Lucene search
K

43 matches found

Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.11 views

PT-2026-39589

Path traversal vulnerability exists in GROWI v7.5.0 and earlier, which may allow an attacker to execute arbitrary EJS templates on the server when an email server is running in GROWI...

8.6CVSS7.3AI score0.00495EPSS
Exploits0References3
OSV
OSV
added 2026/05/06 9:49 p.m.7 views

GHSA-2P6R-X3VV-XQM2 rpassword affected by partial password reveal when input is interrupted

rpassword maintainers were made aware of a possible issue with a partial password reveal when input is interrupted. To quote @squell: @conradkleinespel I've confirmed this problem with SequoiaPGP, which I think uses rpassword, e.g.: Suppose we use pkill -9 sq in a different terminal right after t...

3.8CVSS5.7AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.12 views

Fedora 43 : squid (2026-e6a4814a4d)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-e6a4814a4d advisory. - new version 7.5 - security update Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Ness...

9.2CVSS5.8AI score0.08942EPSS
Exploits0References3
Amazon
Amazon
added 2026/04/13 12:0 a.m.8 views

Important: squid

Issue Overview: Squid is a caching proxy for the Web. Prior to version 7.5, due to premature release of resource during expected lifetime and heap Use-After-Free bugs, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable a...

9.2CVSS5.8AI score0.08942EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.6 views

PT-2026-31650

Lychee is a free, open-source photo-management tool. Prior to 7.5.4, a SQL operator-precedence bug in SharingController::listAll causes the orWhereNotNull'user group id' clause to escape the ownership filter applied by the when block. Any authenticated non-admin user with upload permission who ow...

2.3CVSS6AI score0.00208EPSS
Exploits1References4
CVE
CVE
added 2026/03/26 12:16 a.m.40 views

CVE-2026-33526

Summary (CVE-2026-33526): Squid before version 7.5 is vulnerable to a Denial of Service via a heap Use-After-Free in ICP traffic handling. The attack requires an ICP-enabled deployment (non-zero icp_port) and remote elicitation, and is described as reliable and repeatable for causing service disr...

9.2CVSS5.8AI score0.08942EPSS
Exploits0References18Affected Software1
Debian CVE
Debian CVE
added 2026/03/26 12:11 a.m.4 views

CVE-2026-32748

Squid is a caching proxy for the Web. Prior to version 7.5, due to premature release of resource during expected lifetime and heap Use-After-Free bugs, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable...

8.7CVSS5.4AI score0.08931EPSS
Exploits0
Cvelist
Cvelist
added 2026/03/19 1:55 a.m.21 views

CVE-2025-13995 IBM QRadar SIEM Information Disclosure

IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 could allow an attacker with access to one tenant to access hostname data from another tenant's account...

5CVSS0.0018EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/10 11:44 p.m.7 views

EUVD-2026-10403

node-tar Symlink Path Traversal via Drive-Relative Linkpath...

8.2CVSS5.8AI score0.00253EPSS
Exploits4References3
Debian CVE
Debian CVE
added 2026/03/07 3:32 p.m.5 views

CVE-2026-29786

node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory by using a drive-relative link target such as C:../target.txt, which enables file overwrite outside cwd during normal tar.x extraction. Th...

8.6CVSS5.8AI score0.00408EPSS
Exploits2
ATTACKERKB
ATTACKERKB
added 2026/02/03 10:1 p.m.5 views

CVE-2020-37081

Fishing Reservation System 7.5 contains multiple remote SQL injection vulnerabilities in admin.php, cart.php, and calendar.php that allow attackers to inject malicious SQL commands. Attackers can exploit vulnerable parameters like uid, pid, type, m, y, and code to compromise the database manageme...

7.1CVSS5.8AI score0.00198EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/02/02 8:6 p.m.7 views

WordPress WPBakery Visual Composer plugin <= 7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Heading tag attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Custom Heading tag attribute vulnerability discovered by Nikolas - mdr in WordPress Plugin WPBakery Page Builder versions = 7.5...

6.4CVSS5.2AI score0.0032EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/27 12:0 a.m.7 views

PT-2026-5047

Name of the Vulnerable Software and Affected Versions node-tar versions prior to 7.5.7 Description The node-tar software has an issue where the security check for hardlink entries uses different path resolution logic than the actual hardlink creation process. This discrepancy allows a malicious T...

8.5CVSS5.2AI score0.00541EPSS
Exploits1References218
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/04 1:9 p.m.5 views

Security Bulletin: IBM QRadar SIEM is affected by an information disclosure vulnerability

Summary IBM QRadar SIEM is affected by an information disclosure vulnerability involving exposure of directory information. IBM has addressed this vulnerability in the latest update. Vulnerability Details CVEID:CVE-2024-56464 DESCRIPTION: IBM QRadar SIEM could allow a privileged user to enumerate...

2.7CVSS6AI score0.00249EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/13 9:51 p.m.11 views

CVE-2025-33119

IBM QRadar SIEM 7.5 through 7.5.0 UP14 stores user credentials in configuration files in source control which can be read by an authenticated user...

6.5CVSS6.6AI score0.00213EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/30 5:50 p.m.18 views

CVE-2025-64118 node-tar vulnerable to race condition leading to uninitialized memory exposure

node-tar is a Tar for Node.js. In 7.5.1, using .t aka .list with sync: true to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2...

6.1CVSS0.00128EPSS
Exploits0References4
CVE
CVE
added 2025/10/29 8:38 a.m.8 views

CVE-2025-58939

This CVE describes a CSRF vulnerability in the WordPress plugin Super Store Finder (superstorefinder-wp) up to and including version 7.5. The issue enables CSRF attacks, allowing actions to be performed on behalf of authenticated users without proper authorization. Root cause details indicate a C...

4.3CVSS6.5AI score0.00128EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/10/29 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-12450

The LiteSpeed Cache plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 7.5.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...

6.1CVSS5.9AI score0.00382EPSS
In wildExploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-27703

Malicious code in bioql PyPI...

8.4CVSS6.6AI score0.01975EPSS
Exploits0References4
Vivaldi Security Advisories
Vivaldi Security Advisories
added 2025/09/12 10:18 a.m.10 views

Minor update(7) for Vivaldi Android Browser 7.5

Head to the Google Play Store and download the browser. Alternatively, you can download Vivaldi from Uptodown, the Android app store. Your rating for our browser matters. ⭐️ ⭐️ ⭐️ ⭐️ ⭐️ Enjoy! Changelog The following is a list of changes since the sixth 7.5 stable, minor update: Upgraded to...

8.8CVSS5.8AI score0.00589EPSS
Exploits0References1
Rows per page
Query Builder