Lucene search
K

19 matches found

EUVD
EUVD
added 2026/06/10 8:3 p.m.10 views

EUVD-2026-36117

Sharp is a content management framework built for Laravel as a package. From version 9.0.0 to before version 9.22.3, the create and store endpoints of the Quick Creation Command feature did not enforce any authorization check. An authenticated Sharp user without create permission on a given entit...

4.3CVSS5.4AI score0.00213EPSS
Exploits0References4
NVD
NVD
added 2026/05/19 8:16 p.m.19 views

CVE-2026-42526

In the AWS Secrets Manager and SSM Parameter Store secrets backends of apache-airflow-providers-amazon prior to 9.28.0, the team-scoping logic could resolve a connid containing a / e.g. "myteam/conn" to the same path as another team's team-scoped secret when the caller had no team context. A...

5.3CVSS0.00413EPSS
Exploits0References3
Snyk
Snyk
added 2026/01/26 4:49 p.m.6 views

Uncontrolled Recursion

Overview eslint is a pluggable linting utility for JavaScript and JSX Affected versions of this package are vulnerable to Uncontrolled Recursion in the isSerializable function when handling objects with circular references during the serialization process. An attacker can cause the application to...

5.5CVSS5.9AI score0.00163EPSS
Exploits1References2
NVD
NVD
added 2025/10/23 4:16 a.m.7 views

CVE-2025-48430

Uncaught Exception CWE-248 in the Command Centre Server allows an Authorized and Privileged Operator to crash the Command Centre Server at will. This issue affects Command Centre Server: 9.30 prior to vEL9.30.2482 MR2, 9.20 prior to vEL9.20.2819 MR4, 9.10 prior to vEL9.10.3672 MR7, 9.00 prior to...

5.5CVSS0.00114EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/23 12:0 a.m.5 views

Gallagher Command Centre Server 安全漏洞

Gallagher Command Centre Server is a management system used by Gallagher New Zealand to monitor and manage infrastructure in buildings. A security vulnerability exists in Gallagher Command Centre Server, which stems from storing sensitive information in clear text and could lead to compromised...

6.7CVSS6.4AI score0.00094EPSS
Exploits0References1
OSV
OSV
added 2025/05/21 1:16 p.m.5 views

AZL-61972 CVE-2025-40775 affecting package bind for versions less than 9.20.9-1

When an incoming DNS protocol message includes a Transaction Signature TSIG, BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immediately aborts with an assertion failure. This issue affects BIND 9 versions 9.20.0 through 9.20.8 and 9.21.0 through 9.21.7...

7.5CVSS5.8AI score0.11727EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/10/24 12:0 a.m.5 views

PT-2024-16190

Name of the Vulnerable Software and Affected Versions Okta Verify for iOS versions 9.25.1 beta through 9.27.0 including beta Description A vulnerability in Okta Verify for iOS allows push notification responses through the iOS ContextExtension feature, enabling authentication to proceed regardles...

8.1CVSS5.8AI score0.00573EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2024/03/19 12:0 a.m.6 views

PT-2024-6161 · Unknown · Tap-Windows6

Name of the Vulnerable Software and Affected Versions: tap-windows6 driver version 9.26 and earlier Description: The issue is related to the tap-windows6 driver not properly checking the size data of incoming write operations, which can be used by an attacker to overflow memory buffers. This can...

10CVSS7.5AI score0.15379EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2023/03/23 12:0 a.m.9 views

PT-2023-21726 · Directus · Directus

Name of the Vulnerable Software and Affected Versions: Directus versions prior to 9.23.3 Description: The issue concerns the improper redaction of the directus refresh token from log outputs, allowing it to be used to impersonate users without their permission. This can lead to issues with...

5.5CVSS5.2AI score0.00312EPSS
Exploits1References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:4 a.m.3 views

SUSE CVE-2019-25059

Artifex Ghostscript through 9.26 mishandles .completefont. NOTE: this issue exists because of an incomplete fix for CVE-2019-3839...

7.8CVSS7AI score0.01088EPSS
Exploits0References3
CNVD
CNVD
added 2019/05/23 12:0 a.m.4 views

Artifex Software Ghostscript Information Disclosure Vulnerability

Artifex Software Ghostscript is an open source parser for Postscript a page description language and programming language used in the electronics industry and desktop publishing from Artifex Software, Inc. The product can display Postscript files as well as print Postscript files on non-PostScrip...

5.5CVSS6.2AI score0.01297EPSS
Exploits1References1
OSV
OSV
added 2018/12/20 11:29 p.m.5 views

UBUNTU-CVE-2018-19134

In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code in the context of the Ghostscript process. This is a type confusion issue...

7.8CVSS7.4AI score0.02873EPSS
Exploits1References2
OSV
OSV
added 2018/11/29 5:29 a.m.11 views

UBUNTU-CVE-2018-19655

A stack-based buffer overflow in the findgreen function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file...

8.8CVSS7.2AI score0.02855EPSS
Exploits1References4
OSV
OSV
added 2018/09/06 2:29 p.m.1 views

DEBIAN-CVE-2018-16585

An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing e.g., after the startup phase. This leads to memory corruption, allowing remote attackers able to supply crafted...

7.8CVSS8.3AI score0.01721EPSS
Exploits0References1
CNVD
CNVD
added 2018/09/06 12:0 a.m.2 views

Artifex Ghostscript Type Obfuscation Vulnerability (CNVD-2020-54497)

Artifex Ghostscript is an open source Postscript a page description language and programming language used in the electronics industry and desktop publishing parser from Artifex Software that displays Postscript files and prints them on non-Postscript printers. Postscript file. A security...

7.8CVSS7.7AI score0.01501EPSS
Exploits0References1
CNVD
CNVD
added 2018/08/28 12:0 a.m.3 views

Artifex Ghostscript Type Obfuscation Vulnerability

Ghostscript is based on Adobe Systems PostScript and Portable Document Format PDF page description language interpreter set of software. A type confusion vulnerability exists in the 'LockDistillerParams' parameter in Artifex Ghostscript version 9.23 prior to 2018-08-23, which can be exploited by ...

7.8CVSS8AI score0.03037EPSS
Exploits0References1
OSV
OSV
added 2017/08/07 8:29 p.m.4 views

DEBIAN-CVE-2016-7976

The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attackers to execute arbitrary code via crafted userparams...

8.8CVSS9.5AI score0.23453EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2017/05/11 12:0 a.m.4 views

PT-2017-3936 · Artifex +3 · Artifex Ghostscript +3

Name of the Vulnerable Software and Affected Versions: Artifex Ghostscript versions prior to 9.24 Description: The issue is related to the .setdistillerkeys PostScript command, which is accepted even though it is not intended for use during document processing. This leads to memory corruption,...

9.9CVSS7AI score0.96968EPSS
Exploits30References203
CNVD
CNVD
added 2016/05/09 12:0 a.m.7 views

HPE Network Node Manager Cross-Site Scripting Vulnerability (CNVD-2016-02909)

HP Network Node Manager i-series NNMi software delivers powerful out-of-the-box features to help your network operations team efficiently manage networks of any size. A cross-site scripting vulnerability exists in HPE Network Node Manager i NNMi versions 9.20, 9.23, 9.24, 9.25, 10.00, 10.01, whic...

5.4CVSS6AI score0.00927EPSS
Exploits0References1
Rows per page
Query Builder