancements. OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift...

7.7CVSS5.8AI score0.00516EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/26 9:41 a.m.11 views

Important: Red Hat Security Advisory: OpenShift Virtualization v4.17 Images

Red Hat OpenShift Virtualization release v4.17 is now available with updates to packages and images that fix several bugs and add enhancements. OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift...

9.9CVSS5.8AI score0.00596EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/20 1:28 p.m.21 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.17.54 bug fix and security update

Red Hat OpenShift Container Platform release 4.17.54 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.17. Red Hat Product Security has rated this update as having a...

9.8CVSS7.4AI score0.0218EPSS
Exploits2References12
RedHat Linux
RedHat Linux
added 2026/05/14 11:50 a.m.20 views

Important: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.17.24 security, enhancement & bug fix update

Red Hat OpenShift Data Foundation 4.17.24 security, enhancement & bug fix update Red Hat OpenShift Data Foundation 4.17.24 security, enhancement & bug fix update FIXED BUGS: ========== DFBUGS-6194: Backport to odf-4.17.24 ocs-operator should not use image gcr.io/kubebuilder/kube-rbac-proxy...

9.8CVSS5.8AI score0.01735EPSS
Exploits3References6
OSV
OSV
added 2026/04/21 3:21 p.m.5 views

GHSA-XQ8M-7C5P-C2R6 Auth0 Next.js SDK has Improper Proxy Cache Lookup

Description In affected versions of the Next.js SDK, simultaneous requests that trigger a nonce retry may cause the proxy cache fetcher to perform improper lookups for the token request results. Which Projects are Affected? Users are affected if they meet all of the following preconditions: -...

5.4CVSS5.8AI score0.00214EPSS
Exploits0References5
OSV
OSV
added 2026/04/09 8:27 a.m.7 views

SUSE-RU-2026:1228-1 Recommended update for shadow

This update for shadow fixes the following issues: shadow is updated to 4.17.2 to bring lots of features and bug fixes. - util-linux-2.41 introduced new variable: LOGINENVSAFELIST. Recognize it and update dependencies. - Set SYSUID,GIDMIN to 201: After repeated similar requests to change the ID...

5.5CVSS6.8AI score0.00308EPSS
Exploits0References17
OSV
OSV
added 2026/03/24 5:28 p.m.6 views

CVE-2026-33159 Craft CMS: Unauthenticated users could execute project configuration sync operations that should be restricted trusted users

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14, guest users can access Config Sync updater index, obtain signed data, and execute state-changing Config Sync actions regenerate-yaml, apply-yaml-chang...

6.9CVSS5.8AI score0.00308EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.7 views

PT-2026-24927

A weakness has been identified in CodeGenieApp serverless-express up to 4.17.1. This affects an unknown part of the file utils/dynamodb.ts of the component Users Endpoint. This manipulation of the argument filter causes injection. The attack may be initiated remotely. The exploit has been made...

6.5CVSS5.5AI score0.00232EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/02/05 5:17 p.m.8 views

Important: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.17 security, enhancement & bug fix update

Red Hat OpenShift Data Foundation 4.17 security, enhancement & bug fix update Red Hat OpenShift Data Foundation 4.17 security, enhancement & bug fix update...

7.5CVSS6.7AI score0.00693EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 8 : samba-4.17.5-3.el8.ML.1 (AXSA:2023-6311:09)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6311:09 advisory. samba: SMB2 packet signing is not enforced when server signing = required is set CVE-2023-3347 Tenable has extracted the preceding description block directly...

5.9CVSS8AI score0.0039EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/09/23 8:50 p.m.5 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.17 ztp-site-generate container

An update for ztp-site-generate is available for Red Hat OpenShift Container Platform 4.17. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the ztp-site-generate...

8.6CVSS6.7AI score0.00363EPSS
Exploits1References3
OSV
OSV
added 2025/03/11 7:15 p.m.2 views

UBUNTU-CVE-2025-27773

The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the application to...

8.6CVSS5.8AI score0.00296EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/03/11 12:0 a.m.4 views

SimpleSAMLphp SAML2 数据伪造问题漏洞

SimpleSAMLphp SAML2 is a SAML2 PHP library from SimpleSAMLphp open source. A data forgery issue vulnerability exists in SimpleSAMLphp SAML2 version 4.17.0 and prior to version 5.0.0-alpha.20, which stems from a signature obfuscation attack in the HTTPRedirect binding that could cause an applicati...

8.6CVSS6.5AI score0.00296EPSS
Exploits0References7
Patchstack
Patchstack
added 2025/01/06 5:34 p.m.4 views

WordPress Rezgo Online Booking plugin <= 4.17 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin Rezgo versions = 4.17...

8.1CVSS7AI score0.00665EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2023/04/06 12:0 a.m.7 views

Docker Desktop 安全漏洞

Docker Desktop is a container technology-based desktop software for lightweight deployment of applications from the U.S. company Docker. The product provides a desktop environment that supports creating a container lightweight virtual machine and deploying and running applications on...

7.5CVSS7.3AI score0.00549EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2021/11/17 8:15 p.m.4 views

CVE-2021-41165

CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result...

8.2CVSS6.6AI score0.0147EPSS
Exploits0References7Affected Software1
RubySec
RubySec
added 2021/11/17 12:0 a.m.5 views

HTML comments vulnerability allowing to execute JavaScript code

Affected packages The vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. Impact A potential vulnerability has been discovered in CKEditor 4 HTML processing core module. The vulnerability allowed to inject malformed comments HTML...

8.2CVSS6.9AI score0.0147EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2021/11/17 12:0 a.m.4 views

Advanced Content Filter (ACF) vulnerability allowing to execute JavaScript code using malformed HTML

Affected packages The vulnerability has been discovered in the Advanced Content Filter ACF module and may affect all plugins used by CKEditor 4. Impact A potential vulnerability has been discovered in CKEditor 4 Advanced Content Filter ACF core module. The vulnerability allowed to inject malforme...

8.2CVSS6.9AI score0.01257EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2020/09/23 4:12 p.m.13 views

nodejs-lodash: prototype pollution in zipObjectDeep function

A flaw was found in nodejs-lodash in versions 4.17.15 and earlier. A prototype pollution attack is possible which can lead to arbitrary code execution. The primary threat from this vulnerability is to data integrity and system availability...

7.4CVSS7AI score0.05213EPSS
Exploits1References6
Rows per page
Query Builder