Lucene search
K

81 matches found

OSV
OSV
added 6 days ago4 views

PYSEC-2026-774 Apache Airflow Google Provider Improper Input Validation vulnerability

Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0...

7.5CVSS5.9AI score0.01826EPSS
Exploits0References6
OSV
OSV
added 2026/06/30 12:0 a.m.4 views

ALSA-2026:33743 Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: scsi: target: iscsi: Fix use-after-free in iscsitdecconnusagecount CVE-2026-23216 kernel: gfs2: Fix use-after-free in iomap inline data write path CVE-2026-45984 kernel: RDMA/vmwpvrdma: F...

7.8CVSS6.5AI score0.0031EPSS
Exploits0References8
OSV
OSV
added 2026/06/19 4:59 p.m.2 views

OPENSUSE-SU-2026:21106-1 Security update for papers

This update for papers fixes the following issues Security issue: - CVE-2026-46529: command injection bsc1265880. Changes for papers: - Update to version 48.10 bsc1265880: - Update to version 48.9 jscPED-15957, bsc1261947: - Bug fixes: - Saved image files are empty - Print dialog says "Manage...

8.4CVSS5.8AI score0.00529EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/17 6:35 p.m.11 views

EUVD-2026-37633

Unauthenticated Cross Site Scripting XSS in JetEngine = 3.8.10 versions...

7.1CVSS5.2AI score0.00146EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/27 9:49 a.m.13 views

EUVD-2026-32191

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in IniLerm Advanced IP Blocker advanced-ip-blocker allows DOM-Based XSS.This issue affects Advanced IP Blocker: from n/a through = 8.10.7...

7.1CVSS5.8AI score0.00146EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 9:49 a.m.22 views

CVE-2026-42739

The CVE-2026-42739 affects the WordPress Advanced IP Blocker plugin (

7.1CVSS5.8AI score0.00146EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 9:31 p.m.11 views

EUVD-2026-29819

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system...

7.2CVSS6.1AI score0.00896EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/12 7:12 p.m.9 views

CVE-2026-44865

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system...

7.2CVSS6.1AI score0.00918EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/12 7:8 p.m.17 views

CVE-2026-44862

The CVE-2026-44862 entry describes SQL injection vulnerabilities in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could inject crafted input into parameters pas...

7.2CVSS6.2AI score0.00315EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/07 2:20 p.m.10 views

CVE-2026-40010

Missing invocation of Servlet http web request method changeSessionId after session binding can be exploited for a session fixation attack in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version...

9.1CVSS5.8AI score0.00379EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.13 views

PT-2026-37375

Name of the Vulnerable Software and Affected Versions Apache Wicket versions 8.0.0 through 8.17.0 Apache Wicket version 9.0.0 Apache Wicket versions 10.0.0 through 10.8.0 Description A session fixation attack is possible due to the missing invocation of the Servlet http web request method...

9.1CVSS5.8AI score0.00379EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/04/13 7:24 p.m.7 views

CVE-2026-39562

Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a through = 20.8.10...

5.3CVSS5.8AI score0.00214EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/01 8:54 p.m.3 views

CVE-2026-4820 IBM Maximo Application Suite was vulnerable to because Cookie ltpatoken2_<workspace_name> was not set with secure flag

IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to th...

4.3CVSS5.8AI score0.00118EPSS
Exploits0References1
CVE
CVE
added 2026/04/01 8:54 p.m.16 views

CVE-2026-4820

CVE-2026-4820 affects IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10, where authorization tokens or session cookies are not marked with the Secure attribute. This can allow an unauthenticated attacker to steal cookie values by directing users to an http link and monitoring traffic, enablin...

4.3CVSS5.8AI score0.00118EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/02/24 2:2 a.m.4 views

CVE-2026-3057 a54552239 pearProjectApi Backend Task.php dateTotalForProject sql injection

A security flaw has been discovered in a54552239 pearProjectApi up to 2.8.10. Affected is the function dateTotalForProject of the file application/common/Model/Task.php of the component Backend Interface. The manipulation of the argument projectCode results in sql injection. The attack can be...

5.3CVSS6.3AI score0.00531EPSS
Exploits1References7
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.6 views

HPE AOS 安全漏洞

HPE AOS is an operating system from HPE Corporation in the United States. A security vulnerability exists in HPE AOS 10 and HPE AOS 8 that stems from an arbitrary file write vulnerability in the web-based management interface that could lead to the execution of arbitrary commands...

7.2CVSS6AI score0.00476EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.4 views

HPE AOS 安全漏洞

HPE AOS is an operating system from HPE Corporation in the United States. A security vulnerability exists in HPE AOS versions 10 and 8, which stems from an arbitrary file upload vulnerability in the web-based management interface that could lead to the execution of arbitrary commands...

7.2CVSS6AI score0.0043EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/28 6:13 a.m.6 views

Security Bulletin: IBM Maximo Application Suite uses IBM WebSphere Application Server Liberty 25.0.0.8 which is vulnerable to CVE-2025-36000, CVE-2020-36732 and CVE-2025-36124

Summary IBM Maximo Application Suite uses IBM WebSphere Application Server Liberty 25.0.0.8 which is vulnerable to CVE-2025-36000, CVE-2020-36732 and CVE-2025-36124. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-36000...

7.5CVSS6.1AI score0.01075EPSS
Exploits0Affected Software1
NVD
NVD
added 2025/11/21 8:15 a.m.6 views

CVE-2025-12170

The Checkbox plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wpajaxnoprivcheckboxcleanlog' AJAX endpoint in all versions up to, and including, 2.8.10. This makes it possible for unauthenticated attackers to clear log files...

5.3CVSS0.002EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/15 12:0 a.m.18 views

PT-2025-47041

Name of the Vulnerable Software and Affected Versions All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic versions prior to 4.8.10 Description The All in One SEO plugin for WordPress has a flaw that allows unauthorized deletion of media attachments. The issue stems from ...

4.3CVSS6.3AI score0.0021EPSS
Exploits0References9
Rows per page
Query Builder