Lucene search
K

9 matches found

OSV
OSV
added 2026/03/27 6:31 a.m.2 views

GHSA-44F4-GVWJ-6QG3 Spring AI Redis Store has TAG Field Query Injection Through Improper Neutralization of Special Characters

In RedisFilterExpressionConverter of spring-ai-redis-store, when a user-controlled string is passed as a filter value for a TAG field, stringValue inserts the value directly into the @field:VALUE RediSearch TAG block without escaping characters. This issue affects Spring AI: from 1.0.0 before...

7.5CVSS5.9AI score0.0025EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-9633

Malware in sbrugna...

6.1CVSS6.2AI score0.01621EPSS
Exploits1References2
CVE
CVE
added 2025/03/31 9:50 p.m.69 views

CVE-2025-31692

CVE-2025-31692 : Drupal AI (Artificial Intelligence) module is affected by an OS command injection vulnerability in versions 0.0.0 through 1.0.4 due to improper neutralization of special elements in commands. Exploitation could allow an attacker to execute arbitrary OS commands. Affected componen...

7.5CVSS7AI score0.00717EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/01/21 12:0 a.m.3 views

WordPress plugin Weaver Themes Shortcode Compatibility 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exist...

6.5CVSS7.7AI score0.00206EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/01/16 12:0 a.m.8 views

PT-2025-5083 · Unknown · Gdpr Personal Data Reports

Name of the Vulnerable Software and Affected Versions: GDPR Personal Data Reports versions n/a through 1.0.5 Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting'. This allows for Stored XSS attacks. Recommendations:...

6.5CVSS9.2AI score0.00354EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/08/18 12:0 a.m.4 views

PT-2023-27306 · Unknown · Social Media Skeleton

Name of the Vulnerable Software and Affected Versions: Social media skeleton versions prior to 1.0.5 Description: Insufficient session expiration is a web application security vulnerability that occurs when a web application does not properly manage the lifecycle of a user's session. This issue...

9.8CVSS9.4AI score0.00434EPSS
Exploits0References7
OSV
OSV
added 2023/03/27 3:15 p.m.5 views

CVE-2023-1134

Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a path traversal vulnerability, which could allow an attacker to read local files, disclose plaintext credentials, and escalate privileges...

8.8CVSS7.3AI score
Exploits0References1
OSV
OSV
added 2023/03/27 3:15 p.m.5 views

CVE-2023-1139

Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-gateway service, which could allow deserialization of requests prior to authentication, resulting in remote code execution...

8.8CVSS7.8AI score0.01255EPSS
Exploits0References1
CNVD
CNVD
added 2017/03/31 12:0 a.m.8 views

go-jose CBC-HMAC Integer Overflow Vulnerability

go-jose is a standard method for implementing JavaScript object signing and encryption . An integer overflow vulnerability exists in 32-bit architectures in versions of go-jose prior to 1.0.5. An attacker could exploit this vulnerability to bypass authentication...

7.5CVSS7.7AI score0.02149EPSS
Exploits0References1
Rows per page
Query Builder