Lucene search
K

8 matches found

NVD
NVD
added 2026/03/26 1:16 a.m.9 views

CVE-2026-33942

Saloon is a PHP library that gives users tools to build API integrations and SDKs. Versions prior to 4.0.0 used PHP's unserialize in AccessTokenAuthenticator::unserialize to restore OAuth token state from cache or storage, with allowedclasses = true. An attacker who can control the serialized...

9.8CVSS0.00622EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/27 4:47 p.m.9 views

CVE-2025-34159 Coolify Docker Compose Directive Injection in Application Deployment Workflow

Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a remote code execution vulnerability in the application deployment workflow. The platform allows authenticated users, with low-level member privileges, to inject arbitrary Docker Compose directives during project creation. By crafting...

9.4CVSS0.00919EPSS
Exploits2References3
CNNVD
CNNVD
added 2022/11/22 12:0 a.m.3 views

Engine.IO 安全漏洞

Engine.IO is a transport-based implementation of Socket.IO's cross-browser/cross-device bi-directional communication layer.A denial-of-service vulnerability exists in versions of Socketio Engine.IO prior to 3.6.1, 4.0.0 and later, and prior to 6.2.1, which stems from a failure to properly handle...

7.1CVSS6.7AI score0.01939EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2022/10/10 12:0 a.m.9 views

PT-2022-17352 · WordPress · Enable Media Replace

Name of the Vulnerable Software and Affected Versions: Enable Media Replace WordPress plugin versions prior to 4.0.0 Description: The issue allows high privilege users, such as admins, to potentially move files outside the Upload folder to the web root directory via a path traversal attack...

4.9CVSS4.9AI score0.00781EPSS
Exploits2References3
CNNVD
CNNVD
added 2022/06/02 12:0 a.m.6 views

npm markdown-link-extractor 安全漏洞

npm markdown-link-extractor is used to extract links from Markdown text. npm markdown-link-extractor versions prior to 3.0.2 and 4.0.0 contain a denial of service vulnerability that stems from not properly handling incoming error messages, which could be exploited by an attacker to cause a denial...

7.5CVSS5.7AI score0.01027EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2022/05/24 5:21 p.m.7 views

Mattermost Server vulnerable to XSS via an uploaded file

An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. It allows XSS via an uploaded file...

6.1CVSS6.2AI score0.00685EPSS
Exploits0References6Affected Software1
CNVD
CNVD
added 2018/07/12 12:0 a.m.4 views

Juniper Contrail Service Orchestration Hard-Coded Credentials Vulnerability (CNVD-2019-19205)

Juniper Contrail Service Orchestration CSO is a Juniper Networks suite of products for designing and deploying network services in a centralized cloud CPE deployment model. A hard-coded credentials vulnerability exists in Juniper CSO versions prior to 4.0.0. The vulnerability stems from the fact...

9.8CVSS7.9AI score0.00973EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2006/01/20 12:0 a.m.5 views

PT-2006-1134 · Crawl · Crawl

Name of the Vulnerable Software and Affected Versions: crawl versions prior to 4.0.0 Description: The issue allows local users to gain privileges due to insecure calls to programs when saving and loading games. Recommendations: For versions prior to 4.0.0, update to version 4.0.0 or later to...

7.2CVSS6.9AI score0.00344EPSS
Exploits0References11
Rows per page
Query Builder