Lucene search
K

11 matches found

OSV
OSV
added 2026/07/01 12:16 a.m.3 views

UBUNTU-CVE-2026-54592

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.3, Oj::Doceachchild, when invoked recursively over a deeply nested JSON document, overflows a fixed-size stack buffer and aborts the process, leading to DoS. In a two-step chain in...

7.5CVSS5.9AI score0.00263EPSS
Exploits0References3
OSV
OSV
added 2026/06/23 2:37 p.m.3 views

BIT-APISIX-2026-39998 Apache APISIX: Identity Injection via forward-auth Plugin Missing Header Cleanup

Improper Input Validation vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to spoof identity headers. This issue affects Apache APISIX: from 2.12.0 through 3.16.0. Users are recommended to upgrade to version 3.17.0, which fixes the...

8.8CVSS5.8AI score0.00403EPSS
Exploits0References3
CVE
CVE
added 2026/06/19 1:18 p.m.41 views

CVE-2026-49871

CVE-2026-49871 describes a Cross-Site Request Forgery (CSRF) vulnerability in the cas-auth plugin under default configurations in Apache APISIX versions 3.0.0–3.16.0. The issue allows a remote attacker who can lure a victim to a controlled webpage to cause the victim’s browser to become authentic...

9.3CVSS5.9AI score0.00261EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.17 views

PT-2026-50883

Name of the Vulnerable Software and Affected Versions Apache APISIX versions 1.2.0 through 3.16.0 Description A Use of Less Trusted Source issue exists where an attacker can leverage the wolf-rbac plugin under default configuration. This allows for the potential pollution of logs with spoofed...

5.8CVSS5.9AI score0.00314EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/22 6:43 p.m.8 views

CVE-2026-39969

TypeBot is a chatbot builder tool. In versions 3.16.0 and prior, the WhatsApp Cloud API webhook endpoint POST /v1/workspaces/workspaceId/whatsapp/credentialsId/webhook does not verify the x-hub-signature-256 HMAC signature included by Meta in every webhook delivery. The webhook URL exposes both...

6.5CVSS5.8AI score0.0014EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/29 6:42 p.m.8 views

ROOT-OS-ALPINE-317-CVE-2024-28182 CVE-2024-28182 in rootio-nghttp2 - Patched by Root

Root has patched CVE-2024-28182 in the rootio-nghttp2 package for Root:Alpine:3.17. Multiple fixed versions available...

5.3CVSS8.3AI score0.8496EPSS
Exploits1
CNNVD
CNNVD
added 2025/11/06 12:0 a.m.8 views

WordPress plugin Smush Image Compression and Optimization 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A security...

4.1CVSS8.5AI score0.00315EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/18 12:0 a.m.4 views

iperf 安全漏洞

iperf is an ESnet open source tool for actively measuring the maximum bandwidth achievable on an IP network. A security vulnerability exists in iperf version v3.17.1, which stems from a segment error in the iperfexchangeparameters function...

7.5CVSS7.4AI score0.00908EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/12/16 12:0 a.m.4 views

WordPress plugin Hack-Info 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

7.1CVSS8.5AI score0.00202EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/11/14 12:0 a.m.2 views

PT-2022-34938 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.6 Description: The issue is related to a possible NULL dereference in the skb clone function. This problem was introduced in version v3.17 and is fixed in Linux Kernel version v6.0.6. The actual impact and...

7AI score
Exploits0References1
OSV
OSV
added 2020/07/23 7:15 p.m.2 views

UBUNTU-CVE-2020-15917

common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled...

9.8CVSS7.3AI score0.02592EPSS
Exploits0References4
Rows per page
Query Builder