Lucene search
K

7 matches found

CNNVD
CNNVD
added 2026/06/10 12:0 a.m.12 views

Roxy-WI 安全漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Roxy-WI versions 8.2.6.4 and earlier contain security vulnerabilities. These vulnerabilities stem from the PUT /smon/check endpoint, which only verifies that the caller belongs to a certain group...

9.1CVSS5.3AI score0.00196EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.12 views

Plane 安全漏洞

Plane is an open-source, self-hosted project planning tool developed by Plane OpenSource. Versions of Plane prior to 1.3.1 contained a security vulnerability. This vulnerability stemmed from an oversight in asset authorization across workpaces, allowing any authenticated user to read, copy, delet...

8.3CVSS5.3AI score0.0028EPSS
Exploits3References1
NVD
NVD
added 2026/04/21 5:16 p.m.6 views

CVE-2026-40591

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the phone-conversation creation flow accepts attacker-controlled customerid, name, toemail, and phone values and resolves the target customer in the backend without enforcing mailbox-scoped customer visibility...

7.1CVSS0.00211EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/04 4:11 p.m.5 views

CVE-2026-23810 Cross-BSSID GTK Re-encryption and Traffic Injection

A vulnerability in the packet processing logic may allow an authenticated attacker to craft and transmit a malicious Wi-Fi frame that causes an Access Point AP to classify the frame as group-addressed traffic and re-encrypt it using the Group Temporal Key GTK associated with the victim's BSSID...

4.3CVSS5.9AI score0.00182EPSS
Exploits0References1
CVE
CVE
added 2026/03/04 4:11 p.m.14 views

CVE-2026-23810

CVE-2026-23810 describes a vulnerability in wireless packet processing where an authenticated attacker can craft a malicious Wi‑Fi frame that leads an AP to treat it as group-addressed traffic and re-encrypt using the GTK tied to the victim’s BSSID. This enables GTK‑independent traffic injection ...

4.3CVSS5.9AI score0.00182EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/01/23 12:31 a.m.5 views

GHSA-4XX9-VC8V-87HV Gitea does not properly validate repository ownership when linking attachments to releases

Gitea does not properly validate repository ownership when linking attachments to releases. An attachment uploaded to a private repository could potentially be linked to a release in a different public repository, making it accessible to unauthorized users...

5.1CVSS5.5AI score0.00415EPSS
Exploits0References7
PyPA
PyPA
added 2023/10/11 8:15 p.m.5 views

PYSEC-2023-200

vantage6 is privacy preserving federated learning infrastructure. When a collaboration is deleted, the linked resources such as tasks from that collaboration should be deleted. This is partly to manage data properly, but also to prevent a potential but unlikely side-effect that affects versions...

4.3CVSS6.5AI score0.00319EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder