Lucene search
K

25 matches found

CVE
CVE
added 2026/02/10 3:38 p.m.14 views

CVE-2026-1774

CASL Ability (versions 2.4.0–6.7.4) contains a prototype pollution vulnerability likely via the extra/rulesToFields path handling, allowing manipulation of Object.prototype. Affected components include the setByPath logic within the prototype pollution surface; impact can range from DoS to potent...

9.8CVSS5.4AI score0.00624EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/01/21 11:28 a.m.7 views

WordPress Ultra Portfolio plugin <= 6.7 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Ultra Portfolio versions = 6.7...

8.8CVSS5.8AI score0.00258EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/10/30 12:0 a.m.4 views

Oracle Linux 8 : redis:6 (ELSA-2025-19238)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-19238 advisory. 6.2.20-1.0.1 - Build with 64k pages to support redis on both UEK6 and UEK7 on aarch64 6.2.20-1 - rebase to 6.2.20 for CVE-2025-49844 CVE-2025-46817...

9.9CVSS8.4AI score0.86767EPSS
Exploits15References5
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2017-0467

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and da...

9.3CVSS8.4AI score0.01422EPSS
Exploits0References2
OSV
OSV
added 2025/06/26 2:15 p.m.4 views

UBUNTU-CVE-2025-6706

An authenticated user may trigger a use after free that may result in MongoDB Server crash and other unexpected behavior, even if the user does not have authorization to shut down a server. The crash is triggered on affected versions by issuing an aggregation framework operation using a specific...

8.8CVSS5.8AI score0.00214EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/05/17 12:0 a.m.5 views

WordPress plugin Formidable Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

6.1CVSS6.2AI score0.00336EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/08/07 12:0 a.m.5 views

Pegasystem PEGA Platform License Issue Vulnerability

Pegasystem PEGA Platform is a suite of application development platforms from the US-based Pegasystem. The platform is used to develop applications such as BPM Business Process Management, Case Management, Real-Time Decision Making and CRM Customer Relationship Management. A security vulnerabilit...

9.8CVSS6.8AI score0.00519EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/06/23 12:0 a.m.5 views

MagnusBilling 操作系统命令注入漏洞

MagnusBilling is a fast, secure, efficient, and highly available VOIP billing from MagnusSolution open source. An operating system command injection vulnerability exists in MagnusSolution MagnusBilling versions 6.x , 7.x that originates from allowing remote attackers to run arbitrary commands via...

9.8CVSS8.7AI score0.9425EPSS
Exploits15References8
SUSE CVE
SUSE CVE
added 2023/02/15 5:0 a.m.1 views

SUSE CVE-2016-5405

389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to obtain user passwords...

9.8CVSS7AI score0.03061EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/07/13 12:0 a.m.3 views

CVE-2021-39018

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose sensitive information in a SQL error message that could aid in further attacks against the system. IBM X-Force ID: 213726...

4.3CVSS5.8AI score0.00607EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/06/24 5:15 p.m.6 views

CVE-2021-20551

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 199149...

3.3CVSS5.5AI score0.00249EPSS
Exploits0References2
OSV
OSV
added 2022/06/24 5:15 p.m.2 views

CVE-2021-20421

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

4.3CVSS5.5AI score0.00479EPSS
Exploits0References2
OSV
OSV
added 2022/05/24 5:13 p.m.3 views

GHSA-GFV5-GRX2-9JW2 Improper Privilege Management in Elasticsearch

Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges...

8.8CVSS6.8AI score0.016EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2022/01/11 5:0 p.m.4 views

CVE-2021-43054

The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contains an easily exploitable vulnerability that allows a low privileged attacker with network access to generate API tokens that can access any...

8.8CVSS7.4AI score0.00746EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2020/09/11 12:0 a.m.4 views

PT-2020-16057 · Primekey · Primekey Ejbca

Name of the Vulnerable Software and Affected Versions: PrimeKey EJBCA versions 6.x through 7.4.0 Description: An issue was discovered where no revocation check is performed on a client certificate when enrolling over the EST protocol. This can affect systems with EST configured, using client...

7.3CVSS7.1AI score0.00491EPSS
Exploits0References3
OSV
OSV
added 2020/08/25 3:15 a.m.4 views

CVE-2020-5541

Open redirect vulnerability in CyberMail Ver.6.x and Ver.7.x allows remote attackers to redirect users to arbitrary sites and conduct phishing attacks via a specially crafted URL...

6.1CVSS5.9AI score0.01393EPSS
Exploits0References4
OSV
OSV
added 2020/06/19 4:15 p.m.5 views

CVE-2020-4281

IBM DOORS Next Generation DNG/RRC 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

5.4CVSS5.9AI score0.00561EPSS
Exploits0References2
OSV
OSV
added 2020/06/10 1:15 p.m.3 views

CVE-2020-6264

SAP Commerce, versions - 6.7, 1808, 1811, 1905, may allow an attacker to access information under certain conditions which would otherwise be restricted, leading to Information Disclosure...

7.5CVSS7.1AI score0.00972EPSS
Exploits0References2
CNVD
CNVD
added 2020/04/17 12:0 a.m.2 views

Aruba Networks ClearPass Access Control Error Vulnerability

Aruba Networks ClearPass is an access management system from Aruba Networks that integrates network control, application and device management capabilities. A security vulnerability exists in Aruba Networks ClearPass versions 6.8.x prior to 6.8.4 and 6.7.x prior to 6.7.13. An attacker could explo...

9.8CVSS7AI score0.01089EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2018/08/27 2:21 p.m.5 views

JDK: DoS in the java.math component

A flaw in the java.math component in IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0 may allow an attacker to inflict a denial-of-service attack with specially crafted String data. IBM X-Force ID: 141681...

7.5CVSS7.3AI score0.03981EPSS
Exploits0References4
Rows per page
Query Builder