Lucene search
K

70 matches found

OSV
OSV
added 6 days ago5 views

PYSEC-2026-277 Apache Airflow Google Provider Improper Input Validation vulnerability

Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0...

9.8CVSS7.3AI score0.01583EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/18 3:40 p.m.20 views

EUVD-2026-30777

Creating a "2dspherebucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that index will crash the server. A similar issue occurs when creating "queryableencryptedrange" indices. This issue affects MongoDB Server...

7.1CVSS5.8AI score0.00235EPSS
Exploits0References1
CBLMariner
CBLMariner
added 2026/03/09 2:32 p.m.3 views

CVE-2025-47911 affecting package cf-cli for versions less than 8.4.0-27

CVE-2025-47911 affecting package cf-cli for versions less than 8.4.0-27. A patched version of the package is available...

5.3CVSS5.8AI score0.00502EPSS
Exploits0
CNNVD
CNNVD
added 2026/03/02 12:0 a.m.8 views

Studio Fabryka DobryCMS SQL注入漏洞

Studio Fabryka DobryCMS is a content management system developed by Studio Fabryka. Versions of Studio Fabryka DobryCMS prior to version 8.0 had a SQL injection vulnerability. This vulnerability stemmed from SQL injections in URL paths, which could lead to blind injection attacks...

9.3CVSS5.8AI score0.00448EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.8 views

OpenEMR 跨站脚本漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0 contained a cross-site...

8.7CVSS5.6AI score0.04197EPSS
Exploits1References2
CBLMariner
CBLMariner
added 2026/02/13 6:52 a.m.9 views

CVE-2026-0994 affecting package mysql for versions less than 8.0.45-2

CVE-2026-0994 affecting package mysql for versions less than 8.0.45-2. A patched version of the package is available...

8.2CVSS5.5AI score0.00613EPSS
Exploits0
OSV
OSV
added 2026/02/07 10:16 p.m.7 views

CVE-2026-25859

Wekan versions prior to 8.20 allow non-administrative users to access migration functionality due to insufficient permission checks, potentially resulting in unauthorized migration operations...

8.8CVSS5.3AI score
Exploits0References3
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.6 views

Turbo security vulnerabilities

Turbo is a code development tool open source by Hotwire. Versions of Turbo prior to 8.0.x contained security vulnerabilities. These vulnerabilities stemmed from race conditions in the turbo-frame element handler, which could lead to failed logouts and the reapplication of session cookies after a...

4.8CVSS5.9AI score0.00242EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/01/02 12:0 a.m.6 views

PT-2026-1042

Name of the Vulnerable Software and Affected Versions EmpireSoft EmpireCMS versions prior to 8.0 Description A flaw exists in EmpireSoft EmpireCMS that allows for unrestricted file uploads. This issue is located in the CheckSaveTranFiletype function within the e/class/connect.php file. Successful...

8.8CVSS6.4AI score0.00314EPSS
Exploits1References11
CNNVD
CNNVD
added 2025/12/01 12:0 a.m.4 views

Snipe-IT 安全漏洞

Snipe-IT is an open source IT asset/license management system from Grokability Open Source. A security vulnerability exists in Snipe-IT versions prior to 8.3.4 that stems from a stored cross-site scripting attack in the Locations Country field...

5.4CVSS5.7AI score0.0017EPSS
Exploits1References3
CBLMariner
CBLMariner
added 2025/11/14 10:3 p.m.4 views

CVE-2025-53053 affecting package mysql for versions less than 8.0.44-2

CVE-2025-53053 affecting package mysql for versions less than 8.0.44-2. An upgraded version of the package is available that resolves this issue...

5.5CVSS6.9AI score0.00438EPSS
Exploits0
CBLMariner
CBLMariner
added 2025/11/10 9:36 p.m.11 views

CVE-2025-61985 affecting package openssh for versions less than 8.9p1-9

CVE-2025-61985 affecting package openssh for versions less than 8.9p1-9. A patched version of the package is available...

3.6CVSS9AI score0.00113EPSS
Exploits0
CBLMariner
CBLMariner
added 2025/11/10 9:36 p.m.5 views

CVE-2025-53045 affecting package mysql for versions less than 8.0.44-2

CVE-2025-53045 affecting package mysql for versions less than 8.0.44-2. An upgraded version of the package is available that resolves this issue...

4.9CVSS7.4AI score0.00533EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/11/06 3:11 a.m.7 views

CVE-2025-8871

The Everest Forms Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.7 via deserialization of untrusted input in the mimecontenttype function. This makes it possible for unauthenticated attackers to inject a PHP Object. This vulnerability may ...

5.6CVSS7.2AI score0.00274EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/11/05 5:15 p.m.4 views

CVE-2025-46365

Dell CloudLink, versions prior 8.1.1, contain a Command Injection vulnerability which can be exploited by an Authenticated attacker to cause Command Injection on an affected Dell CloudLink...

6.7CVSS5.8AI score0.00384EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/05 2:25 a.m.12 views

CVE-2025-8871 Everest Forms (Pro) <= 1.9.7 - Unauthenticated PHP Object Injection via PHAR Deserialization in Form Signature

The Everest Forms Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.7 via deserialization of untrusted input in the mimecontenttype function. This makes it possible for unauthenticated attackers to inject a PHP Object. This vulnerability may ...

5.6CVSS0.00274EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/10/10 8:32 p.m.8 views

WordPress WoodMart theme < 8.3.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme WoodMart versions 8.3.2...

6.5CVSS6.1AI score0.00198EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-6712

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MongoDB Server may be susceptible to disruption caused by high memory usage, potentially leading to server crash. This condition is linked to inefficiencies in...

6.5CVSS5.5AI score0.00276EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/13 12:0 a.m.5 views

PHP 安全漏洞

PHP is a scripting language for PHP that is executed server-side. A security vulnerability exists in PHP versions prior to 8.1.33, 8.2.29, 8.3.23, and 8.4.10, which stems from functions such as fsockopen failing to validate that the hostname contains null characters, which could lead to security...

5.3CVSS6.4AI score0.00514EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/07/07 12:0 a.m.4 views

MongoDB Server 安全漏洞

MongoDB Server is a distributed document database system from MongoDB. A resource management error vulnerability exists in MongoDB Server versions prior to 8.0 through 8.0.10 that stems from inefficient memory management for internal operations. An attacker could exploit this vulnerability to cau...

6.5CVSS6.6AI score0.00276EPSS
Exploits0References2
Rows per page
Query Builder