Lucene search
K

22 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in editorconfig-core

There is a stack buffer overflow issue in the ecglob function of editorconfig-core-c before version 0.12.6. This vulnerability allows an attacker to write arbitrary data to the stack, potentially leading to remote code execution. Editorconfig-core-c version 0.12.6 has addressed this vulnerability...

7.8CVSS7.8AI score0.00965EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.12 views

PT-2026-44040

Name of the Vulnerable Software and Affected Versions Raynet rvia versions prior to 12.6 Update 8 Description Command injection occurs when the software performs a Java search using the find command. An adversary can execute arbitrary Java code by providing a crafted path that matches improperly...

7.8CVSS6.1AI score0.00799EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/12 8:27 p.m.48 views

CVE-2025-65088 Out-of-bounds read in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt Share

An Out-of-Bounds Read vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to disclose information or execute arbitrary code when a specially crafted VC6 file is being parsed...

8.4CVSS0.00165EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.45 views

PT-2026-40430

An Out-of-Bounds Read vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to disclose information or execute arbitrary code when a specially crafted VC6 file is being parsed...

8.4CVSS6AI score0.00165EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/08 12:0 a.m.9 views

CVE-2025-69599

RayVentory Scan Engine through 12.6 Update 8 allows attackers to gain privileges if they control the value of the PATH environment variable. NOTE: this is disputed because ability of an attacker to control the environment is a site-specific misconfiguration...

5.8AI score0.00389EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2026/04/30 12:0 a.m.6 views

VulnCheck KEV: CVE-2025-58179

Astro is a web framework for content-driven websites. Versions 11.0.3 through 12.6.5 are vulnerable to SSRF when using Astro's Cloudflare adapter. When configured with output: 'server' while using the default imageService: 'compile', the generated image optimization endpoint doesn't check the URL...

7.2CVSS5.2AI score0.00773EPSS
In wildExploits1References2
RedhatCVE
RedhatCVE
added 2026/01/09 9:18 a.m.6 views

CVE-2021-22256

Improper authorization in GitLab CE/EE affecting all versions since 12.6 allowed guest users to create issues for Sentry errors and track their status...

5.5CVSS6.9AI score0.00729EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/04 11:36 p.m.1 views

CVE-2025-58179 Astro Cloudflare adapter is vulnerable to Server-Side Request Forgery via /_image endpoint

Astro is a web framework for content-driven websites. Versions 11.0.3 through 12.6.5 are vulnerable to SSRF when using Astro's Cloudflare adapter. When configured with output: 'server' while using the default imageService: 'compile', the generated image optimization endpoint doesn't check the URL...

7.2CVSS6.1AI score0.00773EPSS
Exploits1References2
OSV
OSV
added 2024/12/10 9:15 p.m.5 views

CVE-2024-54051

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a URL Redirection to Untrusted Site 'Open Redirect' vulnerability. An attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction...

6.1CVSS5.8AI score0.00435EPSS
Exploits0References1
OSV
OSV
added 2024/08/19 6:15 p.m.4 views

CVE-2024-43242

Deserialization of Untrusted Data vulnerability in azzaroco Ultimate Membership Pro allows Object Injection.This issue affects Ultimate Membership Pro: from n/a through 12.6...

10CVSS5.8AI score0.00536EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/08/19 12:0 a.m.3 views

WordPress plugin Ultimate Membership Pro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

9.8CVSS6.9AI score0.00549EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/08/12 12:0 a.m.5 views

PT-2024-7361 · WordPress · Ultimate Membership Pro

Name of the Vulnerable Software and Affected Versions: Ultimate Membership Pro versions through 12.6 Description: The issue is related to improper privilege management in the Ultimate Membership Pro plugin for WordPress, which can allow an attacker to escalate their privileges. Recommendations: F...

10CVSS6.8AI score0.00549EPSS
Exploits0References17
CNNVD
CNNVD
added 2024/07/12 12:0 a.m.5 views

Securepoint Unified Threat Management Security Vulnerability

Securepoint Unified Threat Management Securepoint UTM is a unified threat management from Securepoint, Germany. A security vulnerability exists in Securepoint Unified Threat Management versions prior to 12.6.5 that stems from incorrectly handling OTP code...

8.8CVSS6.7AI score0.0091EPSS
Exploits0References4
OSV
OSV
added 2022/11/16 3:15 p.m.4 views

CVE-2022-43256

SeaCms before v12.6 was discovered to contain a SQL injection vulnerability via the component /js/player/dmplayer/dmku/index.php...

9.8CVSS5.8AI score0.0085EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/08/05 4:15 p.m.3 views

CVE-2022-2497

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. A malicious developer could exfiltrate an integration's access token by modifying the integration URL...

8.5CVSS6.7AI score0.00971EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2021/04/02 12:0 a.m.5 views

PT-2021-14911 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 12.6 and later Description: An issue has been discovered affecting GitLab CE/EE, where under a special condition, it was possible for an anonymous user to access data of an internal repository through a public project...

7.5CVSS7.2AI score0.01003EPSS
Exploits0References9
CNNVD
CNNVD
added 2021/04/02 12:0 a.m.6 views

GitLab 安全漏洞

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to view a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab CE/EE affecting a...

7.5CVSS7.2AI score0.01003EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2020/04/29 12:0 a.m.5 views

PT-2020-13088 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 12.6 through 12.9 Description: The issue allows an external user to create a personal snippet through the API, resulting in a privilege escalation. Recommendations: For GitLab versions 12.6 through 12.9, update to a version th...

5.3CVSS5.1AI score0.00997EPSS
Exploits0References9
CNVD
CNVD
added 2020/01/08 12:0 a.m.5 views

GitLab Unauthorized Access Vulnerability (CNVD-2020-03230)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab Enterprise and...

5.3CVSS6.9AI score0.0088EPSS
Exploits0References1
CNVD
CNVD
added 2017/11/16 12:0 a.m.2 views

CA Identity Governance Cross-Site Scripting Vulnerability

CA Identity Governance is a suite of identification and management solutions from CA USA. A cross-site scripting vulnerability exists in CA Identity Governance version 12.6. A remote attacker could exploit the vulnerability to display HTML or execute scripts in the context of other users...

5.4CVSS6.2AI score0.00642EPSS
Exploits1References1
Rows per page
Query Builder