Lucene search
K

13 matches found

CNNVD
CNNVD
added 2026/05/07 12:0 a.m.7 views

XMLDOM 安全漏洞

XMLDOM is a JavaScript implementation of the W3C DOM for Node developed by jindw. Versions of XMLDOM prior to 0.9.10, 0.8.13, and xmldom 0.6.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the unlimited depth of recursive traversal in lib/dom.js, which could...

8.7CVSS5.8AI score0.00643EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/05/07 12:0 a.m.7 views

CVE-2026-41673

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, seven recursive traversals in lib/dom.js operate without a depth limit. A sufficiently deeply nested DO...

8.7CVSS5.7AI score0.00643EPSS
Exploits0References12
OSV
OSV
added 2026/04/01 9:21 a.m.5 views

CLEANSTART-2026-CE02533 Security fixes for CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2025-61729, CVE-2025-62820, CVE-2026-30836, CVE-2026-33186, ghsa-p77j-4mvh-x3m3, ghsa-q4r8-xm5f-56gw applied in versions: 0.10.1-r0, 0.9.10-r0, 0.9.9-r0, 0.9.9-r1

Multiple security vulnerabilities affect the step-issuer package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS6.8AI score0.01557EPSS
Exploits3References27
Vulnrichment
Vulnrichment
added 2025/10/05 7:2 a.m.0 views

CVE-2025-11287 samanhappy MCPHub sseService.ts handleSseConnectionfunction improper authentication

A vulnerability was identified in samanhappy MCPHub up to 0.9.10. This vulnerability affects the function handleSseConnectionfunction of the file src/services/sseService.ts. Such manipulation leads to improper authentication. The attack may be launched remotely. The exploit is publicly available...

7.5CVSS6.4AI score0.00577EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/06/28 6:24 p.m.8 views

CVE-2025-53013

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. A vulnerability present in versions 0.9.10 through 0.9.16 allows a user to authenticate to a Linux host via Himmelblau using an invalid Linux Hello PIN, provided the host is offline. While the user gains access to th...

5.2CVSS6.5AI score0.00202EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/06/27 11:21 p.m.2 views

SUSE CVE-2025-53013

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. A vulnerability present in versions 0.9.10 through 0.9.16 allows a user to authenticate to a Linux host via Himmelblau using an invalid Linux Hello PIN, provided the host is offline. While the user gains access to th...

5.2CVSS6.6AI score0.00202EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/06/26 12:0 a.m.6 views

Himmelblau 授权问题漏洞

Himmelblau is an Azure Entra ID authentication module open-sourced by Himmelblau. An authorization issue vulnerability exists in Himmelblau versions 0.9.10 to 0.9.16, which stems from an invalid Linux Hello PIN authentication that can be used while offline...

5.2CVSS6.8AI score0.00202EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/05/15 12:0 a.m.2 views

WordPress plugin Spiritual Gifts Survey 安全漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.1CVSS6.2AI score0.00146EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/06/07 12:0 a.m.8 views

PT-2023-22797 · Apache +1 · Apache Guacamole +1

Name of the Vulnerable Software and Affected Versions: Apache Guacamole versions 0.9.10 through 1.5.1 Description: The issue allows an attacker to execute arbitrary code with the privileges of the guacd process, depending on timing, as Apache Guacamole may continue to reference a freed RDP audio...

8.8CVSS9.1AI score0.0825EPSS
Exploits2References22
SUSE CVE
SUSE CVE
added 2023/02/15 6:14 a.m.3 views

SUSE CVE-2006-3631

Unspecified vulnerability in the SSH dissector in Wireshark aka Ethereal 0.9.10 to 0.99.0 allows remote attackers to cause a denial of service infinite loop via unknown attack vectors...

5CVSS6.8AI score0.02255EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2022/05/13 1:49 a.m.4 views

org.apache.guacamole:guacamole-ext (>=0.9.10-incubating <=0.9.14) potentially affected by CVE-2018-1340 via org.apache.guacamole:guacamole-common (>=0.9.10-incubating <=0.9.14)

org.apache.guacamole:guacamole-common MAVEN version =0.9.10-incubating, =0.9.10-incubating, =0.9.14 Source cves: CVE-2018-1340 Source advisory: OSV:GHSA-WR7R-VG3C-54R5...

7.5CVSS7AI score0.021EPSS
Exploits0
OSV
OSV
added 2020/01/27 7:28 p.m.12 views

GHSA-R2WF-Q3X4-HRV9 Default development error handler in Ratpack is vulnerable to HTML content injection (XSS)

Versions of Ratpack from 0.9.10 through 1.7.5 are vulnerable to CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' aka. XSS in the development error handler. An attacker can utilize this to perform XSS when an exception message contains untrusted data. As a...

6.1CVSS6.2AI score0.00857EPSS
Exploits1References4
Snyk
Snyk
added 2010/03/18 5:30 p.m.2 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack. The pamakesecuredir function in core-util.c in PulseAudio 0.9.10 and 0.9.19 allows local users to change the ownership and permissions of arbitrary files via a symlink attack on a /tmp/.esd- temporary file. Remediation...

7.8CVSS6.7AI score0.00339EPSS
Exploits0References2
Rows per page
Query Builder