Lucene search
K

20 matches found

OSV
OSV
added 2026/04/10 8:34 p.m.2 views

CVE-2026-40242 Arcane Unauthenticated SSRF with Conditional Response Reflection in Template Fetch Endpoint

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.17.3, the /api/templates/fetch endpoint accepts a caller-supplied url parameter and performs a server-side HTTP GET request to that URL without authentication and without URL scheme or host validation...

7.2CVSS6AI score0.00621EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/03/20 12:24 a.m.5 views

SUSE CVE-2026-31973

SAMtools is a program for reading, manipulating and writing bioinformatics file formats. Starting in version 1.17, in the cram-size command, used to write information about how well CRAM files are compressed, a check to see if the cramdecodecompressionheader was missing. If the function returned ...

7.5CVSS5.8AI score0.00523EPSS
Exploits0References3
NVD
NVD
added 2026/03/16 2:19 p.m.8 views

CVE-2026-32709

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, An unauthenticated path traversal vulnerability in the PX4 Autopilot MAVLink FTP implementation allows any MAVLink peer to read, write, create, delete, and rename arbitrary files on the flight controller filesystem withou...

6.8CVSS0.00476EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/13 9:39 p.m.33 views

CVE-2026-32724 PX4 autopilot has a heap Use-After-Free in MavlinkShell::available() via SERIAL_CONTROL Race Condition

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc1, a heap-use-after-free is detected in the MavlinkShell::available function. The issue is caused by a race condition between the MAVLink receiver thread which handles shell creation/destruction and the telemetry sender thre...

5.3CVSS0.00251EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/09 6:31 p.m.5 views

EUVD-2025-208437

An issue pertaining to CWE-1333: Inefficient Regular Expression Complexity 4.19 was discovered in mscdex ssh2 v1.17.0...

5.8AI score0.00339EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/18 7:21 a.m.2 views

CVE-2025-58927 WordPress Stallion theme <= 1.17 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Stallion stallion allows PHP Local File Inclusion.This issue affects Stallion: from n/a through = 1.17...

8.1CVSS6.7AI score0.00445EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/18 12:0 a.m.5 views

WordPress plugin Soleil 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

8.1CVSS6.6AI score0.00415EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.3 views

PT-2025-52078

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Stallion stallion allows PHP Local File Inclusion.This issue affects Stallion: from n/a through = 1.17...

7.1AI score0.00445EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/24 6:31 p.m.6 views

CVE-2025-58691

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Russell Jamieson Genesis Club Lite genesis-club-lite allows Stored XSS.This issue affects Genesis Club Lite: from n/a through = 1.17...

6.5CVSS5.9AI score0.0019EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/22 6:23 p.m.11 views

CVE-2025-58224 WordPress Printeers Print & Ship Plugin <= 1.17.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Printeers Printeers Print & Ship allows Cross Site Request Forgery. This issue affects Printeers Print & Ship: from n/a through 1.17.0...

5.4CVSS0.00127EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/07/23 11:22 p.m.4 views

SUSE CVE-2025-51480

Path Traversal vulnerability in onnx.externaldatahelper.saveexternaldata in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted externaldata.location paths containing traversal sequences, bypassing intended directory restrictions...

8.8CVSS7AI score0.00578EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/12/07 12:0 a.m.11 views

libheif Security Vulnerabilities

libheif is an ISO/IEC 23008-12:2017 HEIF file format decoder and encoder. A security vulnerability exists in libheif version v1.17.5, which stems from the discovery of a containment segmentation violation via the function UncompressedImageCodec::decodeuncompressedimage...

8.8CVSS8.5AI score0.00762EPSS
Exploits1References3
OSV
OSV
added 2023/09/27 3:19 p.m.4 views

DEBIAN-CVE-2023-5176

Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 118, Firefox ESR...

9.8CVSS9.1AI score0.01233EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2023/09/04 3:52 p.m.6 views

Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2

The Mozilla Foundation Security Advisory describes this flaw as: Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of thes...

8.8CVSS7.3AI score0.00693EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/02/20 12:0 a.m.21 views

PT-2023-10345 · Dd-Plist · Dd-Plist

Name of the Vulnerable Software and Affected Versions: 3breadt dd-plist version 1.17 Description: A vulnerability was found in the software, classified as problematic, affecting some unknown functionality. The manipulation leads to xml external entity reference. An attack has to be approached...

7.8CVSS6.5AI score0.00543EPSS
Exploits0References10
OSV
OSV
added 2022/09/08 1:15 a.m.4 views

CVE-2022-37144

The PlexTrac platform prior to API version 1.17.0 does not restrict excessive MFA TOTP submission attempts. An unauthenticated remote attacker in possession of a valid username and password can bruteforce their way past MFA protections to login as the targeted user...

8.8CVSS5.8AI score0.00821EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/07/12 12:0 a.m.7 views

PT-2022-4638 · Go +9 · Compress/Gzip +9

Name of the Vulnerable Software and Affected Versions: compress/gzip versions prior to 1.17.12 compress/gzip versions prior to 1.18.4 Description: The issue is related to uncontrolled recursion in the Reader.Read function of the compress/gzip package in the Go programming language. This can be...

9.8CVSS7.2AI score0.10299EPSS
Exploits14References376
PyPA
PyPA
added 2022/06/14 9:15 p.m.7 views

PYSEC-2022-211

Jupyter Server provides the backend i.e. the core services, APIs, and REST endpoints for Jupyter web applications like Jupyter Notebook. Prior to version 1.17.1, if notebook server is started with a value of rootdir that contains the starting user's home directory, then the underlying REST API ca...

9CVSS6.2AI score0.00846EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2020/08/13 12:0 a.m.3 views

JetBrains Toolbox Data Forgery Issue Vulnerability

JetBrains Toolbox is a JetBrains product management application from the Czech company JetBrains. A security vulnerability exists in version 1.17 of JetBrains ToolBox prior to 1.17.6856. No details of the vulnerability are provided at this time...

7.5CVSS6.8AI score0.00691EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2008/11/18 12:0 a.m.7 views

PT-2008-6280 · Os-Prober +1 · Os-Prober +1

Name of the Vulnerable Software and Affected Versions: os-prober version 1.17 Description: The issue allows local users to overwrite arbitrary files via a symlink attack on the /tmp/mounted-map or /tmp/raided-map temporary file. The vendor disputes this issue, stating that the insecure code path...

6.2CVSS9AI score0.00383EPSS
Exploits0References11
Rows per page
Query Builder