Lucene search
K

18 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-16784

Malware in sbrugna...

6.5CVSS7.6AI score0.09956EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-30886

Malicious code in bioql PyPI...

6.5CVSS5.7AI score0.0067EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-6434

Malicious code in bioql PyPI...

8.3CVSS8.2AI score0.00974EPSS
Exploits1References7
Cvelist
Cvelist
added 2025/09/29 10:38 p.m.7 views

CVE-2025-59941 go-f3 is Vulnerable to Cached Justification Verification Bypass

go-f3 is a Golang implementation of Fast Finality for Filecoin F3. In versions 0.8.8 and below, go-f3's justification verification caching mechanism has a vulnerability where verification results are cached without properly considering the context of the message. An attacker can bypass...

5.9CVSS0.00223EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/08 6:49 a.m.9 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-context-5.3.24.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-context-5.3.24.jar Vulnerability Details CVEID:CVE-2024-38820 DESCRIPTION: The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale...

5.3CVSS6.5AI score0.05666EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/24 4:52 p.m.13 views

Security Bulletin: IBM Sterling Connect:Direct Web Services vulnerable to spring-context-6.2.3.jar (CVE-2025-22233)

Summary IBM Sterling Connect:Direct Web Services uses spring-context-6.2.3.jar, which has vulnerability CVE-2025-22233. This has been addressed in fixpacks that are available on Fix Central. Vulnerability Details CVEID:CVE-2025-22233 DESCRIPTION: CVE-2024-38820 ensured Locale-independent, lowerca...

5.3CVSS7.8AI score0.00631EPSS
Exploits1Affected Software1
vulnersOsv
vulnersOsv
added 2025/05/16 9:32 p.m.13 views

ai.ancf.lmos-router:lmos-router-hybrid-spring-boot-starter (=0.28.0), ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (=0.28.0) +11703 more potentially affected by CVE-2025-22233 via org.springframework:spring-context (>=6.1.0 <=6.1.2)

org.springframework:spring-context MAVEN version =6.1.0, =0.1.1, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.1.0, =0.1.0, =0.12.1 - ai.djl.spring:djl-spring-boot-starter-autoconfigure =0.26 - ai.djl.spring:djl-spring-boot-starter-mxnet-auto =0.26 - ai.djl.spring:djl-spring-boot-starter-mxnet-linux-x8664...

3.1CVSS6.6AI score0.00351EPSS
Exploits0
Patchstack
Patchstack
added 2024/11/20 9:58 p.m.5 views

WordPress Activity Log – Monitor & Record User Changes plugin <= 2.11.1 - Unauthenticated Stored Cross-Site Scripting via Event Context vulnerability

Unauthenticated Stored Cross-Site Scripting via Event Context vulnerability discovered by mikemyers in WordPress Plugin Activity Log versions = 2.11.1...

7.2CVSS5.8AI score0.00767EPSS
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/06/07 12:0 a.m.7 views

The vulnerability of the executable file cmxddns in the microprogramming software of TP-Link Omada er605 allows a hacker to execute arbitrary code in the root context.

The vulnerability of the executable file cmxddnsd of the TP-Link Omada er605 microcontroller software is related to the use of weak security mechanisms. Exploiting this vulnerability allows a remote attacker to execute arbitrary code in the root context...

5CVSS6.6AI score0.00344EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2023/07/12 3:52 p.m.11 views

CVE-2023-37951

Jenkins mabl Plugin 0.0.46 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to...

6.7AI score0.00555EPSS
Exploits0References2
Veracode
Veracode
added 2022/03/25 6:18 a.m.31 views

Open Redirect

github.com/go-gitea/gitea is vulnerable to open redirect. The vulnerability exists in RedirectToFirst function in context.go due to the presence of backslashes in the Locations which allows an attacker to parse malicious URLs to redirect the user...

6.1CVSS4.2AI score0.53177EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2021/04/28 2:46 p.m.17 views

CVE-2020-21993

In WEMS Limited Enterprise Manager 2.58, input passed to the GET parameter 'email' is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML code in a user's browser session in context of an affected site...

6.5AI score0.00808EPSS
Exploits2References2
Prion
Prion
added 2020/07/28 5:15 p.m.15 views

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxcrons.php. When parsing the user parameter, the process does not...

10CVSS9.6AI score0.08411EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/07/15 2:50 p.m.22 views

CVE-2020-7292 Web Gateway (MWG) - Inappropriate Encoding for output context

Inappropriate Encoding for output context vulnerability in McAfee Web Gateway MWG prior to 9.2.1 allows a remote attacker to cause MWG to return an ambiguous redirect response via getting a user to click on a malicious URL...

4.3CVSS4.6AI score0.0086EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2015/11/27 12:0 a.m.19 views

Visual Paradigm Server 10.0 Cross Site Scripting

================================================================ Visual Paradigm Server v10.0 - Cross Site Scripting XSS ================================================================ Information -------------------- Name: Visual Paradigm Server v10.0 - Cross Site Scripting XSS Affected Softwar...

0.1AI score
Exploits0
NVD
NVD
added 2014/09/19 10:55 a.m.20 views

CVE-2014-4398

An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394,...

6.9CVSS6.7AI score0.00492EPSS
Exploits0References5
exploitpack
exploitpack
added 2013/09/23 12:0 a.m.27 views

SilverStripe CMS - Multiple HTML Injection Vulnerabilities

SilverStripe CMS - Multiple HTML Injection Vulnerabilities source: https://www.securityfocus.com/bid/62782/info SilverStripe is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input. Attacker-supplied HTML or JavaScript code could run in th...

0.7AI score
Exploits0
CVE
CVE
added 2004/12/01 5:0 a.m.67 views

CVE-2004-1080

Summary: CVE-2004-1080 describes a remote memory overwrite in the Windows WINS service (wins.exe) via a crafted WINS replication packet sent to TCP port 42, which could allow arbitrary code execution. Affected products: Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003...

10CVSS7.3AI score0.81699EPSS
Exploits8References18Affected Software3
Rows per page
Query Builder