Lucene search
K

313 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2022-4245

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtilwriteComment fails to sanitize comments for a -- sequence. This issue means...

4.3CVSS6AI score0.00694EPSS
Exploits0References2
Schneier on Security
Schneier on Security
added 2025/08/01 9:1 p.m.5 views

Friday Squid Blogging: A Case of Squid Fossil Misidentification

What scientists thought were squid fossils were actually arrow worms...

7.4AI score
Exploits0
SUSE CVE
SUSE CVE
added 2025/07/04 2:37 p.m.4 views

SUSE CVE-2025-49011

SpiceDB is an open source database for storing and querying fine-grained authorization data. Prior to version 1.44.2, on schemas involving arrows with caveats on the arrow'ed relation, when the path to resolve a CheckPermission request involves the evaluation of multiple caveated branches, reques...

5.3CVSS6.6AI score0.00266EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/06/06 12:0 a.m.5 views

SpiceDB 安全特征问题漏洞

SpiceDB is a fine-grained permissions database from the Authzed team. A security feature issue vulnerability exists in SpiceDB versions prior to 1.44.2, which stems from a schema evaluation issue involving arrow relationships that could result in an incorrect response...

5.3CVSS6.3AI score0.00266EPSS
Exploits0References1
OSV
OSV
added 2025/05/30 8:9 p.m.1 views

GHSA-WV8J-M3HX-924J Arrow2 allows out of bounds access in public safe API

Rows::rowunchecked allows out of bounds access to the underlying buffer without sufficient checks. The arrow2 crate is no longer maintained, so there are no plans to fix this issue. Users are advised to migrate to the arrow crate, instead...

8.7CVSS6AI score
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/05/28 2:57 p.m.7 views

aggregation-agent (>=0.1.2 <=0.1.11), airflow-add-ons (>=0.2.7 <=0.2.15) +125 more potentially affected by CVE-2025-5279 via redshift-connector (>=2.0.888 <=2.1.2)

redshift-connector PYPI version =2.0.888, =0.1.2, =0.2.7, =0.0.1, =0.2.0, =0.1.0, =0.1.0, =0.1.0, =0.0.3, =0.1.0, =3.1.0rc1, =1.0.0, =1.0.4 - arrowjet =0.1.0 and more Source cves: CVE-2025-5279 Source advisory: OSV:GHSA-R244-WG5G-6W2R...

7CVSS5.7AI score0.00251EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 10:44 a.m.10 views

CVE-2024-52338

Deserialization of untrusted data in IPC and Parquet readers in the Apache Arrow R package versions 4.0.0 through 16.1.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example, user-supplied input files. This...

9.8CVSS7.5AI score0.02322EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:38 a.m.6 views

CVE-2023-44264

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Arrow Plugins The Awesome Feed – Custom Feed plugin = 2.2.5 versions...

6.5CVSS5.6AI score0.00328EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:24 a.m.4 views

CVE-2023-45003

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Arrow Plugins Social Feed | Custom Feed for Social Media Networks plugin = 2.2.0 versions...

7.1CVSS5.9AI score0.00331EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:9 a.m.7 views

CVE-2023-46077

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Arrow Plugins The Awesome Feed – Custom Feed plugin = 2.2.5 versions...

7.1CVSS5.9AI score0.00331EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:33 a.m.6 views

CVE-2019-12410

While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. This affected the C++, Python, Ruby and R implementations. The uninitialized memory...

7.5CVSS6.7AI score0.04711EPSS
Exploits0References1
RustSec
RustSec
added 2025/04/24 12:0 p.m.12 views

Out of bounds access in public safe API

Rows::rowunchecked allows out of bounds access to the underlying buffer without sufficient checks. The arrow2 crate is no longer maintained, so there are no plans to fix this issue. Users are advised to migrate to the arrow crate, instead...

7.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/04/03 4:28 p.m.19 views

CVE-2025-31897

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Arrow Plugins Arrow Custom Feed for Twitter arrow-twitter-feed allows Stored XSS.This issue affects Arrow Custom Feed for Twitter: from n/a through = 1.5.3...

6.5CVSS7.2AI score0.00204EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/04/01 4:22 p.m.4 views

WordPress Arrow Custom Feed for Twitter plugin <= 1.5.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Arrow Custom Feed for Twitter versions = 1.5.3...

6.5CVSS7AI score0.00204EPSS
Exploits0Affected Software1
NVD
NVD
added 2025/04/01 3:16 p.m.32 views

CVE-2025-31897

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Arrow Plugins Arrow Custom Feed for Twitter arrow-twitter-feed allows Stored XSS.This issue affects Arrow Custom Feed for Twitter: from n/a through = 1.5.3...

6.5CVSS0.00204EPSS
Exploits0References1
CVE
CVE
added 2025/04/01 2:52 p.m.61 views

CVE-2025-31897

CVE-2025-31897 affects the Arrow Custom Feed for Twitter WordPress plugin. The vulnerability is a Stored XSS due to improper neutralization of input during web page generation, with affected versions from n/a up to 1.5.3. The Wordfence detail shows this variant as Arrow Custom Feed for Twitter

6.5CVSS7.2AI score0.00204EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/01 2:52 p.m.35 views

CVE-2025-31897 WordPress Arrow Custom Feed for Twitter plugin <= 1.5.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Arrow Plugins Arrow Custom Feed for Twitter arrow-twitter-feed allows Stored XSS.This issue affects Arrow Custom Feed for Twitter: from n/a through = 1.5.3...

6.5CVSS0.00204EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/01 2:52 p.m.8 views

CVE-2025-31897 WordPress Arrow Custom Feed for Twitter plugin <= 1.5.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Arrow Plugins Arrow Custom Feed for Twitter allows Stored XSS. This issue affects Arrow Custom Feed for Twitter: from n/a through 1.5.3...

6.5CVSS7AI score0.00204EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/01 12:0 a.m.5 views

WordPress plugin Arrow Custom Feed for Twitter 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.5CVSS6.6AI score0.00204EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/03/28 5:42 p.m.5 views

CVE-2025-28858

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Arrow Plugins Arrow Maps ap-google-maps allows Reflected XSS.This issue affects Arrow Maps: from n/a through = 1.0.9...

7.1CVSS7.2AI score0.00363EPSS
Exploits0References1
Rows per page
Query Builder