Lucene search
K

19 matches found

PyPA
PyPA
added 2026/05/05 4:16 p.m.13 views

PYSEC-2026-55

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14.django.middleware.cache.UpdateCacheMiddleware erroneously caches requests where the Vary header contained an asterisk ''. This can lead to private data being stored and served.Earlier, unsupported Django series such as 5.0.x, 4.1.x...

5.3CVSS5.8AI score0.00358EPSS
Exploits0References4Affected Software1
vulnersOsv
vulnersOsv
added 2026/04/07 9:31 a.m.7 views

com.espertech:esperio-springjms (=9.0.0), org.apache.activemq.tooling:activemq-maven-plugin (>=6.0.0 <=6.2.2) +5 more potentially affected by CVE-2026-34197 via org.apache.activemq:activemq-all (>=6.0.0 <=6.2.2)

org.apache.activemq:activemq-all MAVEN version =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.2.2 Source cves: CVE-2026-34197 Source advisory: SNYK:JAVA-ORGAPACHEACTIVEMQ-16032379...

8.8CVSS6.6AI score0.96666EPSS
Exploits13
Tenable Nessus
Tenable Nessus
added 2026/04/07 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-3902

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGIRequest allows a remote attacker to spoof headers by exploiting an...

7.5CVSS5.5AI score0.00436EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/24 12:0 a.m.11 views

PT-2026-4578

The Alex User Counter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.0. This is due to missing nonce validation on the alex user counter function function. This makes it possible for unauthenticated attackers to update the plugin settings...

4.3CVSS5.5AI score0.00158EPSS
Exploits0References4
EUVD
EUVD
added 2025/11/25 3:31 p.m.5 views

EUVD-2025-199597

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie...

3.7CVSS5.7AI score0.00261EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/08 7:20 a.m.6 views

EUVD-2025-32912

Malicious code in v0-components npm...

6.6AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2021-21441

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a XSS vulnerability in the ticket overview screens. It's possible to collect various information by having an e-mail shown in the overview screen. Atta...

7.5CVSS6.1AI score0.01216EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 8:38 a.m.3 views

CVE-2024-31261

Missing Authorization vulnerability in Aakash Chakravarthy Announcer – Notification & message bars.This issue affects Announcer – Notification & message bars: from n/a through 6.0...

8.8CVSS8.5AI score0.00323EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/09/05 12:0 a.m.7 views

WordPress plugin Bit File Manager 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

8.1CVSS8.3AI score0.02802EPSS
Exploits3References5
OSV
OSV
added 2024/06/12 10:15 a.m.3 views

CVE-2023-40209

Missing Authorization vulnerability in Himalaya Saxena Highcompress Image Compressor.This issue affects Highcompress Image Compressor: from n/a through 6.0.0...

4.3CVSS5.8AI score0.00264EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/04/26 12:0 a.m.4 views

CLTPHP 输入验证错误漏洞

CLTPHP is an open source and efficient site-building PHP content management system. An input validation error vulnerability exists in CLTPHP version 6.0 and earlier versions, which stems from incorrect input validation in application/admin/controller/Template.php. An attacker can exploit this...

8.1CVSS6.9AI score0.00734EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:17 a.m.2 views

SUSE CVE-2019-3031

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 5.2.34 and prior to 6.0.14. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...

6CVSS6.2AI score0.00898EPSS
Exploits0References3
OSV
OSV
added 2022/08/16 7:15 p.m.7 views

CVE-2021-39087

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 could allow an authenticated user to obtain sensitive information due to improper permission controls. IBM X-Force ID: 216109...

6.5CVSS5.8AI score0.00536EPSS
Exploits0References2
CNVD
CNVD
added 2020/04/23 12:0 a.m.3 views

HCL Technologies Connections Information Disclosure Vulnerability

HCL Technologies Connections is a suite of enterprise collaboration platforms from HCL Technologies India. A security vulnerability exists in HCL Technologies Connections version 6.5, 6.0 and 5.5. The vulnerability can be exploited by an attacker to gain access to sensitive information...

6.5CVSS7AI score0.00816EPSS
Exploits0References1
OSV
OSV
added 2020/04/08 2:15 p.m.4 views

CVE-2019-4601

IBM Quality Manager RQM 6.02, 6.06, and 6.0.6.1 could allow an authenticated user to obtain sensitive information from a stack trace that could aid in further attacks against the system...

4.3CVSS5.8AI score0.00994EPSS
Exploits0References2
OSV
OSV
added 2019/06/25 4:15 p.m.2 views

CVE-2019-4377

IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 reveals sensitive information from a stack trace that could be used in further attacks against the system. IBM X-Force ID: 162803...

4.3CVSS5.8AI score0.0134EPSS
Exploits0References3
OSV
OSV
added 2018/11/16 3:29 p.m.4 views

CVE-2018-1639

The Report Builder of Jazz Reporting Service 5.0 through 5.0.2 and 6.0 through 6.0.6 could allow an authenticated user to obtain sensitive information beyond its assigned privileges. IBM X-Force ID: 144579...

6.5CVSS5.8AI score0.01075EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2018/09/17 2:54 p.m.3 views

JDK: DoS in the java.math component

A flaw in the java.math component in IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0 may allow an attacker to inflict a denial-of-service attack with specially crafted String data. IBM X-Force ID: 141681...

7.5CVSS7.3AI score0.03981EPSS
Exploits0References4
OSV
OSV
added 2016/11/25 8:59 p.m.4 views

CVE-2016-0317

Lifecycle Query Engine LQE in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote attackers to conduct clickjacking attacks via unspecified vectors...

6.5CVSS5.8AI score0.00935EPSS
Exploits0References2
Rows per page
Query Builder