Lucene search
K

18 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/22 5:25 p.m.5 views

CVE-2026-54293

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Prior to 3.10.0-rc1, nltk.data.load in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments...

7.5CVSS6AI score0.00378EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/03/30 4:16 p.m.7 views

CVE-2026-2285

CrewAI contains a arbitrary local file read vulnerability in the JSON loader tool that reads files without path validation, enabling access to files on the server...

7.5CVSS0.00605EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/30 3:51 p.m.2 views

CVE-2026-2285 CVE-2026-2285

CrewAI contains a arbitrary local file read vulnerability in the JSON loader tool that reads files without path validation, enabling access to files on the server...

6AI score0.00605EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2025/06/04 3:24 p.m.18 views

Google Exposes Vishing Group UNC6040 Targeting Salesforce with Fake Data Loader App

Google has disclosed details of a financially motivated threat cluster that it said "specializes" in voice phishing aka vishing campaigns designed to breach organizations' Salesforce instances for large-scale data theft and subsequent extortion. The tech giant's threat intelligence team is tracki...

7.2AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/02/06 12:0 a.m.4 views

PT-2024-12394 · Qualcomm · 9206 Lte Modem Firmware +106

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves memory corruption in the Audio component when processing calibration data returned from the ACDB loader. No information is provided...

7.8CVSS7.9AI score0.00109EPSS
Exploits0References4
OSV
OSV
added 2023/09/20 12:30 p.m.2 views

GHSA-FRQC-F2H8-FJVF Spring for GraphQL may be exposed to GraphQL context with values from a different session

A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An application is vulnerable if it provides a DataLoaderOptions instance when registering batch loader...

3.1CVSS5.8AI score0.0036EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/09/20 12:0 a.m.8 views

PT-2023-24654 · Spring · Spring For Graphql

Name of the Vulnerable Software and Affected Versions: Spring for GraphQL versions 1.1.0 through 1.1.5 Spring for GraphQL versions 1.2.0 through 1.2.2 Description: A batch loader function in Spring for GraphQL may be exposed to GraphQL context with values, including security context values, from ...

4.3CVSS6.9AI score0.0036EPSS
Exploits0References9
CNNVD
CNNVD
added 2023/09/20 12:0 a.m.7 views

Spring GraphQL Security Vulnerability

Spring Framework is the U.S. Spring team of a set of open source Java, JavaEE application framework. The framework helps developers build high-quality applications. A security vulnerability exists in Spring GraphQL versions 1.1.0 through 1.1.5 and 1.2.0 through 1.2.2, which stems from the...

4.3CVSS6.8AI score0.0036EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 9:34 a.m.54 views

Security Bulletin: There is a security vulnerability in snakeYAML used by IBM Maximo Data Loader (CVE-2022-1471)

Summary There is a security vulnerability in snakeYAML used by IBM Maximo Data Loader Vulnerability Details CVEID:CVE-2022-1471 DESCRIPTION: SnakeYaml could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the Constructor class...

9.8CVSS9.3AI score0.99615EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 9:34 a.m.31 views

Security Bulletin: There is a security vulnerability in Spring Security used by IBM Maximo Data Loader (CVE-2022-31692)

Summary There is a security vulnerability in Spring Security used by IBM Maximo Data Loader Vulnerability Details CVEID:CVE-2022-31692 DESCRIPTION: VMware Tanzu Spring Security could allow a remote attacker to bypass security restrictions, caused by a flaw when using forward or include dispatcher...

9.8CVSS9.1AI score0.03425EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 9:33 a.m.34 views

Security Bulletin: There is a security vulnerability in Apache Commons FileUpload and Tomcat used by IBM Maximo Data Loader (CVE-2023-24998)

Summary There is a security vulnerability in Apache Commons FileUpload and Tomcat used by IBM Maximo Data Loader Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request parts to b...

7.5CVSS7.6AI score0.46836EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/28 1:29 p.m.51 views

Security Bulletin: There is a security vulnerability in snakeYAML used by IBM Maximo Data Loader (CVE-2022-41854)

Summary There is a security vulnerability in snakeYAML used by IBM Maximo Data Loader Vulnerability Details CVEID:CVE-2022-41854 DESCRIPTION: snakeYAML is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to open a specially-crafted YAML content, a...

6.5CVSS6.4AI score0.01476EPSS
Exploits1Affected Software1
Pen Test Partners Blog
Pen Test Partners Blog
added 2021/07/02 5:11 a.m.54 views

Ransomware. In the air?

Introduction As an exercise, we were asked to look at the potential vectors for ransomware to affect flight despatch and operations. In most cases, flight systems simply werent significantly exposed, but ground systems affected by ransomware may make flight ops either impossible or significantly...

7.1AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2021/02/17 5:58 p.m.22 views

Security Bulletin: IBM Maximo Data Loader (maxloader) shipped with IBM Maximo for Civil Infrastructure is vulnerable to cross-site scripting and missing or insecure "X-XSS-Protection" header

Summary There is missing or insecure "X-XSS-Protection" header in Maximo Data Loader maxloader which is shipped with IBM Maximo for Civil Infrastructure. It may be possible to gather sensitive information about the web application. Vulnerability Details CVEID: CVE-2021-20446 DESCRIPTION: IBM Maxi...

5.4CVSS1.1AI score0.00502EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/02/17 5:57 p.m.18 views

Security Bulletin: IBM Maximo Data Loader (maxloader) shipped with IBM Maximo for Civil Infrastructure is vulnerable to autocomplete HTML Attribute not disabled for password field

Summary There is autocomplete HTML attribute not disabled for password field in Maximo Data Loader maxloader which is shipped with IBM Maximo for Civil Infrastructure. It may be possible to bypass the web application's authentication mechanism. Vulnerability Details CVEID: CVE-2021-20445...

6.5CVSS1.2AI score0.01139EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/02/17 5:45 p.m.13 views

Security Bulletin: IBM Maximo Data Loader (maxloader) shipped with IBM Maximo for Civil Infrastructure is vulnerable to cross-site scripting and missing or insecure "X-Content-Type-Options" header

Summary There is missing or insecure "X-Content-Type-Options" header in Maximo Data Loader maxloader which is shipped with IBM Maximo for Civil Infrastructure. It may be possible to gather sensitive information about the web application such as usernames, passwords, machine name and/or sensitive...

6.1CVSS0.9AI score0.00661EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/02/17 5:43 p.m.17 views

Security Bulletin: IBM Maximo Data Loader (maxloader) shipped with IBM Maximo for Civil Infrastructure is vulnerable to check for SRI (Subresource Integrity) support

Summary There is missing check for SRI Subresource Integrity support in Maximo Data Loader maxloader which is shipped with IBM Maximo for Civil Infrastructure. It may be possible the user-agent can't verify scripts from third-party services. In case of compromise of the third-party service, the...

8.8CVSS1.3AI score0.00826EPSS
Exploits0Affected Software1
Pen Test Partners Blog
Pen Test Partners Blog
added 2019/11/11 7:14 a.m.102 views

Updating Airplanes

If you think updating Windows etc is painful, spare a thought for avionics maintenance engineers. Flight Management System FMS and related navigation databases navaids, airspace etc have to be updated monthly, locally. On older planes, it’s sometimes still done on 3.5” floppy. It’s more common to...

6.6AI score
Exploits0
Rows per page
Query Builder