Lucene search
K

15 matches found

Vulnrichment
Vulnrichment
added 2026/06/09 6:20 a.m.9 views

CVE-2026-44083 QuMagie

An authorization bypass through user-controlled key vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to gain unintended privileges. We have already fixed the vulnerability in the following version: QuMagie 2.9.1 and later...

8.7CVSS5.5AI score0.0046EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/26 8:14 p.m.36 views

CVE-2026-45412 MaxKB: Unauthenticated SSRF via Workflow Template Import

MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, SSRF via workflowtemplate Import. Authenticated users can supply arbitrary URLs in workflowtemplate.downloadUrl which are fetched server-side without any URL validation or internal IP filtering. This vulnerability is fixed in...

6.3CVSS0.00207EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/26 8:14 p.m.8 views

CVE-2026-45412

MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, SSRF via workflowtemplate Import. Authenticated users can supply arbitrary URLs in workflowtemplate.downloadUrl which are fetched server-side without any URL validation or internal IP filtering. This vulnerability is fixed in...

6.3CVSS5.9AI score0.00207EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.18 views

PT-2026-43406

MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, user passwords are stored using unsalted MD5 hashes, making them trivially crackable via rainbow tables or GPU-accelerated brute force hashcat. This vulnerability is fixed in 2.9.1...

6.9CVSS5.8AI score0.00083EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/18 3:35 p.m.15 views

eduMFA: Unauthenticated Failcounter Increment on Resolver Tokens via /validate/check

Impact If the resolver parameter is passed, but the user does not exist, all failcounters of tokens in that resolver will be increased. Patches This, along with other issues, was fixed in eduMFA v2.9.1. Workarounds Limiting access to /validate/check to client applications i.e. Shibboleth/FreeRADI...

5.7AI score
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/20 9:31 a.m.5 views

CVE-2026-0677

Deserialization of Untrusted Data vulnerability in TotalSuite TotalContest Lite allows Object Injection.This issue affects TotalContest Lite: from n/a through 2.9.1...

7.2CVSS5.8AI score0.00233EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/05 8:6 p.m.9 views

EUVD-2026-9870

MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.1, the courses//assignments//submissions/htmlcontent route reads the contents of a student-submitted file and renders them without sanitization. This issue has been patched in version 2.9.1...

8CVSS5.8AI score0.00223EPSS
Exploits0References3
NVD
NVD
added 2026/03/05 6:16 a.m.7 views

CVE-2026-27384

Improper Validation of Specified Quantity in Input vulnerability in BoldGrid W3 Total Cache w3-total-cache allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects W3 Total Cache: from n/a through = 2.9.1...

9CVSS0.00304EPSS
Exploits1References1
OSV
OSV
added 2024/10/06 10:15 a.m.5 views

CVE-2024-47356

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Catch Themes Create allows Stored XSS.This issue affects Create: from n/a through 2.9.1...

5.9CVSS5.8AI score0.0021EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/05/16 12:0 a.m.6 views

Intel FPGA products 安全漏洞

Intel FPGA products is a family of software applications from Intel Corporation USA. A security vulnerability exists in Intel FPGA products prior to version 2.9.1 that stems from an incorrect input validation issue. A denial of service attack may be allowed...

4.4CVSS6.5AI score0.00196EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/08/11 12:0 a.m.6 views

eProsima Fast DDS Security Vulnerability

eProsima Fast DDS is the C++ implementation of eProsima's OMG Object Management Group DDS Data Distribution Service standard. A security vulnerability exists in eProsima Fast DDS version 2.9.1, which stems from a data sub-message sent to a PDP port that raises an unhandled BadParamException in...

8.2CVSS6.8AI score0.00808EPSS
Exploits0References7
CNNVD
CNNVD
added 2023/08/03 12:0 a.m.5 views

Suprema BioStar 2 License Issue Vulnerability

Suprema BioStar 2 is a web-based biometric security smart lock platform from Suprema Korea. A security vulnerability exists in Suprema BioStar version 2.0 through versions prior to 2.9.1 that stems from the presence of an authentication bypass vulnerability. It is permissible to allow an...

7.5CVSS7AI score0.00551EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:24 a.m.7 views

SUSE CVE-2022-35964

TensorFlow is an open source platform for machine learning. The implementation of BlockLSTMGradV2 does not fully validate its inputs. This results in a a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

7.5CVSS7.7AI score0.00409EPSS
Exploits0References3
OSV
OSV
added 2022/01/05 7:15 p.m.4 views

UBUNTU-CVE-2021-43779

GLPI is an open source IT Asset Management, issue tracking system and service desk system. The GLPI addressing plugin in versions 2.9.1 suffers from authenticated Remote Code Execution vulnerability, allowing access to the server's underlying operating system using command injection abuse of...

9.9CVSS5.9AI score0.09132EPSS
Exploits1References4
CNVD
CNVD
added 2017/03/13 12:0 a.m.6 views

Unspecified Vulnerability in Softaculous Virtualizor WHMCS Module

softaculous is a tool that assists customers in quickly installing web programs. A security vulnerability in the WHMCS Reseller module in Softaculous Virtualizor prior to version 2.9.1.0 allows an attacker to take control of other virtual machines managed by Virtualizor by accessing a modified UR...

9.9CVSS6.8AI score0.01318EPSS
Exploits0References1
Rows per page
Query Builder