Lucene search
K

12 matches found

EUVD
EUVD
added 2026/05/06 12:30 p.m.7 views

EUVD-2026-27653

FolderUploadsFileManager in Apache Wicket does not validate or sanitize the uploadFieldId parameter or the clientFileName before constructing file paths, allowing an unauthenticated attacker to write arbitrary files outside the intended upload directory or read files from arbitrary locations on t...

6.5CVSS5.9AI score0.00732EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/06 8:34 a.m.8 views

CVE-2026-42509 Apache Wicket: crafted strings can break out of the JavaScript sequence

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version 10.9.0, which fixes the issue...

5.8AI score0.00357EPSS
Exploits0References1
OSV
OSV
added 2025/09/11 2:22 p.m.3 views

GHSA-JWQ7-6J4R-2F92 Prebid.js NPM package briefly compromised

Impact NPM users of prebid 10.9.2. The malicious code attempts to redirect crypto transactions on the site to the attackers' wallet. Patches 10.10.0 is solved References https://www.sonatype.com/blog/npm-chalk-and-debug-packages-hit-in-software-supply-chain-attack...

8.6CVSS7AI score0.00324EPSS
Exploits0References6
CVE
CVE
added 2025/09/09 10:17 p.m.13 views

CVE-2025-59038

Prebid.js (npm package) CVE-2025-59038 concerns the 10.9.2 release being briefly compromised by malware that redirected cryptocurrency transactions to the attacker’s wallet. The issue is addressed in version 10.10.0; a workaround is downgrading to 10.9.1. This CVE is tied to the Prebid.js npm pac...

8.6CVSS6.6AI score0.00324EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/08/21 6:31 p.m.8 views

Mattermost has Potential Server Crash due to Unvalidated Import Data

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.10.x = 10.10.0, 10.9.x = 10.9.3 fail to validate import data which allows a system admin to crash the server via the bulk import feature...

4.9CVSS7AI score0.00299EPSS
Exploits0References4Affected Software4
Positive Technologies
Positive Technologies
added 2025/08/21 12:0 a.m.7 views

PT-2025-34258 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 10.8.x through 10.8.3 Mattermost versions 10.5.x through 10.5.8 Mattermost versions 10.10.x through 10.10.0 Mattermost versions 10.9.x through 10.9.3 Description: The application fails to sanitize file names, potentially...

4.3CVSS7.2AI score0.00698EPSS
Exploits0References10
CNNVD
CNNVD
added 2025/08/21 12:0 a.m.5 views

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost versions 10.8.3 and prior 10.8.x, 10.5.8 and prior 10.5.x, 9.11.17 and prior 9.11.x, and 10.9.2 and prior 10.9.x, which stems from an uncleaned path...

6.8CVSS6.4AI score0.0038EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2022-27446

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/itemcmpfunc.h. CVE-2022-27446 Note that Nessus relies on the...

7.5CVSS7.6AI score0.01579EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/11/29 12:0 a.m.5 views

PT-2024-16701 · Nec · Univerge Ix +1

Name of the Vulnerable Software and Affected Versions: NEC Corporation UNIVERGE IX versions Ver9.2 through Ver10.10.21 NEC Corporation UNIVERGE IX versions Ver10.8 through Ver10.8.27 NEC Corporation UNIVERGE IX versions Ver10.9 through Ver10.9.14 NEC Corporation UNIVERGE IX-R/IX-V version Ver1.2....

7.2CVSS7.2AI score0.0107EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/10/05 12:0 a.m.4 views

WordPress plugin Salon booking system 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

8.8CVSS6.8AI score0.00333EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2022/04/22 7:0 a.m.8 views

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc.

...

7.5CVSS7.8AI score0.02174EPSS
Exploits1
CNNVD
CNNVD
added 2022/04/14 12:0 a.m.7 views

MariaDB 安全漏洞

MariaDB is a free and open source database management system from the MariaDB Foundation and a forked version of MySQL with the Maria storage engine. A denial of service vulnerability exists in MariaDB Server v10.9 and earlier versions, which stems from the sql/itemcmpfunc.h component containing ...

7.5CVSS7.6AI score0.01579EPSS
Exploits1References14
Rows per page
Query Builder