Lucene search
+L

109 matches found

UbuntuCve
UbuntuCve
added 2026/04/22 12:0 a.m.6 views

CVE-2026-22753

Vulnerability in Spring Spring Security. If an application is using securityMatchersString and a PathPatternRequestMatcher.Builder bean to prepend a servlet path, matching requests to that filter chain may fail and its related security components will not be exercised as intended by the...

7.5CVSS5.8AI score0.00248EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/26 8:33 p.m.8 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the actioner process. An attacker can execute arbitrary system commands by sending specially crafted requests to the metadata service endpoint. Remediation There is no fixed version for...

8.8CVSS6.6AI score0.02502EPSS
Exploits2References3
EUVD
EUVD
added 2026/03/10 6:31 p.m.5 views

EUVD-2026-10578

Dependency on vulnerable third-party component in GitHub Repo: zero-shot-scfoundation allows an unauthorized attacker to execute code over a network...

8.8CVSS5.9AI score0.00933EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/10 6:31 p.m.4 views

EUVD-2026-10577

Dependency on vulnerable third-party component in GitHub Repo: zero-shot-scfoundation allows an unauthorized attacker to execute code over a network...

8.8CVSS5.9AI score0.00933EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/03/10 2:0 p.m.10 views

GitHub: Zero Shot SCFoundation Remote Code Execution Vulnerability

Dependency on vulnerable third-party component in GitHub Repo: zero-shot-scfoundation allows an unauthorized attacker to execute code over a network...

8.8CVSS5.9AI score0.00933EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.10 views

PT-2026-24264

Name of the Vulnerable Software and Affected Versions zero-shot-scfoundation affected versions not specified Description A dependency on a vulnerable third-party component within the zero-shot-scfoundation GitHub repository enables an unauthorized attacker to execute code over a network...

10CVSS5.9AI score0.00933EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/02/09 7:14 a.m.6 views

CVE-2026-2130

A vulnerability was determined in BurtTheCoder mcp-maigret up to 1.0.12. This affects an unknown part of the file src/index.ts of the component searchusername. Executing a manipulation of the argument Username can lead to command injection. The attack may be launched remotely. Upgrading to versio...

9.8CVSS5.3AI score0.01741EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/14 1:22 a.m.8 views

CVE-2026-0500

Due to the usage of vulnerable third party component in SAP Wily Introscope Enterprise Manager WorkStation, an unauthenticated attacker could create a malicious JNLP Java Network Launch Protocol file accessible by a public facing URL. When a victim clicks on the URL the accessed Wily Introscope...

9.6CVSS7.1AI score0.00351EPSS
Exploits0References1
NVD
NVD
added 2026/01/12 5:16 a.m.9 views

CVE-2025-69275

Dependency on Vulnerable Third-Party Component vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows DOM-Based XSS.This issue affects DX NetOps Spectrum: 24.3.9 and earlier...

7.1CVSS0.00122EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/12 12:0 a.m.4 views

PT-2026-1950

Name of the Vulnerable Software and Affected Versions Broadcom DX NetOps Spectrum versions 24.3.9 and earlier Description The software has a flaw due to reliance on a vulnerable third-party component, which allows for DOM-Based Cross-Site Scripting XSS. DOM-Based XSS occurs when client-side scrip...

7.1CVSS6.2AI score0.00122EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/09 10:52 a.m.7 views

CVE-2022-42229

Wedding Planner v1.0 is vulnerable to Arbitrary code execution via packageedit.php...

8.8CVSS7.4AI score0.00995EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/01/08 12:0 a.m.4 views

PT-2026-1904

Name of the Vulnerable Software and Affected Versions themesuite Automotive Listings versions n/a through 18.6 Description An issue exists in themesuite Automotive Listings that allows for Blind SQL Injection due to Improper Neutralization of Special Elements used in an SQL Command. This allows a...

9.8CVSS7.9AI score0.00289EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/10/22 12:0 a.m.6 views

PT-2025-43196

Name of the Vulnerable Software and Affected Versions CrocoBlock JetBlog versions through 2.4.4.1 Description A flaw exists in CrocoBlock JetBlog that allows for Stored Cross-site Scripting XSS. This issue arises from improper neutralization of input during web page generation. An attacker could...

6.5CVSS6AI score0.00208EPSS
Exploits0References4
CVE
CVE
added 2025/09/25 12:0 a.m.58 views

CVE-2025-55551

CVE-2025-55551 affects PyTorch (torch.linalg.lu) and is described as an issue in PyTorch v2.8.0 where a slice operation can cause a Denial of Service. The connected IBM bulletin lists the Torch wheel (torch-2.9.1) among vulnerable dependencies, but the provided materials do not include explicit r...

7.5CVSS6.5AI score0.00391EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2025/09/10 1:15 p.m.6 views

CVE-2025-10226

Dependency on Vulnerable Third-Party Component CWE-1395 in the PostgreSQL backend in AxxonSoft Axxon One C-Werk 2.0.8 and earlier on Windows and Linux allows a remote attacker to escalate privileges, execute arbitrary code, or cause denial-of-service via exploitation of multiple known CVEs presen...

9.8CVSS0.00566EPSS
Exploits0References2
CVE
CVE
added 2025/09/10 12:38 p.m.26 views

CVE-2025-10226

CVE-2025-10226 affects AxxonSoft Axxon One (C-Werk) 2.0.8 and earlier due to a dependency on vulnerable PostgreSQL back-end (v10.x). The root cause is reported as dependencies on vulnerable third-party components in PostgreSQL, enabling a remote attacker to escalate privileges, execute arbitrary ...

9.8CVSS7.2AI score0.00566EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/08/09 12:0 a.m.9 views

PT-2025-32448

Medtronic MyCareLink Patient Monitor has an internal serial interface, which allows an attacker with physical access to access a login prompt via a UART terminal.​...

6.8CVSS5.8AI score0.00157EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/08/09 12:0 a.m.2 views

PT-2025-32449 · Undefined · Undefined

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Inc. Equipment: FX80 and FX90 Vulnerability: Dependency on Vulnerable Third-Party Component 2. RISK EVALUATION... CVE-2025-43867 Source:...

6.7AI score
Exploits0References1
NVD
NVD
added 2025/07/11 6:15 p.m.18 views

CVE-2025-7452

A vulnerability was found in kone-net go-chat up to f9e58d0afa9bbdb31faf25e7739da330692c4c63. It has been declared as critical. This vulnerability affects the function GetFile of the file go-chat/api/v1/filecontroller.go of the component Endpoint. The manipulation of the argument fileName leads t...

6.5CVSS0.00333EPSS
Exploits0References5
AlmaLinux
AlmaLinux
added 2025/07/09 12:0 a.m.10 views

Moderate: go-toolset:rhel8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: net/http: Sensitive headers not cleared on cross-origin redirect in net/http CVE-2025-4673 For more details about the security issues, including the impact, a CVSS score,...

6.8CVSS7.2AI score0.0058EPSS
Exploits0References4
Rows per page
Query Builder