Lucene search
K

8 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/04/02 3:42 p.m.8 views

Security Bulletin: IBM Langflow Desktop Symlink Validation Bypass

Summary tar-fs is used by IBM Langflow Desktop as part of its archive extraction and file handling functionality through Node.js dependencies. A vulnerability in tar-fs affects how symbolic links are validated during extraction, allowing a crafted tarball to bypass symlink protections when the...

8.7CVSS6.6AI score0.00516EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2026/03/19 12:0 a.m.11 views

Huawei EulerOS: Security Advisory for libpng (EulerOS-SA-2026-1638)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.1CVSS5.8AI score0.00352EPSS
Exploits5References2
CVE
CVE
added 2025/12/31 9:0 a.m.11 views

CVE-2025-62136

CVE-2025-62136 refers to a stored XSS in the WordPress Melos theme. The Melos

6.5CVSS5.9AI score0.00133EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/31 8:59 a.m.5 views

WordPress Melos theme <= 1.6.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Theme Melos versions = 1.6.0...

6.5CVSS6.1AI score0.00133EPSS
Exploits0Affected Software1
OSV
OSV
added 2025/11/24 11:45 p.m.7 views

CVE-2025-64720 LIBPNG is vulnerable to a buffer overflow in `png_image_read_composite` via incorrect palette premultiplication

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in pngimagereadcomposite when processing palette images with PNGFLAGOPTIMIZEALP...

7.1CVSS6.9AI score0.00352EPSS
Exploits4References6
Patchstack
Patchstack
added 2025/09/22 7:40 p.m.6 views

WordPress SEO Backlink Monitor plugin <= 1.8.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin SEO Backlink Monitor versions = 1.8.0...

4.3CVSS6.8AI score0.00163EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 5:58 a.m.3 views

CVE-2023-31453

Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can delete others' subscriptions, even if they are not the owner of the deleted subscription. Users are advised ...

7.5CVSS6.9AI score0.01182EPSS
Exploits0References1
Elastic
Elastic
added 2015/07/16 5:31 p.m.7 views

Elasticsearch directory traversal vulnerability CVE-2015-5531

Summary Elasticsearch versions from 1.0.0 to 1.6.0 are vulnerable to a directory traversal attack that allows an attacker to retrieve files that are readable by the Elasticsearch JVM process. We have been assigned CVE-2015-5531 for this issue. Fixed versions Versions 1.6.1 and 1.7.0 address the...

5CVSS7AI score0.9175EPSS
Exploits7
Rows per page
Query Builder