Lucene search
K

40 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Ansible

A flaw was discovered in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then select a new destination path on the controller node. All versions under 2.7.x, 2.8.x, and 2.9.x branches are believed to be vulnerable...

4.6CVSS6.7AI score0.00487EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.8 views

Open5GS 安全漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for Lte/Nr networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from a function in the delete Endpoint component called...

7.5CVSS6.1AI score0.00487EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.3 views

PT-2026-32564

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an incomplete fix for CVE-2025-53928, where a Remote Code Execution vulnerability still exists in the MCP node of the workflow engine. MaxKB only restricts the referencing code path loading MCP config from the...

9.8CVSS6AI score0.00427EPSS
Exploits1References4
Patchstack
Patchstack
added 2026/03/23 6:28 p.m.6 views

WordPress Woody ad snippets plugin <= 2.7.1 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Woody ad snippets versions = 2.7.1...

9.9CVSS5.9AI score0.00311EPSS
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/03 10:46 a.m.8 views

CVE-2025-59060

Hostname verification bypass issue in Apache Ranger NiFiRegistryClient/NiFiClient is reported in Apache Ranger versions = 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue...

5.3CVSS5.9AI score0.00329EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.12 views

PT-2026-1650

Name of the Vulnerable Software and Affected Versions WPCHURCH versions through 2.7.0 Description A flaw exists in WPCHURCH that allows for Blind SQL Injection due to improper neutralization of special elements used in an SQL command. This allows attackers to execute malicious queries. The...

9.3CVSS7.7AI score0.00241EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/01/06 12:0 a.m.4 views

WordPress plugin FastDup 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A path travers...

6.5CVSS6.5AI score0.00318EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/13 12:0 a.m.3 views

WordPress plugin Image Slider by Ays- Responsive Slider and Carousel 跨站请求伪造漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, with the ability to host personal blog sites on PHP and MySQL based servers.WordPress...

4.3CVSS6.1AI score0.00131EPSS
Exploits0References5
NVD
NVD
added 2025/12/01 1:16 p.m.5 views

CVE-2025-12106

Insufficient argument validation in OpenVPN 2.7alpha1 through 2.7rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses...

9.1CVSS0.00538EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/14 12:0 a.m.6 views

PT-2025-47009

Name of the Vulnerable Software and Affected Versions Cloudlog versions 2.7.5 and earlier Description An authenticated SQL injection issue exists. The vucc details ajax function within the application/controllers/Awards.php file does not properly sanitize the Gridsquare POST parameter provided by...

6.5CVSS8AI score0.00272EPSS
Exploits1References9
Cvelist
Cvelist
added 2025/11/10 8:35 p.m.8 views

CVE-2025-48065 Combodo iTop vulnerable to reflected XSS via objection edition form error

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site scripting when a field with an error contains malicious content. Versions 2.7.13 and 3.2.2 protect rendered HTML content...

8.8CVSS0.00194EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/22 12:0 a.m.3 views

WordPress plugin JSM file_get_contents Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that provides the ability to host a personal blog site on a PHP and MySQL based server. A cross-site scripting...

6.5CVSS5.7AI score0.00196EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2021-40401

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-free vulnerability exists in the RS-274X aperture definition tokenization functionality of Gerbv 2.7.0 and dev commit b5f1eacd and Gerbv forked 2.7....

10CVSS7.7AI score0.01299EPSS
Exploits1References2
NVD
NVD
added 2025/08/10 9:15 a.m.13 views

CVE-2025-8802

A vulnerability was determined in Open5GS up to 2.7.5. This vulnerability affects the function smfstateoperational of the file src/smf/smf-sm.c of the component SMF. The manipulation of the argument stream leads to denial of service. The attack can be initiated remotely. The exploit has been...

7.5CVSS0.00579EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2025/05/23 2:39 a.m.4 views

CVE-2023-23638

A deserialization vulnerability existed when dubbo generic invoke, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.21 and prior versions; Apache Dubbo 3.0.x version 3.0.13 and prior versions; Apache Dubbo 3.1.x version 3.1.5 and prior versions...

9.8CVSS9.5AI score0.04847EPSS
Exploits3References1
CNNVD
CNNVD
added 2025/04/24 12:0 a.m.4 views

WordPress plugin Business Contact Widget 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...

5.9CVSS6.2AI score0.00182EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2025/04/16 9:15 a.m.3 views

CVE-2023-32197

A Improper Privilege Management vulnerability in SUSE rancher in RoleTemplateobjects when external=true is set can lead to privilege escalation in specific scenarios.This issue affects rancher: from 2.7.0 before 2.7.14, from 2.8.0 before 2.8.5...

7.5CVSS7.1AI score0.00508EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2025/04/04 12:0 a.m.4 views

WordPress plugin Rollbar 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

5.4CVSS6.4AI score0.00185EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/02/26 10:1 p.m.6 views

WordPress Templines Elementor Helper Core plugin <= 2.7 - Authenticated (Subscriber+) Privilege Escalation vulnerability

Authenticated Subscriber+ Privilege Escalation vulnerability discovered by Tonn in WordPress Plugin Templines Elementor Helper Core versions = 2.7...

8.8CVSS7AI score0.00466EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/11/07 10:41 p.m.4 views

WordPress myCred plugin <= 2.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin myCred versions = 2.7.4...

6.4CVSS5.7AI score0.00314EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder