Lucene search
K

12 matches found

NVD
NVD
added 2026/03/16 8:16 p.m.9 views

CVE-2026-32263

Craft CMS is a content management system CMS. From version 5.6.0 to before version 5.9.11, in src/controllers/EntryTypesController.php, the $settings array from parsestr is passed directly to Craft::configure without Component::cleanseConfig. This allows injecting Yii2 behavior/event handlers via...

8.6CVSS0.00499EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.3 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003855)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003855 advisory. There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouveausgdma.c in nouveausgdmacreatettm in Nouveau DRM subsystem. The...

7.2CVSS6.8AI score0.00872EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/05/16 12:0 a.m.4 views

lockfile linting 安全漏洞

lockfile linting is a tool by Liran Tal Personal Developer. A security vulnerability exists in lockfile linting versions prior to 5.9.2, which stems from package URL validation being out of order, and could lead to the installation of unintended npm packages...

8.3CVSS6.3AI score0.00352EPSS
Exploits1References6
AlpineLinux
AlpineLinux
added 2025/03/03 9:15 a.m.5 views

CVE-2025-1864

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in radareorg radare2 allows Overflow Buffers.This issue affects radare2: before 5.9.9...

10CVSS7.3AI score0.00445EPSS
Exploits0References1
OSV
OSV
added 2025/02/28 4:15 a.m.6 views

AZL-57639 CVE-2025-1744 affecting package gdal 3.6.3-2

Out-of-bounds Write vulnerability in radareorg radare2 allows heap-based buffer over-read or buffer overflow.This issue affects radare2: before 5.9.9...

10CVSS7.5AI score0.00468EPSS
Exploits0References1
OSV
OSV
added 2023/04/15 12:15 a.m.8 views

AZL-26300 CVE-2023-26463 affecting package strongswan for versions less than 5.9.10-1

strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. There is initially incorrect access control, later followed by an expired pointer dereference. One attack vector is sending an untrust...

9.8CVSS8AI score0.02264EPSS
Exploits0References1
OSV
OSV
added 2022/05/05 5:15 p.m.4 views

CVE-2021-43547

TwinOaks Computing CoreDX DDS versions prior to 5.9.1 are susceptible to exploitation when an attacker sends a specially crafted packet to flood target devices with unwanted traffic. This may result in a denial-of-service condition and information exposure...

8.2CVSS5.8AI score0.0249EPSS
Exploits0References2
OSV
OSV
added 2022/01/31 8:15 a.m.2 views

DEBIAN-CVE-2021-45079

In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2 even without server authentication...

9.1CVSS8.1AI score0.02761EPSS
Exploits0References1
CNNVD
CNNVD
added 2020/11/20 12:0 a.m.5 views

Linux kernel 缓冲区错误漏洞

The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. A slab out-of-bounds read vulnerability exists in fbcon in Linux kernel versions prior to 5.9.7. The vulnerability...

6.1CVSS6.7AI score0.00511EPSS
Exploits1References26
Positive Technologies
Positive Technologies
added 2020/10/06 12:0 a.m.7 views

PT-2020-19597 · Music Player Daemon · Mpd

Name of the Vulnerable Software and Affected Versions: MPD versions prior to 5.9 Description: The issue allows a remote attacker who can send specifically crafted L2TP control packets with AVP Q.931 Cause Code to execute arbitrary code or cause a denial of service due to memory corruption...

9.8CVSS9.7AI score0.02947EPSS
Exploits1References3
CNVD
CNVD
added 2019/12/03 12:0 a.m.2 views

Cloudera CDH Information Disclosure Vulnerability

Cloudera CDH is an open source Hadoop platform from Cloudera. The platform provides scalable storage and distributed computing, as well as a Web-based user interface and other enterprise features. An information disclosure vulnerability exists in the Diagnostic Support Bundles in Cloudera CDH...

7.5CVSS6.2AI score0.01234EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2013/07/09 5:51 p.m.10 views

ActiveMQ: XSS vulnerability in portfolioPublish demo application

Cross-site scripting XSS vulnerability in the Portfolio publisher servlet in the demo web application in Apache ActiveMQ before 5.9.0 allows remote attackers to inject arbitrary web script or HTML via the refresh parameter to demo/portfolioPublish, a different vulnerability than CVE-2012-6092...

4.3CVSS7AI score0.05895EPSS
Exploits1References4
Rows per page
Query Builder