Lucene search
+L

19 matches found

nvd
nvd
added 2026/06/15 9:16 p.m.7 views

CVE-2026-40762

Unauthenticated SQL Injection in WPGraphQL 2.11.1 versions...

7.5CVSS0.00251EPSS
Exploits0References1
euvd
euvd
added 2026/05/09 9:32 p.m.22 views

EUVD-2026-28941

A security vulnerability has been detected in aandrew-me tgpt up to 2.11.1 on Linux/macOS. Affected by this vulnerability is the function helper.Update of the file helper.go of the component Update Handler. The manipulation leads to command injection. Local access is required to approach this...

5.3CVSS5.3AI score0.00851EPSS
Exploits0References5
cve
cve
added 2026/05/09 7:16 p.m.26 views

CVE-2026-42333

CVE-2026-42333 affects Quarkus OpenAPI Generator. The issue: the generated authentication filter can match OpenAPI path templates too broadly, causing a security scheme for one operation to be applied to a different, similarly-named operation. This can cause bearer tokens, API keys, or basic cred...

6.3CVSS5.7AI score0.004EPSS
Exploits0References5
ubuntucve
ubuntucve
added 2026/02/24 5:29 p.m.9 views

CVE-2026-27585

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, the path sanitization routine in file matcher doesn't sanitize backslashes which can lead to bypassing path related security protections. It affects users with specific Caddy and environment configurations...

8.2CVSS7.2AI score0.00323EPSS
Exploits1References5
osv
osv
added 2026/02/24 5:29 p.m.7 views

UBUNTU-CVE-2026-27585

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, the path sanitization routine in file matcher doesn't sanitize backslashes which can lead to bypassing path related security protections. It affects users with specific Caddy and environment configurations...

8.2CVSS7.3AI score0.00323EPSS
Exploits1References6
attackerkb
attackerkb
added 2026/02/24 4:28 p.m.9 views

CVE-2026-27588

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's HTTP host request matcher is documented as case-insensitive, but when configured with a large host list 100 entries it becomes case-sensitive due to an optimized matching path. An attacker can bypass...

9.1CVSS5.6AI score0.0037EPSS
Exploits1References3Affected Software1
cve
cve
added 2026/02/24 4:28 p.m.96 views

CVE-2026-27588

Summary (CVE-2026-27588) Caddy (v2.x) vulnerability in the host matcher: when a large allowlist (>100 hosts) is configured, the MatchHost algorithm uses a fast path that enforces a case-sensitive comparison, which makes the host matching effectively case-sensitive and can bypass host-based rou...

9.1CVSS5.6AI score0.0037EPSS
Exploits1References2Affected Software1
vulnrichment
vulnrichment
added 2026/02/24 4:6 p.m.6 views

CVE-2026-27585 Caddy's improper sanitization of glob characters in file matcher may lead to bypassing security protections

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, the path sanitization routine in file matcher doesn't sanitize backslashes which can lead to bypassing path related security protections. It affects users with specific Caddy and environment configurations...

8.2CVSS5.4AI score0.00323EPSS
Exploits1References4
patchstack
patchstack
added 2026/02/02 9:3 p.m.11 views

WordPress Paid Membership Subscriptions - Effortless Memberships, Recurring Payments & Content Restriction plugin <= 2.11.1 - Missing Authorization via pms_stripe_connect_handle_authorization_return vulnerability

WordPress Paid Membership Subscriptions - Effortless Memberships, Recurring Payments & Content Restriction plugin = 2.11.1 - Missing Authorization via pmsstripeconnecthandleauthorizationreturn vulnerability discovered by Lucio Sá in WordPress Plugin Paid Member Subscriptions versions = 2.11.1...

5.3CVSS6.8AI score0.00519EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2025/11/21 1:29 a.m.16 views

CVE-2025-64762 authkit-nextjs may let session cookies be cached in CDNs

The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js. In authkit-nextjs version 2.11.0 and below, authenticated responses do not defensively apply anti-caching headers. In environments where CDN caching is enable...

9.3CVSS0.00342EPSS
Exploits0References3
cve
cve
added 2025/11/21 1:29 a.m.21 views

CVE-2025-64762

Summary: The vulnerability CVE-2025-64762 affects the authkit-nextjs package (versions ≤ 2.11.0). Authenticated responses in these versions do not apply anti-caching headers, allowing session tokens to be cached by CDNs and potentially exposed to other users. The issue is resolved in 2.11.1, whic...

9.3CVSS7AI score0.00342EPSS
Exploits0References3Affected Software1
susecve
susecve
added 2024/11/29 3:48 a.m.7 views

SUSE CVE-2024-53859

go-gh is a Go module for interacting with the gh utility and the GitHub API from the command line. A security vulnerability has been identified in go-gh that could leak authentication tokens intended for GitHub hosts to non-GitHub hosts when within a codespace. go-gh sources authentication tokens...

7.5CVSS7AI score0.00534EPSS
Exploits0References4
osv
osv
added 2023/04/17 1:15 p.m.7 views

CVE-2023-1282

The Drag and Drop Multiple File Upload PRO - Contact Form 7 Standard WordPress plugin before 2.11.1 and Drag and Drop Multiple File Upload PRO - Contact Form 7 with Remote Storage Integrations WordPress plugin before 5.0.6.4 do not sanitise and escape a parameter before outputting it back in the...

6.1CVSS6.4AI score0.00542EPSS
Exploits3References2
susecve
susecve
added 2023/03/28 1:50 a.m.9 views

SUSE CVE-2023-27579

TensorFlow is an end-to-end open source platform for machine learning. Constructing a tflite model with a paramater filterinputchannel of less than 1 gives a FPE. This issue has been patched in version 2.12. TensorFlow will also cherrypick the fix commit on TensorFlow 2.11.1...

7.5CVSS6.9AI score0.00391EPSS
Exploits0References3
osv
osv
added 2023/03/25 12:15 a.m.9 views

AZL-35312 CVE-2023-25667 affecting package tensorflow for versions less than 2.11.1-1

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, integer overflow occurs when 2^31 = numframes height width channels 2^32, for example Full HD screencast of at least 346 frames. A fix is included in TensorFlow version 2.12.0 and version 2.11.1...

7.5CVSS6.7AI score0.00305EPSS
Exploits0References1
osv
osv
added 2022/01/27 12:15 a.m.7 views

ALPINE-CVE-2022-21722

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.11.1 and prior, there are various cases where it is possible that certain incoming RTP/RTCP packets can potentially...

9.1CVSS6.9AI score0.02405EPSS
Exploits0References1
cnnvd
cnnvd
added 2022/01/26 12:0 a.m.5 views

PJSIP 缓冲区错误漏洞

PJSIP is a free and open source multimedia communications library written in C that implements standards-based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. A buffer error vulnerability exists in PJSIP 2.11.1 and earlier versions, where parsing incoming SIP messages containing malformed...

9.1CVSS8.3AI score0.04478EPSS
Exploits0References20
cnvd
cnvd
added 2016/10/08 12:0 a.m.2 views

Abyss Web Server Elevation of Privilege Vulnerability

Abyss Web Server is a free WEB service program available for Windows and Linux operating systems. Multiple elevation of privilege vulnerabilities exist in Abyss Web Server X1 version 2.11.1, which can be exploited by an attacker to gain system administrator privileges...

7.5AI score
Exploits0References1
osv
osv
added 2007/10/12 10:17 a.m.7 views

DEBIAN-CVE-2007-5386

Cross-site scripting XSS vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string...

4.3CVSS5.6AI score0.03326EPSS
Exploits0References1
Rows per page
Query Builder