Lucene search
+L

195 matches found

vulnersOsv
vulnersOsv
added 2025/09/24 9:30 p.m.6 views

algeb (>=3.0.0 <=5.4.0), anys (>=0.0.1 <=9.0.0) +32 more potentially affected by CVE-2025-57351 via ts-fns (>=0.0.11 <=13.1.3)

ts-fns NPM version =0.0.11, =3.0.0, =0.0.1, =0.0.1, =1.1.0, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.2, =9.0.0 and more Source cves: CVE-2025-57351 Source advisory: OSV:GHSA-G7WQ-WGGW-VMHG...

6.5CVSS5.8AI score0.004EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/09/24 6:43 p.m.6 views

@remirror/core (>=0.2.0 <=0.11.0), @remirror/core-extensions (>=0.2.0 <=0.13.1) +42 more potentially affected by CVE-2025-57352 via min-document (>=2.17.0 <=2.19.0)

min-document NPM version =2.17.0, =0.2.0, =0.2.0, =0.4.2-ci.1569229282.9, =0.4.2-canary.2, =0.4.2-ci.1569229282.9, =0.4.2-ci.1569229282.9, =0.2.0, =0.2.0, =0.2.0, =0.4.0, =0.4.2-ci.1569229282.9, =0.2.0, =0.2.0, =0.2.0, =0.4.2-ci.1569229282.9, =0.13.1 and more Source cves: CVE-2025-57352 Source...

5.3CVSS5.8AI score0.00329EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/09/22 6:30 p.m.5 views

amlr (>=0.3.6 <=0.4.1), arsa-ml (>=0.1.0 <=0.1.13) +29 more potentially affected by CVE-2025-6544 via h2o (>=3.18.0.8 <=3.46.0.7)

h2o PYPI version =3.18.0.8, =0.3.6, =0.1.0, =0.0.92, =1.0.81, =2019.9.10.14.39.5, =1.0.1, =0.1.20, =0.1.0, =0.1.2, =0.3.2, =0.3.0, =1.0.1.1.4, =0.4.0.dev3, =0.1.0, =3.0.1, =5.4.1 and more Source cves: CVE-2025-6544 Source advisory: OSV:GHSA-5W3J-GWGH-4RFV...

9.8CVSS7.7AI score0.00847EPSS
Exploits1
NVD
NVD
added 2025/09/16 8:15 a.m.5 views

CVE-2024-12367

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vegagrup Software Vega Master allows Directory Indexing. This issue affects Vega Master: from v.1.12.35 through 20250916. NOTE: The vendor did not inform about the completion of the fixing process within...

8.6CVSS0.00261EPSS
Exploits0References2
CVE
CVE
added 2025/09/14 12:52 p.m.29 views

CVE-2025-36035

CVE-2025-36035 affects IBM PowerVM Hypervisor versions FW950.00–FW950.E0, FW1050.00–FW1050.50, and FW1060.00–FW1060.40. A local privileged user can issue a crafted IBM i hypervisor call to cause a denial of service by disclosing memory contents or consuming memory resources. IBM’s advisory and Re...

6.7CVSS5.8AI score0.00123EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/09/11 7:25 p.m.7 views

CVE-2025-43786

Enumeration of ERC from object entry in Liferay Portal 7.4.0 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.Q3.1, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 and 7.4 GA through update 92 allow attackers to determine existent ERC in the application by exploit t...

6.9CVSS6.9AI score0.00285EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2025/09/08 11:41 p.m.7 views

@adhd/react-hooks (=2.2.1), @aklesky/vite-config (>=0.7.9 <=0.9.0) +431 more potentially affected by CVE-2025-58752 via vite (>=5.0.0-beta.0 <=5.4.2)

vite NPM version =5.0.0-beta.0, =0.7.9, =17.1.0, =18.0.0, =1.0.25-beta.0, =0.5.0, =2.0.0-beta.0, =0.22.0, =1.0.1, =1.0.0, =1.0.0, =0.9.0, =0.9.8 and more Source cves: CVE-2025-58752 Source advisory: SNYK:JS-VITE-12558116...

5.3CVSS6AI score0.00586EPSS
Exploits1
OSV
OSV
added 2025/09/04 11:56 p.m.6 views

CVE-2025-58362 Hono contains a flaw in URL path parsing, potentially leading to path confusion

Hono is a Web application framework that provides support for any JavaScript runtime. Versions 4.8.0 through 4.9.5 contain a flaw in the getPath utility function which could allow path confusion and potential bypass of proxy-level ACLs e.g. Nginx location blocks. The original implementation relie...

7.5CVSS6.3AI score0.00498EPSS
Exploits0References5
NVD
NVD
added 2025/09/03 9:15 p.m.11 views

CVE-2025-55748

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 4.2-milestone-2 through 16.10.6, configuration files are accessible through jsx and sx endpoints. It's possible to access and read configuration files by using URLs such as...

9.3CVSS0.01652EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2024-9367

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2, that allows an...

4.3CVSS5.5AI score0.00475EPSS
Exploits1References2
CVE
CVE
added 2025/08/20 8:3 a.m.24 views

CVE-2025-49410

CVE-2025-49410- WordPress Portfolio Manager Pro Plugin &lt;= 3.8 – Unauthenticated Arbitrary File Upload vulnerability. According to Patchstack and CVE records, it allows uploading a dangerous file (e.g., web shell) due to improper file handling, enabling potential remote code execution on affect...

10CVSS5.2AI score0.00452EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2023-52969

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MariaDB Server 10.4 through 10.5., 10.6 through 10.6., 10.7 through 10.11., and 11.0 through 11.0. can sometimes crash with an empty backtrace log. This may be...

4.9CVSS6.6AI score0.00432EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/14 12:0 a.m.8 views

PT-2025-33258 · WordPress · Magical Posts Display

Name of the Vulnerable Software and Affected Versions: Magical Posts Display versions 1.0.0 through 1.2.52 Description: The software contains a DOM-Based Cross-site Scripting issue due to improper neutralization of input during web page generation. Recommendations: Update Magical Posts Display to...

6.5CVSS6.1AI score0.00176EPSS
Exploits0References4
Nginx
Nginx
added 2025/08/13 2:46 p.m.1451 views

Buffer overread in the ngx_mail_smtp_module

Buffer overread in the ngxmailsmtpmodule Severity: low CVE-2025-53859 Not vulnerable: 1.29.1+ Vulnerable: 0.7.22-1.29.0...

6.3CVSS7.1AI score0.00394EPSS
Exploits0References1Affected Software1
vulnersOsv
vulnersOsv
added 2025/08/12 12:15 a.m.7 views

windmill-cli (>=0.0.1 <=0.0.13) potentially affected by CVE-2025-55152 via @oakserver/oak (>=12.6.2 <=14.1.0)

@oakserver/oak NPM version =12.6.2, =0.0.1, =0.0.13 Source cves: CVE-2025-55152 Source advisory: OSV:GHSA-R3V7-PC4G-7XP9...

5.3CVSS5.8AI score0.00388EPSS
Exploits0
CNNVD
CNNVD
added 2025/07/19 12:0 a.m.7 views

WordPress plugin WPLMS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

8.8CVSS6.8AI score0.00993EPSS
Exploits1References8
vulnersOsv
vulnersOsv
added 2025/07/07 12:30 p.m.13 views

3m (=0.1.0), aaa-ml-datasets-course (=1.0.0) +1736 more potentially affected by CVE-2025-3263 via transformers (>=2.10.0 <=4.50.3)

transformers PYPI version =2.10.0, =0.1.0, =0.1.1, =0.1.0, =0.0.3, =0.0.1, =0.0.0.dev20230804, =0.1.0, =0.3.0, =0.1.0, =0.2.5, =0.2.11 and more Source cves: CVE-2025-3263 Source advisory: OSV:GHSA-Q2WP-RJMX-X6X9...

5.3CVSS6AI score0.00431EPSS
Exploits1
OSV
OSV
added 2025/07/07 9:54 a.m.5 views

CVE-2025-3046 Path Traversal via Symbolic Links in run-llama/llama_index

A vulnerability in the ObsidianReader class of the run-llama/llamaindex repository, versions 0.12.23 to 0.12.28, allows for arbitrary file read through symbolic links. The ObsidianReader fails to resolve symlinks to their real paths and does not validate whether the resolved paths lie within the...

7.5CVSS7.2AI score0.00555EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/07/04 12:0 a.m.7 views

SOGo 代码问题漏洞

SOGo is a very fast and extensible modern collaboration suite from Alinto Open Source. It provides calendaring, address book management and a full-featured webmail client as well as resource sharing and permission handling. A code issue vulnerability exists in SOGo versions 2.0.2 through 5.12.2,...

7.5CVSS6.5AI score0.00592EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/06/26 12:0 a.m.7 views

Mozilla neqo 安全漏洞

Mozilla neqo is a Rust protocol library from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla neqo versions 0.4.24 through 0.13.2, which stems from improper input validation and may cause a crash...

6.5CVSS6.4AI score0.00213EPSS
Exploits0References2
Rows per page
Query Builder