Lucene search
K

21 matches found

OSV
OSV
added 3 days ago4 views

PYSEC-2026-270 OS Command Injection in Apache Airflow

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Airflow Pig Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Pig Provider...

9.8CVSS7.4AI score0.03944EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/07 12:31 a.m.11 views

EUVD-2026-34977

clash-verge-service-ipc before 2.3.0 has a world-reachable IPC endpoint, leading to local privilege escalation...

8.4CVSS5.4AI score0.00164EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/27 12:0 a.m.27 views

CVE-2026-38934

Cross Site Request Forgery vulnerability in diskoverdata diskover-community v.2.3.5. and before allows a remote attacker to escalate privileges and obtain sensitive information via the public/settingsprocess.php...

0.00264EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/11 12:0 a.m.6 views

PT-2025-46417

Name of the Vulnerable Software and Affected Versions IntelR PresentMon versions prior to 2.3.1 Description The software has default permissions that, in some cases, may allow for an escalation of privilege. An unprivileged software adversary with an authenticated user and a high complexity attac...

6.7CVSS6.3AI score0.00085EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/06/28 12:0 a.m.6 views

PT-2025-44651

Name of the Vulnerable Software and Affected Versions versions prior to 2.3 Description A performance degradation can occur when expanding environment variables using the os.path.expandvars function if the value passed to it is user-controlled. The function os.path.expandvars is susceptible to th...

9.4CVSS6.4AI score0.01525EPSS
Exploits15References201
RedhatCVE
RedhatCVE
added 2025/05/22 8:35 a.m.8 views

CVE-2019-9087

HotelDruid before v2.3.1 has SQL Injection via the /tabtariffe.php numtariffa1 parameter...

9.8CVSS8.2AI score0.0164EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/02/27 3:28 p.m.12 views

CVE-2025-1756 MongoDB Shell may be susceptible to local privilege escalation in Windows

mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored in C:\nodemodules. This issue affects mongosh prior to 2.3.0...

7.5CVSS7.5AI score0.00135EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/13 12:0 a.m.3 views

PT-2025-7185

Name of the Vulnerable Software and Affected Versions: Kunal Shivale Global Meta Keyword & Description versions prior to 2.3 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing...

7.1CVSS8.2AI score0.00135EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/05/17 12:0 a.m.6 views

PT-2024-12725 · Unknown · Averta Phlox Portfolio

Name of the Vulnerable Software and Affected Versions: Averta Phlox Portfolio versions prior to 2.3.1 Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as 'Path Traversal', which allows PHP Local File Inclusion. This means that an...

8.6CVSS9.4AI score0.006EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/03/22 12:0 a.m.5 views

PT-2024-18267 · Oracle · Sqlplus

Name of the Vulnerable Software and Affected Versions: Checkmk versions prior to 2.3.0b4 beta, 2.2.0p24, 2.1.0p41 and 2.0.0 EOL Description: The invocation of the sqlplus command with sensitive information in the command line in the mk oracle Checkmk agent plugin allows the extraction of this...

3.8CVSS7AI score0.00245EPSS
Exploits0References11
OSV
OSV
added 2023/09/04 4:15 p.m.4 views

UBUNTU-CVE-2023-4758

Buffer Over-read in GitHub repository gpac/gpac prior to 2.3-DEV...

5.9CVSS6.2AI score0.00252EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/08/31 12:0 a.m.3 views

GPAC 代码问题漏洞

GPAC is an open source multimedia framework. A code issue vulnerability exists in versions prior to GPAC 2.3-DEV that stems from a NULL pointer dereference in gpac...

5.5CVSS5.6AI score0.00302EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2023/07/18 12:0 a.m.8 views

PT-2025-5323

Name of the Vulnerable Software and Affected Versions visionOS versions prior to 2.3 Safari versions prior to 18.3 iOS versions prior to 18.3 iPadOS versions prior to 18.3 macOS Sequoia versions prior to 15.3 watchOS versions prior to 11.3 tvOS versions prior to 18.3 Description The issue is...

9.8CVSS6.5AI score0.29179EPSS
Exploits11References202
CNNVD
CNNVD
added 2023/06/01 12:0 a.m.3 views

libspdm 安全漏洞

libspdm is a DMTF open source example implementation that follows the DMTF SPDM specification. A security vulnerability exists in libspdm versions prior to 2.3.3 and 3.0, which stems from a vulnerability that allows an unauthenticated requestor to store and use a respondent's CTExponent value...

7.5CVSS7.3AI score0.00713EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/02/16 12:0 a.m.3 views

GPAC 安全漏洞

GPAC is an open source multimedia framework. A security vulnerability exists in versions prior to GPAC 2.3.0-DEV that stems from the presence of a heap-based buffer overflow...

7.8CVSS8AI score0.00453EPSS
Exploits1References5
OSV
OSV
added 2022/05/14 12:54 a.m.3 views

GHSA-737W-MH58-CXJP Arbitrary code execution in Apache Struts

Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the 1 URL or 2 A tag...

9.3CVSS7.5AI score0.71767EPSS
Exploits6References6
OSV
OSV
added 2021/03/30 2:15 a.m.1 views

DEBIAN-CVE-2018-1110

A flaw was found in knot-resolver before version 2.3.0. Malformed DNS messages may cause denial of service...

7.5CVSS7.1AI score0.0111EPSS
Exploits0References1
CNVD
CNVD
added 2019/06/28 12:0 a.m.2 views

Magento Code Execution Vulnerability (CNVD-2019-39393)

Magento is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engines and payment gateways and other functions. A security vulnerability exists in Magento version 2.1 before 2.1.18, version 2.2 before 2.2.9 and version 2.3...

9CVSS7.4AI score0.02421EPSS
Exploits0References1
CNVD
CNVD
added 2019/02/12 12:0 a.m.4 views

Cisco Meeting Server Denial of Service Vulnerability (CNVD-2019-16513)

Cisco Meeting Server formerly known as Acano Conferencing Server, CMS is the United States Cisco Cisco company's set of audio and video conferencing server software. A denial of service vulnerability exists in Session Initiation Protocol SIP call processing in Cisco Meeting Server CMS versions...

7.5CVSS6.8AI score0.0182EPSS
Exploits0References1
CNVD
CNVD
added 2017/06/12 12:0 a.m.3 views

Zend Framework Cross-Site Request Forgery Vulnerability

Zend Framework ZF is the United States Zend company developed a set of open source PHP5 development framework , it is mainly used for the development of Web programs and services. A cross-site request forgery vulnerability exists in Zend/Validator/Csrf in version 2.3.x prior to ZF 2.3.6. A remote...

8.8CVSS7AI score0.00656EPSS
Exploits0References1
Rows per page
Query Builder