Lucene search
+L

15 matches found

nvd
nvd
added 2026/05/22 1:16 p.m.18 views

CVE-2026-44618

Insecure XML parser configuration in Apache CXF's WS-Transfer module may allow attackers to perform XXE attacks. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue...

5.3CVSS0.00338EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/05/19 9:33 a.m.13 views

CVE-2026-31910 Apache OFBiz: Improper Input Validation in UI Factory Classes Leads to SSRF and Blind File Access

Server-Side Request Forgery SSRF vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

5.8AI score0.0046EPSS
Exploits0References1
euvd
euvd
added 2026/01/19 8:9 p.m.10 views

EUVD-2026-3289

MyTube is a self-hosted downloader and player for several video websites. A vulnerability present in version 1.7.65 and poetntially earlier versions allows unauthenticated users to bypass the mandatory authentication check in the roleBasedAuthMiddleware. By simply not providing an authentication...

9.8CVSS5.7AI score0.00573EPSS
Exploits0References2
snyk
snyk
added 2025/12/10 6:30 p.m.2 views

Improper Resource Shutdown or Release

Overview org.jenkins-ci.main:cli is a Command line interface for Jenkins. Affected versions of this package are vulnerable to Improper Resource Shutdown or Release via the HTTP-based CLI connections. An attacker can cause the service to become unavailable by sending corrupted connection streams,...

8.7CVSS6.8AI score0.00515EPSS
Exploits0References2
osv
osv
added 2025/10/31 2:12 p.m.7 views

OESA-2025-2561 tomcat security update

The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open developmen...

9.6CVSS7.8AI score0.66535EPSS
Exploits4References4
osv
osv
added 2025/10/31 2:12 p.m.8 views

OESA-2025-2559 tomcat security update

The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open developmen...

9.6CVSS7.8AI score0.66535EPSS
Exploits4References4
nvd
nvd
added 2025/10/08 3:16 p.m.7 views

CVE-2025-61672

Synapse is an open source Matrix homeserver implementation. Lack of validation for device keys in Synapse before 1.138.3 and in Synapse 1.139.0 allow an attacker registered on the victim homeserver to degrade federation functionality, unpredictably breaking outbound federation to other homeserver...

5.3CVSS0.00434EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2025/01/16 12:0 a.m.6 views

PT-2025-5257 · Vite · Vite

Name of the Vulnerable Software and Affected Versions: Vite versions prior to 6.0.9 Vite versions prior to 5.4.12 Vite versions prior to 4.5.6 Description: Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of...

7.8CVSS6.9AI score0.00283EPSS
Exploits1References10
ptsecurity
ptsecurity
added 2025/01/01 12:0 a.m.7 views

PT-2025-54828

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.14 Apache Tomcat versions 10.1.0-M1 through 10.1.49 Apache Tomcat versions 9.0.0-M1 through 9.0.112 Apache Tomcat versions 8.5.0 through 8.5.100 Description Tomcat did not properly validate the hos...

9.1CVSS5.5AI score0.00235EPSS
Exploits0References204
ptsecurity
ptsecurity
added 2024/08/22 12:0 a.m.4 views

PT-2024-37674 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 8.2 through 17.1.6 GitLab CE/EE versions 17.2 through 17.2.4 GitLab CE/EE versions 17.3 through 17.3.1 Description: An issue was discovered in GitLab CE/EE, which allows an attacker to create a branch with the same name ...

6.5CVSS6.5AI score0.00349EPSS
Exploits0References13
ptsecurity
ptsecurity
added 2024/06/25 12:0 a.m.5 views

PT-2024-28519 · Juniper Networks · Junos Evolved +1

Name of the Vulnerable Software and Affected Versions: Junos OS versions prior to 21.2R3-S7 Junos OS versions from 21.4 before 21.4R3-S6 Junos OS versions from 22.2 before 22.2R3-S3 Junos OS version 22.3 Junos OS versions from 22.4 before 22.4R3 Junos OS versions from 23.2 before 23.2R2 Junos OS...

7.1CVSS7AI score0.00352EPSS
Exploits0References16
snyk
snyk
added 2024/04/12 10:54 p.m.6 views

Improper Removal of Sensitive Information Before Storage or Transfer

Overview OpenTelemetry.Instrumentation.AspNetCore is an ASP.NET Core instrumentation for OpenTelemetry .NET Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer due to the logging of sensitive query parameters by default. This...

4.1CVSS6.6AI score0.00291EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2023/04/15 12:0 a.m.3 views

PT-2023-10703 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab Community and Enterprise Edition versions 11.1.7 and earlier, 11.2.x through 11.2.3, 11.3.x through 11.3.0 Description: An issue was discovered in GitLab Community and Enterprise Edition, where blog-viewer has stored XSS during...

5.4CVSS5AI score0.00402EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2021/01/21 12:0 a.m.4 views

PT-2021-14350 · Pypi +3 · Pysaml2 +3

Name of the Vulnerable Software and Affected Versions: PySAML2 versions prior to 6.5.0 Description: The issue is related to an improper verification of cryptographic signatures in PySAML2, a pure python implementation of SAML Version 2 Standard. Users of PySAML2 that use the default...

9.8CVSS6.4AI score0.99856EPSS
Exploits14References102
osv
osv
added 2020/09/02 3:58 p.m.2 views

GHSA-73V8-V6G4-VRPM Arbitrary File Overwrite in decompress-zip

Vulnerable versions of decompress-zip are affected by the Zip-Slip vulnerability, an arbitrary file write vulnerability. The vulnerability occurs because decompress-zip does not verify that extracted files do not resolve to targets outside of the extraction root directory. Recommendation For...

6AI score
Exploits0References3
Rows per page
Query Builder