Lucene search
K

14 matches found

CVE
CVE
added 2026/06/06 9:14 a.m.68 views

CVE-2026-10725

Protocol::HTTP2 for Perl (versions up to 1.12) is vulnerable to an HTTP/2 Bomb. The inbound HPACK path lacks a header-list size limit; headers_decode materialises a full key+value copy per indexed reference with no running size check, and stream_header_block_add appends every CONTINUATION frame u...

7.5CVSS5.7AI score0.00414EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/21 4:36 p.m.12 views

OpenMetadata: TEST_CONNECTION workflow leaks ingestion-bot JWT and database password to regular users

This is not applicable if an application is configuring the Secrets Store to store credentials. Please make sure to follow the best practices when deploying in production In OpenMetadata 1.12.1, a non-admin SSO user can trigger a TESTCONNECTION workflow for a Database Service and receive, in the...

8.3CVSS5.8AI score0.00241EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/02/03 9:12 p.m.17 views

CVE-2026-25155

CVE-2026-25155 affects Qwik-related packages where a typo in the isContentType regular expression caused improper parsing of Content-Type headers in related CSRF protection middleware (notably in qwik-city). Affected versions before 1.12.0 are vulnerable; the issue was patched in version 1.12.0. ...

7.1CVSS5.3AI score0.00129EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2025/12/12 6:31 a.m.6 views

EUVD-2025-202998

The WPGancio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gancio-event' shortcode in all versions up to, and including, 1.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS4.7AI score0.00228EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 3:0 a.m.6 views

CVE-2023-1572

A vulnerability has been found in DataGear up to 1.11.1 and classified as problematic. This vulnerability affects unknown code of the component Plugin Handler. The manipulation leads to cross site scripting. It is possible to launch the attack on the local host. The exploit has been disclosed to...

5.4CVSS5.3AI score0.00542EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2024/12/12 6:57 a.m.2 views

SUSE CVE-2024-54131

The Kolide Agent aka: Launcher is the lightweight agent designed to work with Kolide's service. An implementation bug in the Kolide Agent known as launcher allows for local privilege escalation to the SYSTEM user on Windows 10 and 11. The bug was introduced in version 1.5.3 when launcher started...

7.3CVSS7.2AI score0.00177EPSS
Exploits0References3
OSV
OSV
added 2020/10/15 3:15 p.m.2 views

DEBIAN-CVE-2020-6106

An exploitable information disclosure vulnerability exists in the initnodemanager functionality of F2fs-Tools F2fs.Fsck 1.12 and 1.13. A specially crafted filesystem can be used to disclose information. An attacker can provide a malicious file to trigger this vulnerability...

5.5CVSS6.3AI score0.01496EPSS
Exploits1References1
CNVD
CNVD
added 2020/06/12 12:0 a.m.4 views

Unspecified Vulnerability in Software- und Organisations-Service SOS JobScheduler

Software- und Organisations-Service SOS JobScheduler is a suite of open source, enterprise-class scheduling and process automation software from Software- und Organisations-Service, Germany. A security vulnerability exists in the JOE Job Editor component of Software- und Organisations-Service SOS...

7.5CVSS7AI score0.07842EPSS
Exploits6References1
OSV
OSV
added 2020/03/25 2:15 a.m.4 views

CVE-2020-5559

Cross-site scripting vulnerability in WL-Enq 1.11 and 1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6.1CVSS5.9AI score0.00773EPSS
Exploits0References1
CNVD
CNVD
added 2017/08/15 12:0 a.m.7 views

Red Hat CVS Command Injection Vulnerability

CVS is a free and open source version control system that can be used under a variety of Linux and Unix operating systems, and can also run on Microsoft Windows operating systems. A security vulnerability exists in CVS version 1.12.x. A remote attacker can exploit a repository with a specially...

7.5CVSS7.9AI score0.05968EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2017/08/10 12:0 a.m.4 views

PT-2017-3344

Name of the Vulnerable Software and Affected Versions CVS versions 1.12.x git-annex versions prior to 6.20170818 Description The issue is related to the improper handling of data when interacting with a remote repository over SSH. This could allow a remote attacker to execute arbitrary code by...

10CVSS7.3AI score0.77823EPSS
Exploits12References66
OSV
OSV
added 2016/08/07 4:59 p.m.3 views

DEBIAN-CVE-2016-5353

epan/dissectors/packet-umtsfp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the reserved C/T value, which allows remote attackers to cause a denial of service application crash via a crafted packet...

5.9CVSS6.5AI score0.02394EPSS
Exploits0References1
CNVD
CNVD
added 2015/08/26 12:0 a.m.3 views

Wireshark 'epan/packet.c' Remote Denial of Service Vulnerability

Wireshark formerly known as Ethereal is a suite of network packet analysis software developed by the Wireshark team. A security vulnerability exists in the dissector-table implementation in the epan/packet.c file in Wireshark versions 1.12.7 prior to 1.12.x. The vulnerability can be exploited to...

4.3CVSS7.4AI score0.02963EPSS
Exploits0References1
OSV
OSV
added 2015/08/24 11:59 p.m.6 views

UBUNTU-CVE-2015-6243

The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings, which allows remote attackers to cause a denial of service application crash via a crafted packet, related to the 1 dissectorgetstringhandle and 2...

4.3CVSS6.4AI score0.02963EPSS
Exploits0References5
Rows per page
Query Builder