Lucene search
K

18 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.9 views

libcurl 7.12.0 < 8.21.0 Cross-Proxy Digest Auth State Leak

The version of libcurl installed on the remote host is 7.12.0 prior to 8.21.0. It is, therefore, affected by a proxy credential disclosure vulnerability: - When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy...

9.1CVSS6AI score0.00752EPSS
Exploits1References2
NVD
NVD
added 2026/06/22 7:17 p.m.8 views

CVE-2026-53663

React Router is a router for React. From 7.12.0 until 7.15.1, certain CSRF checks in React Router v7 Framework Mode were insufficient and run on POST requests, but were bypassed on PUT/PATCH/DELETE requests. This is a low severity vulnerability because modern browser protections CORS preflight,...

3.1CVSS0.00106EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 5:39 p.m.7 views

EUVD-2026-38338

React Router is a router for React. From 7.12.0 until 7.15.1, certain CSRF checks in React Router v7 Framework Mode were insufficient and run on POST requests, but were bypassed on PUT/PATCH/DELETE requests. This is a low severity vulnerability because modern browser protections CORS preflight,...

3.1CVSS5.9AI score0.00106EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/02/09 1:32 a.m.6 views

keylime: Keylime: Authentication bypass allows unauthorized administrative operations due to missing client-side TLS authentication

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security TLS authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing...

9.8CVSS5.7AI score0.05431EPSS
Exploits0References4
OSV
OSV
added 2026/02/06 8:16 p.m.10 views

PYSEC-2026-74

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security TLS authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing...

9.8CVSS5.8AI score0.05431EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.10 views

Keylime 安全漏洞

Keylime is an open-source scalable trust system developed using TPM technology. Versions of Keylime 7.12.0 and earlier contain security vulnerabilities. These vulnerabilities stem from the lack of enforcement of client-side TLS authentication, which may allow unverified clients to execute...

9.8CVSS5.9AI score0.05431EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/21 8:3 p.m.5 views

EUVD-2025-35236

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...

8.2CVSS6AI score0.00187EPSS
Exploits0References1
OSV
OSV
added 2025/10/01 8:18 p.m.5 views

UBUNTU-CVE-2025-59147

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. Versions 7.0.11 and below, as well as 8.0.0, are vulnerable to detection bypass when crafted traffic sends multiple SYN packets with different sequence numbers with...

7.5CVSS5.8AI score0.00344EPSS
Exploits0References8
GithubExploit
GithubExploit
added 2025/08/13 11:5 a.m.456 views

Exploit for Path Traversal in Rarlab Winrar

CVE-2025-8088 WinRAR Proof of Concept PoC-Exploit !PoCht...

8.8CVSS7.1AI score0.80906EPSS
Exploits35
CNNVD
CNNVD
added 2023/06/22 12:0 a.m.4 views

WordPress plugin Abandoned Cart Lite for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

7.2CVSS5.9AI score0.01353EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/02/25 12:0 a.m.5 views

SuiteCRM 安全漏洞

SuiteCRM is a customer relationship management system from the SuiteCRM team. A security vulnerability exists in SuiteCRM versions prior to 7.12.9. An attacker could exploit the vulnerability to access files and directories stored outside of the web root folder...

8.8CVSS5.8AI score0.28113EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/11/11 12:0 a.m.5 views

PT-2022-7697 · Suitecrm · Suitecrm

Name of the Vulnerable Software and Affected Versions: SuiteCRM version 7.12.7 Description: A problem was discovered in SuiteCRM where authenticated users can recover an arbitrary field from a database. The issue is related to shortcomings in the authentication procedure, which can be exploited b...

8.5CVSS9.4AI score0.0055EPSS
Exploits1References10
CNNVD
CNNVD
added 2022/08/27 12:0 a.m.4 views

SuiteCRM 安全漏洞

SuiteCRM is a customer relationship management system from the SuiteCRM team. A security vulnerability exists in SuiteCRM version 7.12.7, which stems from the ability of an authenticated user to recover arbitrary fields in the database...

8.1CVSS6.7AI score0.0055EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/08/02 12:0 a.m.6 views

Atlassian Confluence Server 安全漏洞

Atlassian Confluence Server is the server version of a suite of collaboration software from Atlassian Australia with enterprise knowledge management capabilities and support for building enterprise WiKi. A security vulnerability exists in Atlassian Confluence Server that allows remote attackers t...

5.3CVSS5.9AI score0.99937EPSS
Exploits6References5
CNNVD
CNNVD
added 2021/05/13 12:0 a.m.5 views

Elasticsearch Logstash 信任管理问题漏洞

Elasticsearch Logstash is a suite of log analysis and monitoring tools from the Dutch company Elasticsearch. A security vulnerability exists in Logstash. The vulnerability stems from a TLS certificate validation vulnerability in the program's monitoring feature, which could allow a...

4.3CVSS5AI score0.00459EPSS
Exploits0References3
CNVD
CNVD
added 2020/10/13 12:0 a.m.7 views

GitLab Authorization Issues Vulnerability (CNVD-2020-63398)

GitLab is a Ruby on Rails developed, self-hosted, Git version control system project repository application from GitLab, Inc. The program can be used to access the project's file contents, commit history, bug list , etc. Git is a free, open source distributed version control system. A security...

4.3CVSS6.8AI score0.00802EPSS
Exploits0References1
CNVD
CNVD
added 2017/01/19 12:0 a.m.4 views

Citrix Provisioning Services Information Disclosure Vulnerability

Citrix Provisioning Services enables the creation of a set of images that use streaming technology to transport physical and virtual servers, reducing storage requirements and enabling fast, consistent and reliable application deployment. An information disclosure vulnerability exists in Citrix...

5.3CVSS5.9AI score0.01472EPSS
Exploits0References1
OSV
OSV
added 2017/01/18 10:59 p.m.3 views

CVE-2016-9680

Citrix Provisioning Services before 7.12 allows attackers to obtain sensitive information from kernel memory via unspecified vectors...

7.5CVSS5.8AI score
Exploits0References3
Rows per page
Query Builder