Lucene search
+L

17 matches found

Cvelist
Cvelist
added 2026/05/21 7:34 a.m.40 views

CVE-2026-44066 Heap out-of-bounds reads in Spotlight RPC unmarshalling

Multiple heap out-of-bounds reads in the Spotlight RPC unmarshalling code in Netatalk 3.1.0 through 4.4.2 allow a remote authenticated attacker to obtain sensitive information or cause a minor service disruption...

7.1CVSS0.0029EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.12 views

Fiber 跨站脚本漏洞

Fiber is an open-source web framework written in Go. Versions of Fiber prior to 2.52.12 and 3.1.0 contain a cross-site scripting vulnerability. This vulnerability stems from cross-site scripting, allowing remote attackers to inject arbitrary HTML/JavaScript into any request by providing Accept:...

6.1CVSS5.8AI score0.00212EPSS
Exploits1References1
CVE
CVE
added 2025/12/09 2:14 p.m.18 views

CVE-2025-67545

CVE-2025-67545 is a Stored XSS in the WordPress FireBox plugin (FireBox

6.5CVSS5.6AI score0.00162EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/09 2:53 a.m.12 views

CVE-2025-11452

The Asgaros Forum plugin for WordPress is vulnerable to SQL Injection via the '$COOKIE'asgarosforumunreadexclude'' cookie in all versions up to, and including, 3.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This make...

7.5CVSS6.8AI score0.00375EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/08 12:0 a.m.9 views

PT-2025-36459

CVE ID: CVE-2025-0002 Published: 2025-02-10T00:00:00.000Z Severity: CRITICAL 9.1/10 Description Remote code execution vulnerability in Cloud Management Console v3.1.0 and earlier allows authenticated administrators to execute arbitrary commands on the underlying host. Root Cause Improper input...

8.2AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/12/13 12:0 a.m.6 views

PT-2024-12330 · Webcodin · Webcodin Wcp Contact Form

Name of the Vulnerable Software and Affected Versions: Webcodin WCP Contact Form versions 3.1.0 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For Webcodin WCP...

4.3CVSS9.4AI score0.00494EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2024/03/12 9:30 p.m.9 views

org.apache.pulsar:pulsar-broker-auth-athenz (>=3.1.0 <=3.1.2), org.apache.pulsar:pulsar-broker-auth-sasl (>=3.1.0 <=3.1.2) +2 more potentially affected by CVE-2024-28098 via org.apache.pulsar:pulsar-broker (>=3.1.0 <=3.1.2)

org.apache.pulsar:pulsar-broker MAVEN version =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.2 Source cves: CVE-2024-28098 Source advisory: OSV:GHSA-G627-R579-RW35...

6.4CVSS6.5AI score0.01701EPSS
Exploits0
Patchstack
Patchstack
added 2023/10/26 12:0 a.m.7 views

WordPress Fathom Analytics Plugin < 3.1.0 is vulnerable to Cross Site Scripting (XSS)

Software Fathom Analytics Type Plugin Vulnerable versions 3.1.0 Fixed in 3.1.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 30f046c6503f Credits WordFence Required privilege...

6AI score
Exploits0References2Affected Software1
OSV
OSV
added 2023/10/02 9:15 a.m.6 views

CVE-2023-41847

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in WEN Solutions Notice Bar plugin = 3.1.0 versions...

5.4CVSS5.8AI score0.00303EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2022/07/29 10:24 p.m.5 views

co.fs2:fs2-protocols_sjs1_3 (>=3.1-2-8dabe12 <=3.2.10), com.armanbilge:feral-lambda-api-gateway-proxy-http4s_sjs1_3 (>=0.1-2f94f32 <=0.1-f497734) +27 more potentially affected by CVE-2022-31183 via co.fs2:fs2-io_sjs1_3 (>=3.1.0 <=3.2-10-421c242)

co.fs2:fs2-iosjs13 MAVEN version =3.1.0, =3.1-2-8dabe12, =0.1-2f94f32, =0.1-2f94f32, =0.1-9d346fe, =0.1-9d346fe, =0.1-9d346fe, =0.0-ba9ae1f, =0.4.1, =0.18.3, =0.1.0, =6.3.0, =0.23.5, =0.23.5, =0.23.5, =1.0.0-M29 and more Source cves: CVE-2022-31183 Source advisory: OSV:GHSA-2CPX-6PQP-WF35...

9.8CVSS7.2AI score0.00641EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2022/05/13 1:9 a.m.5 views

cloud.altemista.fwk.framework:cloud-altemistafwk-documentation (=3.1.0.RELEASE), cloud.altemista.fwk.soap:cloud-altemistafwk-core-soap-wss (>=3.0.0.RELEASE <=3.1.0.RELEASE) +1253 more potentially affected by CVE-2016-8739 via org.apache.cxf:cxf-core (>=3.1.0 <=3.1.8)

org.apache.cxf:cxf-core MAVEN version =3.1.0, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =2.6.3, =1.2.18, =5.0.0, =6.0.1 - com.bilalalp:cxfclientlogger =1.0 - com.bilalalp:cxflogger =1.0 and more Source cves: CVE-2016-8739 Source advisory:...

7.8CVSS7.1AI score0.07317EPSS
Exploits0
CNNVD
CNNVD
added 2022/04/08 12:0 a.m.6 views

RiteCMS 代码问题漏洞

RiteCMS is a web CMS. RiteCMS 3.1.0 and earlier contain an arbitrary file upload vulnerability that allows an authenticated attacker to upload PHP files and bypass the .htacess configuration to execute .php files in the media and files directories for remote command execution...

9CVSS6.1AI score0.29715EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2021/03/30 12:0 a.m.5 views

PT-2021-14676 · Jenkins · Jenkins Owasp Dependency-Track Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins OWASP Dependency-Track Plugin versions 3.1.0 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins. The issue arises...

8.8CVSS8.6AI score0.0077EPSS
Exploits0References9
vulnersOsv
vulnersOsv
added 2021/02/19 1:28 p.m.5 views

aether-sdk (>=1.3.4 <=1.3.8), apis-bibsonomy (>=0.2.0 <=0.3.0) +227 more potentially affected by CVE-2021-23336 via django (>=3.1.0 <=3.1.6)

django PYPI version =3.1.0, =1.3.4, =0.2.0, =0.16.12, =0.8.8, =0.5.0, =0.1.0, =1.0.0b3, =0.0.1, =2.11.0, =0.0.32, =0.0.38, =0.0.39 and more Source cves: CVE-2021-23336 Source advisory: SNYK:PYTHON-DJANGO-1076802...

5.9CVSS7AI score0.35717EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2021/02/07 8:15 p.m.5 views

activedirectoryenum (>=0.4.7 <=0.5.0), airflow-run (=0.4.9) +215 more potentially affected by CVE-2020-36242 via cryptography (>=3.1.0 <=3.3.1)

cryptography PYPI version =3.1.0, =0.4.7, =0.117.0b0, =0.8.0, =2.0.1, =8.0.1, =0.0.3, =0.9.1, =0.11.0 - azureml-accel-models =1.23.0 - azureml-cli-common =1.23.0 - azureml-contrib-fairness =1.23.0 - azureml-contrib-functions =1.23.0 - azureml-contrib-gbdt =1.23.0 - azureml-contrib-interpret =1.23...

9.1CVSS6.8AI score0.06718EPSS
Exploits1
CNVD
CNVD
added 2018/06/19 12:0 a.m.6 views

JBoss RichFaces Arbitrary Java Code Execution Vulnerability

Red Hat JBoss RichFaces is the United States Red Hat Red Hat, Inc. of an open source JSF JavaServer Faces component library . The library provides built-in JavaScript and Ajax functionality . A security vulnerability exists in Red Hat JBoss RichFaces versions 3.1.0 through 3.3.4. A remote attacke...

9.8CVSS9.5AI score0.21375EPSS
Exploits1References1
CNVD
CNVD
added 2016/04/06 12:0 a.m.3 views

Squid Denial of Service Vulnerability (CNVD-2016-01997)

Squid full name Squid Cache is a suite of proxy server and web caching server software. The software provides features such as caching the World Wide Web, filtering traffic, and proxying the Internet. A denial of service vulnerability exists in Squid versions 3.1.0 through 3.5.15 and 4.0 through...

8.2CVSS8.4AI score0.1462EPSS
Exploits0References1
Rows per page
Query Builder