Lucene search
K

44 matches found

EUVD
EUVD
added 2026/05/27 2:13 p.m.17 views

EUVD-2026-32510

Jenkins Active Directory Plugin 2.41 and earlier deserializes data from LDAP referrals without validation...

6.6CVSS5.8AI score0.0027EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/05/11 5:0 a.m.9 views

CVE-2026-8275

A vulnerability was detected in bettercap up to 2.41.5. Affected by this vulnerability is the function ippReadChunkedBody of the file modules/zerogod/zerogodippprimitives.go of the component zerogod IPP Service. Performing a manipulation results in integer coercion error. The attack can be...

6.3CVSS5.1AI score0.00523EPSS
Exploits0
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.10 views

GNU C Library 安全漏洞

The GNU C Library is an open-source, free C-language compiler program published by the GNU community under the LGPL license. Versions of the GNU C Library 2.43 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the use of the ungetwc function on character sets with...

7.5CVSS5.8AI score0.00345EPSS
Exploits1References1
NVD
NVD
added 2026/04/08 9:16 p.m.3 views

CVE-2026-39415

Frappe Learning Management System LMS is a learning system that helps users structure their content. Prior to 2.46.0, a vulnerability has been identified in Frappe Learning where quiz scores can be modified by students before submission. The application currently relies on client-side calculated...

5.3CVSS0.00262EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/08 8:7 p.m.4 views

EUVD-2026-20603

Frappe Learning Management System LMS is a learning system that helps users structure their content. Prior to 2.46.0, a vulnerability has been identified in Frappe Learning where quiz scores can be modified by students before submission. The application currently relies on client-side calculated...

5.3CVSS5.8AI score0.00262EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/02 5:50 p.m.16 views

CVE-2026-34606 Stored XSS in Frappe LMS

Frappe Learning Management System LMS is a learning system that helps users structure their content. From version 2.27.0 to before version 2.48.0, Frappe LMS was vulnerable to stored XSS. This issue has been patched in version 2.48.0...

6.9CVSS0.00189EPSS
Exploits0References4
OSV
OSV
added 2026/03/06 6:16 p.m.5 views

CVE-2025-69645

Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug information. A logic error in the handling of DWARF compilation units can result in an invalid offsetsize value being used inside bytegetlittleendian, leading to an abort SIGABR...

5.5CVSS5.8AI score0.00166EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/03/06 6:16 p.m.5 views

CVE-2025-69646

Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debugrnglists data. A logic error in the handling of the debugrnglists header can cause objdump to repeatedly print the same warning message and fail to terminate, resulting in an...

5.5CVSS5.8AI score0.00155EPSS
Exploits1References3
OSV
OSV
added 2026/01/18 10:45 p.m.6 views

CVE-2026-23626 Kimai Vulnerable to Authenticated Server-Side Template Injection (SSTI)

Kimai is a web-based multi-user time-tracking application. Prior to version 2.46.0, Kimai's export functionality uses a Twig sandbox with an overly permissive security policy DefaultPolicy that allows arbitrary method calls on objects available in the template context. An authenticated user with...

6.8CVSS5.7AI score0.00389EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/12/12 7:23 a.m.4 views

CVE-2025-67730 Frappe authenticated users can execute XSS through form description fields

Frappe Learning Management System LMS is a learning system that helps users structure their content. Versions prior to 2.42.0 allow authenticated users to add malicious HTML and JavaScript through description fields in the Job, Course and Batch forms. This issue is fixed in version 2.42.0...

5.1CVSS6AI score0.00144EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.7 views

PT-2025-50968

Name of the Vulnerable Software and Affected Versions Frappe Learning Management System LMS versions prior to 2.42.0 Description Frappe Learning Management System LMS allows authenticated attackers to inject JavaScript code through the Company Website field within the Job Form. This can lead to a...

5.4CVSS5.7AI score0.00138EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/12/10 6:30 p.m.69 views

Jenkins's build authorization token is stored and displayed in plain text

Jenkins 2.540 and earlier, LTS 2.528.2 and earlier does not mask build authorization tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

4.3CVSS6.8AI score0.00134EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/12/09 3:35 a.m.5 views

CVE-2025-67487 Static Web Server is vulnerable to symbolic link Path Traversal

Static Web Server SWS is a production-ready web server suitable for static web files or assets. Versions 2.40.0 and below contain symbolic links symlinks which can be used to access files or directories outside the intended web root folder. SWS generally does not prevent symlinks from escaping th...

6.9CVSS6.7AI score0.00349EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/09 3:35 a.m.2 views

CVE-2025-67487 Static Web Server is vulnerable to symbolic link Path Traversal

Static Web Server SWS is a production-ready web server suitable for static web files or assets. Versions 2.40.0 and below contain symbolic links symlinks which can be used to access files or directories outside the intended web root folder. SWS generally does not prevent symlinks from escaping th...

6.9CVSS6.3AI score0.00349EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.3 views

Static Web Server 安全漏洞

Static Web Server is a static web server from the German company Static Web Server. A security vulnerability exists in Static Web Server version 2.40.0 and earlier, which stems from improper handling of symbolic links and could lead to a directory traversal attack...

8.6CVSS6.4AI score0.00349EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/11/15 12:0 a.m.9 views

SUSE SLED15: binutils / binutils-devel / binutils-devel-32bit / etc (SUSE-SU-2025:4096-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4096-1 advisory. - Do not enable '-z gcs=implicit' on aarch64 for old codestreams. Update to version 2.45: New...

7.8CVSS6.3AI score0.01252EPSS
Exploits25References85
EUVD
EUVD
added 2025/11/12 10:27 p.m.6 views

EUVD-2025-150360

Frappe Learning is a learning system that helps users structure their content. Starting in version 2.0.0 and prior to version 2.41.0, when admins revoked a role from the user, the effect was not immediate because of caching. The issue has been fixed in version 2.41.0 by ensuring the cache is...

5.1CVSS6.2AI score0.00148EPSS
Exploits0References1
CVE
CVE
added 2025/10/27 8:37 p.m.63 views

CVE-2025-62725

CVE-2025-62725 affects Docker Compose when resolving remote OCI artifacts. The vulnerability arises from path handling of annotations in OCI layers (com.docker.compose.file and com.docker.compose.envfile), where Docker Compose joins attacker-controlled paths with its local cache directory without...

8.9CVSS6.3AI score0.13848EPSS
Exploits0References2
OSV
OSV
added 2025/09/27 11:15 p.m.9 views

AZL-67905 CVE-2025-11083 affecting package binutils for versions less than 2.37-19

A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elfswapshdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public an...

7.8CVSS6AI score0.00235EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/09/27 11:2 p.m.3 views

CVE-2025-11083 GNU Binutils Linker elfcode.h elf_swap_shdr heap-based overflow

A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elfswapshdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public an...

5.3CVSS6.7AI score0.00235EPSS
Exploits1References8
Rows per page
Query Builder