Lucene search
K

11 matches found

Github Security Blog
Github Security Blog
added 2026/03/23 8:36 p.m.6 views

Connect CMS has SSRF in the External Page Migration Feature of its Page Management Plugin

Security Advisory — Page Management Plugin SSRF Summary A Server-Side Request Forgery SSRF issue exists in the external page migration feature of the Page Management Plugin. Affected Versions - 1.x series: = 1.41.0 - 2.x series: = 2.41.0 Patched Versions - 1.41.1 - 2.41.1 Description In the...

6.8CVSS5.8AI score0.00347EPSS
Exploits0References7Affected Software1
vulnersOsv
vulnersOsv
added 2026/02/04 6:3 p.m.6 views

@0xlimao/n8n-nodes-ethereum (>=1.0.0 <=1.0.1), @a700/n8n-nodes-agent700 (>=1.0.5 <=1.0.7) +811 more potentially affected by CVE-2025-68613 +1 more via n8n-workflow (>=2.0.0-rc.0 <=2.3.0)

n8n-workflow NPM version =2.0.0-rc.0, =1.0.0, =1.0.5, =0.0.1, =1.0.0, =0.0.1, =0.0.1, =1.0.0, =0.2.2, =0.3.6, =0.1.0, =1.0.0, =1.3.1 and more Source cves: CVE-2025-68613, CVE-2026-25049 Source advisory: SNYK:JS-N8NWORKFLOW-15219713...

9.9CVSS7.5AI score0.97875EPSS
Exploits29
NVD
NVD
added 2025/12/12 7:16 p.m.7 views

CVE-2025-8082

Improper neutralization of the title date in the 'VDatePicker' component in Vuetify, allows unsanitized HTML to be inserted into the page. This can lead to a Cross-Site Scripting XSS https://owasp.org/www-community/attacks/xss attack. The vulnerability occurs because the 'title-date-format'...

6.3CVSS0.00163EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/01/12 12:0 a.m.3 views

PT-2024-1137

Name of the Vulnerable Software and Affected Versions Relax-and-Recover aka ReaR versions 2.7 and earlier Description The issue is related to information disclosure. It allows local attackers to gain access to system secrets that are otherwise only readable by root. This occurs when using GRUB...

6.8CVSS6.3AI score0.00291EPSS
Exploits1References93
Positive Technologies
Positive Technologies
added 2022/11/23 12:0 a.m.8 views

PT-2022-26153 · Grails · Grails Spring Security Core Plugin

Name of the Vulnerable Software and Affected Versions: Grails Spring Security Core plugin versions 1.x Grails Spring Security Core plugin versions 2.x Grails Spring Security Core plugin versions 3.0.0 through 3.3.1 Grails Spring Security Core plugin versions 4.0.0 through 4.0.4 Grails Spring...

9.8CVSS9.5AI score0.01693EPSS
Exploits0References9
vulnersOsv
vulnersOsv
added 2022/05/14 12:54 a.m.4 views

com.jgeppert.struts2.bootstrap:struts2-bootstrap-plugin (>=2.0.2 <=2.0.4), com.jgeppert.struts2.bootstrap:struts2-bootstrap-showcase (>=2.0.2 <=2.0.4) +42 more potentially affected by CVE-2016-3087 via org.apache.struts:struts2-core (>=2.3.24 <=2.3.24.1)

org.apache.struts:struts2-core MAVEN version =2.3.24, =2.0.2, =2.0.2, =2.3.24, =2.3.24, =2.3.24, =2.3.24, =2.3.24, =2.3.24, =2.3.24, =2.3.24, =2.3.24, =2.3.24, =2.3.24, =2.3.24, =2.3.24, =2.3.24.1 and more Source cves: CVE-2016-3087 Source advisory: OSV:GHSA-MMJ6-CJJ4-HPR5...

9.8CVSS7.2AI score0.81087EPSS
Exploits4
OSV
OSV
added 2021/06/04 3:15 p.m.4 views

DEBIAN-CVE-2021-33054

SOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does not validate the signatures of any SAML assertions it receives. Any actor with network access to the deployment could impersonate users when SAML is the authentication method. Only versions after 2.0.5a are affected...

7.5CVSS7.3AI score0.00987EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2021/05/14 8:15 p.m.5 views

accuinsight (>=1.0.47 <=1.0.61), alphad3m (>=0.10.0 <=0.10.0.dev1) +88 more potentially affected by CVE-2021-29525 via tensorflow (>=2.2.0 <=2.2.2)

tensorflow PYPI version =2.2.0, =1.0.47, =0.10.0, =0.5.0, =0.2.0, =0.0.6, =1.2.0, =1.0.0, =0.0.15, =0.0.16 and more Source cves: CVE-2021-29525 Source advisory: OSV:PYSEC-2021-162...

7.8CVSS7AI score0.00201EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2020/01/31 12:0 a.m.10 views

PT-2020-5475 · Fasterxml +6 · Jackson-Databind +6

Name of the Vulnerable Software and Affected Versions: FasterXML jackson-databind versions 2.x before 2.9.10.4 Description: The issue is related to the interaction between serialization gadgets and typing, specifically with the org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory...

10CVSS7.2AI score0.45205EPSS
Exploits31References360
vulnersOsv
vulnersOsv
added 2018/10/19 4:46 p.m.6 views

be.fluid-it.tools.swagger:swagger-ng-module-codegen (>=0.1-1 <=0.1-5), ch.docksnet.codegen:decoupledspringmvc-swagger-codegen (=0.0.2) +15 more potentially affected by CVE-2017-1000207 +1 more via io.swagger:swagger-codegen (>=2.1.1 <=2.2.1)

io.swagger:swagger-codegen MAVEN version =2.1.1, =0.1-1, =1.1, =2.1.3, =2.1.1, =1.0, =1.6.0, =0.4.2, =0.4.2, =0.4.2, =0.5.0-beta-1 and more Source cves: CVE-2017-1000207, CVE-2017-1000208 Source advisory: OSV:GHSA-VGVF-9JH3-FG75...

8.8CVSS7.2AI score0.01705EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2010/02/02 12:0 a.m.3 views

PT-2010-1023 · Debian · Lintian

Name of the Vulnerable Software and Affected Versions: Lintian versions 1.23.x through 1.23.28 Lintian versions 1.24.x through 1.24.2.1 Lintian versions 2.x before 2.3.2 Description: Multiple directory traversal vulnerabilities allow remote attackers to overwrite arbitrary files or obtain sensiti...

9.8CVSS9.6AI score0.05683EPSS
Exploits1References18
Rows per page
Query Builder