Lucene search
K

40 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/14 4:53 p.m.9 views

CVE-2026-41888

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.1, tag deletion via the DELETE /v2//manifests/ endpoint bypasses the storage.delete.enabled: false configuration, allowing any API client to remove tags from repositories even when the operator has...

6.3CVSS5.8AI score0.00294EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.7 views

Unity Linux 20.1060e / 20.1070e Security Update: linuxptp (UTSA-2026-017411)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017411 advisory. A flaw was found in the ptp4l program of the linuxptp package. When ptp4l is operating on a little-endian architecture as a PTP transparent clock, a remote attacker...

7.1CVSS7.1AI score0.01895EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/23 11:38 p.m.3 views

CVE-2026-33250

Freeciv21 is a free open source, turn-based, empire-building strategy game. Versions prior to 3.1.1 crash with a stack overflow when receiving specially-crafted packets. A remote attacker can use this to take down any public server. A malicious server can use this to crash the game on the player'...

7.5CVSS5.9AI score0.00821EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/03 9:19 p.m.6 views

CVE-2026-1778

Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS certificate verification for HTTPS connections made by the service when a Triton Python model is imported, incorrectly allowing for requests with invalid and self-signed certificates to succeed...

8.2CVSS5.4AI score0.00244EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/16 12:0 a.m.4 views

Graphql Modules: Competition Condition Vulnerability

Graphql Modules is a backend framework for GraphQL servers, open-sourced by Hive. Versions of Graphql Modules from 2.2.1 to 2.4.1, as well as versions before 3.1.1, have a race condition vulnerability. This vulnerability stems from context confusion during parallel requests, which may lead to...

8.7CVSS5.8AI score0.00465EPSS
Exploits0References5
CBLMariner
CBLMariner
added 2025/12/05 3:44 a.m.9 views

CVE-2018-19827 affecting package reaper for versions less than 3.1.1-20

CVE-2018-19827 affecting package reaper for versions less than 3.1.1-20. A patched version of the package is available...

8.8CVSS6.9AI score0.02044EPSS
Exploits0
CBLMariner
CBLMariner
added 2025/12/05 3:44 a.m.7 views

CVE-2025-12816 affecting package reaper for versions less than 3.1.1-21

CVE-2025-12816 affecting package reaper for versions less than 3.1.1-21. A patched version of the package is available...

8.6CVSS6.9AI score0.00689EPSS
Exploits1
CNNVD
CNNVD
added 2025/09/24 12:0 a.m.3 views

tar-fs 安全漏洞

tar-fs is a tar-stream filesystem bundle from the individual developer Mathias Buus. A security vulnerability exists in tar-fs versions prior to 3.1.1, 2.1.3, and 1.16.5, which stems from the possibility of bypassing symbolic link validation when the destination directory is predictable...

8.7CVSS7.5AI score0.00516EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/13 12:0 a.m.6 views

PT-2025-33094 · Unknown · Dolibarr Erp/Crm

Name of the Vulnerable Software and Affected Versions: Dolibarr ERP/CRM versions prior to 3.1.1 Dolibarr ERP/CRM versions prior to 3.2.0 Description: Dolibarr ERP/CRM contains a post-authenticated operating system command injection issue in its database backup feature. The export.php script does...

9.4CVSS7.5AI score0.03182EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2025/05/13 9:16 p.m.4 views

CVE-2025-43568

Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.3AI score0.00207EPSS
Exploits0References2
OSV
OSV
added 2025/03/12 1:15 p.m.4 views

CVE-2025-29904

In JetBrains Ktor before 3.1.1 an HTTP Request Smuggling was possible...

5.3CVSS7AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/03/12 12:0 a.m.6 views

PT-2025-11038

Name of the Vulnerable Software and Affected Versions: JetBrains Ktor versions prior to 3.1.1 Description: The issue allows for HTTP Request Smuggling. Recommendations: For versions prior to 3.1.1, update to version 3.1.1 or later to resolve the issue...

5.3CVSS6.7AI score0.00305EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/02/18 12:0 a.m.4 views

Komtera KLog Server 路径遍历漏洞

Komtera KLog Server is a logging solution from Komtera. A path traversal vulnerability exists in Komtera KLog Server versions prior to 3.1.1, which stems from improperly restricting directory pathnames when processing web input to file system calls...

5.7CVSS6.7AI score0.09755EPSS
Exploits0References3
OSV
OSV
added 2025/01/09 8:15 p.m.5 views

CVE-2024-13263

Improper Neutralization of Directives in Statically Saved Code 'Static Code Injection' vulnerability in Drupal Opigno group manager allows PHP Local File Inclusion.This issue affects Opigno group manager: from 0.0.0 before 3.1.1...

5.5CVSS5.8AI score0.0025EPSS
Exploits0References1
OSV
OSV
added 2024/09/23 9:15 p.m.7 views

AZL-49740 CVE-2024-42861 affecting package linuxptp for versions less than 3.1.1-1

An issue in IEEE 802.1AS linuxptp v.4.2 and before allowing a remote attacker to cause a denial of service via a crafted PdelayReq message to the time synchronization function...

7.5CVSS5.8AI score0.01557EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/06/17 12:0 a.m.3 views

Object Resolver Security Vulnerability

Object Resolver is a general-purpose feature by Samuel Akopyan Personal Developer. It is used to handle nested attributes in JavaScript objects of unlimited depth. A security vulnerability exists in Object Resolver versions prior to 3.1.1, which stems from allowing an attacker to cause prototype...

8.3CVSS6.7AI score0.00423EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.9 views

PT-2024-26279 · WordPress · Elementskit Elementor Addons

Name of the Vulnerable Software and Affected Versions: ElementsKit Elementor addons plugin for WordPress versions prior to 3.1.1 Description: The issue allows authenticated attackers with contributor-level access and above to include and execute arbitrary files on the server via the generate...

8.8CVSS7.6AI score0.01063EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/03/29 12:0 a.m.24 views

PT-2024-13409 · Itop +1 · Itop +1

Name of the Vulnerable Software and Affected Versions: iTop versions prior to 3.1.1 iTop versions prior to 3.2.0 Description: The issue allows an XSS attack to be performed when an object is displayed as an n:n relation item in another object, by filling malicious code in an object friendlyname o...

9.8CVSS7AI score0.25573EPSS
Exploits11References68
CNNVD
CNNVD
added 2023/11/17 12:0 a.m.2 views

JSON Web Token Security Vulnerability

JSON Web Token is a compact URL security method for representing a statement to be transmitted between two parties. A security vulnerability exists in JSON Web Token versions prior to 3.1.1 that stems from vulnerability to JWT algorithm obfuscation attacks...

7.5CVSS6.7AI score0.00307EPSS
Exploits1References2
OSV
OSV
added 2023/10/26 3:15 p.m.12 views

AZL-31719 CVE-2023-46234 affecting package reaper for versions less than 3.1.1-9

browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in dsaVerify function allows an attacker to construct signatures that can be successfully verified by any...

7.5CVSS6.5AI score0.00508EPSS
Exploits0References1
Rows per page
Query Builder