Lucene search
+L

424 matches found

osv
osv
added 2025/08/18 8:13 a.m.7 views

BIT-SUPERSET-2025-55674 Apache Superset: Improper SQL authorisation, parse not checking for specific engine functions

A bypass of the DISALLOWEDSQLFUNCTIONS security feature in Apache Superset allows for the execution of blocked SQL functions. An attacker can use a special inline block to circumvent the denylist. This allows a user with SQL Lab access to execute functions that were intended to be disabled, leadi...

6.5CVSS7.7AI score0.00674EPSS
Exploits0References3
nessus
nessus
added 2025/08/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2022-1452

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out-of-bounds Read in rbinjavabootstrapmethodsattrnew function in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past...

7.1CVSS7.1AI score0.00793EPSS
Exploits1References2
nessus
nessus
added 2025/08/15 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2019-20810

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - go7007sndinit in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel before 5.6 does not call sndcardfree for a failure path, which causes a memory leak,...

5.5CVSS6.7AI score0.00459EPSS
Exploits0References2
nessus
nessus
added 2025/08/12 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2022-0433

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A NULL pointer dereference flaw was found in the Linux kernel's BPF subsystem in the way a user triggers the mapgetnextkey function of the BPF bloom filter. Thi...

5.5CVSS6.4AI score0.00287EPSS
Exploits0References2
cnnvd
cnnvd
added 2025/08/10 12:0 a.m.14 views

EMQX 代码问题漏洞

EMQX is an MQTT messaging server from EMQX Corporation. A code issue vulnerability exists in EMQX versions prior to 5.8.6 that stems from the Dashboard interface allowing the installation of arbitrary plugins, which could lead to a security risk...

3CVSS6.9AI score0.00276EPSS
Exploits0References4
osv
osv
added 2025/07/25 5:15 p.m.4 views

CVE-2025-36728

Cross-Site Request Forgery CSRF vulnerability in Simplehelp.This issue affects Simplehelp: before 5.5.11...

8.8CVSS7.5AI score
Exploits0References1
osv
osv
added 2025/06/26 9:15 p.m.7 views

UBUNTU-CVE-2014-0468

Vulnerability in fusionforge in the shipped Apache configuration, where the web server may execute scripts that the users would have uploaded in their raw SCM repositories SVN, Git, Bzr.... This issue affects fusionforge: before 5.3+20140506...

9.8CVSS5.8AI score0.00464EPSS
Exploits0References3
cnnvd
cnnvd
added 2025/06/16 12:0 a.m.6 views

Weblate 安全漏洞

Weblate is a Copyleft open source web-based free software continuous localization system. A security vulnerability exists in Weblate versions prior to 5.12 that stems from an audit log notification containing full IP addresses, which could lead to information disclosure...

5.3CVSS6.1AI score0.00268EPSS
Exploits0References5
cnnvd
cnnvd
added 2025/06/16 12:0 a.m.4 views

Weblate 安全漏洞

Weblate is a Copyleft open source web-based free software continuous localization system. A security vulnerability exists in Weblate versions prior to 5.12, which stems from a failure to rate-limit second-factor authentication and could lead to OTP guessing...

4.9CVSS6.5AI score0.00222EPSS
Exploits0References6
vulnrichment
vulnrichment
added 2025/05/29 8:59 a.m.10 views

CVE-2025-4687 Account pre-hijacking through invite misuse

In Teltonika Networks Remote Management System RMS, it is possible to perform account pre-hijacking by misusing the invite functionality. If a victim has a pending invite and registers to the platform directly, they are added to the attackers company without their knowledge. The victims account a...

7.2CVSS7.2AI score0.00387EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/05/23 12:0 a.m.5 views

MegaBIP SQL注入漏洞

MegaBIP is a software for creating BIP websites from MegaBIP Inc. A SQL injection vulnerability exists in versions prior to MegaBIP 5.20 that stems from uncleaned user input and could lead to a SQL injection attack...

8.6CVSS7.4AI score0.0033EPSS
Exploits0References3
cnnvd
cnnvd
added 2025/05/23 12:0 a.m.7 views

StrangeBee TheHive 代码问题漏洞

StrangeBee TheHive is an application from StrangeBee, Inc. A code issue vulnerability exists in StrangeBee TheHive versions prior to 5.5.1 that stems from server-side request forgery and could lead to access to internal resources...

4.6CVSS6.9AI score0.00355EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 6:23 p.m.8 views

CVE-2021-24364

The Jannah WordPress theme before 5.4.4 did not properly sanitize the options JSON parameter in its tiegetuserweather AJAX action before outputting it back in the page, leading to a Reflected Cross-Site Scripting XSS vulnerability...

6.1CVSS5.9AI score0.01975EPSS
Exploits2References1
redhatcve
redhatcve
added 2025/05/22 8:24 a.m.8 views

CVE-2019-19016

An issue was discovered in TitanHQ WebTitan before 5.18. Some functions, such as /history-x.php, of the administration interface are vulnerable to SQL Injection through the results parameter. This could be used by an attacker to extract sensitive information from the appliance database...

7.5CVSS7.5AI score0.01197EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/21 8:23 p.m.6 views

CVE-2025-39366

Incorrect Privilege Assignment vulnerability in Rocket Apps wProject.This issue affects wProject: from n/a before 5.8.0...

8.8CVSS8.5AI score0.00294EPSS
Exploits0References1
cve
cve
added 2025/05/19 7:50 p.m.45 views

CVE-2025-39350

CVE-2025-39350 : WordPress wProject theme prior to 5.8.0 suffers an unauthenticated post/comment/attachment modification/deletion vulnerability. Exploitation requires no authentication, enabling an attacker to modify or delete content on vulnerable sites running wProject

8.2CVSS8.5AI score0.0027EPSS
Exploits0References1
cvelist
cvelist
added 2025/05/19 7:40 p.m.15 views

CVE-2025-39365 WordPress wProject theme < 5.8.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rocket Apps wProject allows Reflected XSS.This issue affects wProject: from n/a before 5.8.0...

7.1CVSS0.00191EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/05/16 12:0 a.m.5 views

lockfile linting 安全漏洞

lockfile linting is a tool by Liran Tal Personal Developer. A security vulnerability exists in lockfile linting versions prior to 5.9.2, which stems from package URL validation being out of order, and could lead to the installation of unintended npm packages...

8.3CVSS6.3AI score0.00352EPSS
Exploits1References6
cnnvd
cnnvd
added 2025/05/14 12:0 a.m.6 views

Drupal Enterprise MFA - TFA for Drupal 安全漏洞

Drupal Enterprise MFA - TFA for Drupal is a module plugin in the Drupal content management system for the Drupal community. A security vulnerability exists in Drupal Enterprise MFA - TFA for Drupal versions prior to 5.2.0, which stems from the use of an alternate path or channel to bypass...

7.5CVSS6.7AI score0.00356EPSS
Exploits0References2
nvd
nvd
added 2025/05/02 12:15 p.m.16 views

CVE-2025-2421

Improper Control of Generation of Code 'Code Injection' vulnerability in Profelis Informatics SambaBox allows Code Injection. This issue affects SambaBox: before 5.1...

9.8CVSS0.00504EPSS
Exploits0References3
Rows per page
Query Builder