Lucene search
K

19 matches found

EUVD
EUVD
added 2026/06/15 9:30 p.m.10 views

EUVD-2026-36913

Unauthenticated PHP Object Injection in Broadcast Live Video 7.1.3 versions...

9.8CVSS5.3AI score0.00386EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in LibreOffice

In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so that it does not match the denylist, resulting in ShellExecute attempting to launch an executable file...

9.3CVSS7.3AI score0.0417EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2026/04/15 11:26 p.m.6 views

SUSE CVE-2026-33902

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a stack overflow vulnerability in ImageMagick's FX expression parser allows an attacker to crash the process by providing a deeply nested expression. This...

5.5CVSS5.8AI score0.00144EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/09 7:23 p.m.5 views

CVE-2026-39325

ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /SettingsUser.php in ChurchCRM 7.0.5. Authenticated administrative users can inject arbitrary SQL statements through the type array parameter via the index and thus extra...

7.2CVSS6AI score0.00254EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/08 6:18 p.m.3 views

EUVD-2026-20566

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the REST endpoint POST /api/v1/aiassistance/texttools/:id was not checking if a user is privileged to use the text tool, resulting in being able to use it in all situations. This vulnerability is fixed i...

5.3CVSS5.9AI score0.00169EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/07 6:4 p.m.2 views

CVE-2026-39344 Reflected XSS the login page through the 'username' parameter

ChurchCRM is an open-source church management system. Prior to 7.1.0, there is a Reflected Cross-Site Scripting XSS vulnerability on the login page, which is caused by the lack of sanitization or encoding of the username parameter received from the URL. The username parameter value is directly...

8.1CVSS7.2AI score0.00256EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.7 views

ChurchCRM SQL注入漏洞

ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.1.0 had a SQL injection vulnerability. This vulnerability stems from the SQL injection in the QueryView.php file, where the searchwhat parameter is vulnerable to attacks due to SQL injection...

9.4CVSS5.9AI score0.00309EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/24 9:30 a.m.5 views

EUVD-2026-14774

Missing Release of Memory after Effective Lifetime vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11...

7.5CVSS5.8AI score0.00257EPSS
Exploits0References2
CVE
CVE
added 2026/02/24 1:44 a.m.24 views

CVE-2026-25986

CVE-2026-25986 affects ImageMagick versions prior to 7.1.2-15 and 6.9.13-40. Root cause: a heap buffer overflow in ReadYUVImage() (coders/yuv.c) occurs when processing malicious YUV 4:2:2 (NoInterlace) images, where the pixel-pair loop writes beyond the allocated row buffer. Impact (as stated): a...

9.8CVSS5.7AI score0.00461EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/10/04 12:0 a.m.7 views

Veritas Data Insight 安全漏洞

Veritas Data Insight is a Veritas solution that classifies, contextualizes, and controls unstructured data. A security vulnerability exists in Veritas Data Insight versions prior to 7.1, which stems from vulnerability to cross-site scripting attacks that allow remote attackers to inject arbitrary...

6.1CVSS6.1AI score0.00696EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2023/11/14 4:15 p.m.6 views

CVE-2023-47262

The startup process and device configurations of the Abbott ID NOW device, before v7.1, can be interrupted and/or modified via physical access to an internal serial port. Direct physical access is required to exploit...

5.2CVSS6AI score0.00293EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:31 a.m.4 views

SUSE CVE-2014-1290

WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted web site, a different vulnerability than CVE-2014-1289, CVE-2014-1291, CVE-2014-1292, CVE-2014-1293...

6.8CVSS9.3AI score0.02133EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/11/18 12:0 a.m.4 views

ZOHO ManageEngine ADManager Plus 安全漏洞

ZOHO ManageEngine ADManager Plus is a suite of Microsoft Active Directory management software from ZOHO designed for enterprise users using Windows domains. The software assists AD administrators and helpdesk technicians with day-to-day administrative tasks, such as batch management of user...

7.2CVSS6.8AI score0.0767EPSS
Exploits0References2
OSV
OSV
added 2021/05/18 8:15 p.m.6 views

DEBIAN-CVE-2021-31317

Telegram Android 7.1.0 2090, Telegram iOS 7.1, and Telegram macOS 7.1 are affected by a Type Confusion in the VDasher constructor of their custom fork of the rlottie library. A remote attacker might be able to access Telegram's heap memory out-of-bounds on a victim device via a malicious animated...

5.5CVSS5.7AI score0.01288EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2019/05/13 5:6 p.m.5 views

wildfly-core: Cross-site scripting (XSS) in JBoss Management Console

A cross-site scripting XSS vulnerability was found in the JBoss Management Console versions before 7.1.6.CR1, 7.1.6.GA. Users with roles that can create objects in the application can exploit this to attack other privileged users...

5.4CVSS5.6AI score0.00965EPSS
Exploits0References4
OSV
OSV
added 2017/08/02 7:29 p.m.3 views

DEBIAN-CVE-2017-7890

The GIF decoding function gdImageCreateFromGifCtx in gdgifin.c in the GD Graphics Library aka libgd, as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read 700 bytes from the top of the...

6.5CVSS6.7AI score0.03418EPSS
Exploits0References1
CNVD
CNVD
added 2016/08/25 12:0 a.m.4 views

VMware vRealize Automation Remote Command Execution Vulnerability

VMware vRealize Automation is a suite of cloud automation software from VMware. The software supports automated delivery of personalized infrastructure, deployment across multi-vendor, hybrid cloud infrastructures, simplified application release automation and continuous delivery. A remote code...

9.8CVSS8.4AI score0.02949EPSS
Exploits0References1
OSV
OSV
added 2016/01/14 5:0 p.m.4 views

UBUNTU-CVE-2016-0777

The resendbytes function in roamingcommon.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key...

6.5CVSS7.1AI score0.63468EPSS
Exploits2References6
OSV
OSV
added 2012/10/31 10:50 a.m.3 views

DEBIAN-CVE-2012-4547

Unspecified vulnerability in awredir.pl in AWStats before 7.1 has unknown impact and attack vectors...

4.3CVSS7AI score0.05796EPSS
Exploits1References1
Rows per page
Query Builder