Lucene search
K

171 matches found

EUVD
EUVD
added 2026/06/30 7:4 p.m.7 views

EUVD-2026-40378

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability...

3.5CVSS5.8AI score0.00241EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 1:41 p.m.7 views

EUVD-2026-38276

Mattermost versions 11.7.x = 11.7.0, 10.11.x = 10.11.17 fail to validate bot targets when demoting users to guests which allows a lower-privileged administrator to degrade arbitrary bot accounts via the standard demote-user API.. Mattermost Advisory ID: MMSA-2026-00669...

3.8CVSS6AI score0.00231EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.9 views

Synology Surveillance Station 安全漏洞

Synology Surveillance Station is an application developed by Synology, a Chinese company. It provides intelligent monitoring and video management tools to protect your valuable assets. There are security vulnerabilities in versions of Synology Surveillance Station prior to 9.2.2.2-11575 and...

4.9CVSS5.8AI score0.0023EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.12 views

PT-2026-38686

Vulnerability in the Java SE product of Oracle Java SE component: ImageIO. Supported versions that are affected are Java SE: 11.0.7 and 14.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of...

5.3CVSS5.9AI score0.05166EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2026/04/16 1:22 a.m.2 views

CVE-2026-35032

Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the LiveTV M3U tuner endpoint POST /LiveTv/TunerHosts, where the tuner URL is not validated, allowing local file read via non-HTTP paths and Server-Side Request Forgery SSRF via HTTP...

8.6CVSS5.8AI score0.00312EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/14 10:28 p.m.4 views

EUVD-2026-22768

Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain an unauthenticated arbitrary file read vulnerability via ffmpeg argument injection through the StreamOptions query parameter parsing mechanism. The ParseStreamOptions method in StreamingHelpers.cs adds any...

9.3CVSS5.9AI score0.00319EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/14 10:25 p.m.5 views

EUVD-2026-22766

Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the LiveTV M3U tuner endpoint POST /LiveTv/TunerHosts, where the tuner URL is not validated, allowing local file read via non-HTTP paths and Server-Side Request Forgery SSRF via HTTP...

8.6CVSS5.8AI score0.00312EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/14 10:18 p.m.7 views

EUVD-2026-22764

Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the subtitle upload endpoint POST /Videos/itemId/Subtitles, where the Format field is not validated, allowing path traversal via the file extension and enabling arbitrary file write. Th...

9.9CVSS6.4AI score0.00753EPSS
Exploits1References2
NVD
NVD
added 2026/04/14 7:16 p.m.13 views

CVE-2026-34624

Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of thi...

5.4CVSS0.00157EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.9 views

Jellyfin 代码问题漏洞

Jellyfin is a free software media system developed by Jellyfin. It allows you to control the management and streaming of media. It’s an alternative to proprietary products like Emby and Plex, enabling the delivery of media from dedicated servers to end-user devices through multiple applications...

8.6CVSS5.9AI score0.00312EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.12 views

PT-2026-32956

Name of the Vulnerable Software and Affected Versions Jellyfin versions prior to 10.11.7 Description A flaw exists in the subtitle upload endpoint '/Videos/itemId/Subtitles' where the Format field is not validated. This allows path traversal via the file extension, enabling arbitrary file write...

9.9CVSS6.4AI score0.00753EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2026/03/26 11:4 p.m.5 views

CVE-2025-14912

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

5.4CVSS5.8AI score0.0022EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 11:3 p.m.5 views

CVE-2025-14974

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable due to Insecure Direct Object Reference IDOR...

7.5CVSS5.8AI score0.00327EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/25 9:30 p.m.7 views

EUVD-2025-209025

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 IBM InfoSphere DataStage Flow Designer is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...

4.3CVSS5.7AI score0.00139EPSS
Exploits0References2
NVD
NVD
added 2026/03/25 9:16 p.m.10 views

CVE-2026-1014

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to exposure of sensitive information via JSON server response manipulation...

6.5CVSS0.00214EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/25 8:26 p.m.2 views

CVE-2025-36422

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 IBM InfoSphere DataStage Flow Designer is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...

4.3CVSS5.7AI score0.00139EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/25 8:20 p.m.4 views

CVE-2025-14974 IBM InfoSphere Information Server is vulnerable due to Insecure Direct Object Reference

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable due to Insecure Direct Object Reference IDOR...

5.7CVSS5.9AI score0.00327EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/25 8:13 p.m.3 views

CVE-2025-14912

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

5.4CVSS5.8AI score0.0022EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/03/25 8:13 p.m.8 views

CVE-2025-14912

IBM InfoSphere Information Server (versions 11.7.0.0–11.7.1.6) is affected by CVE-2025-14912, a server-side request forgery (SSRF) vulnerability. An authenticated attacker could cause the server to send unauthorized outbound requests, enabling network enumeration or related attacks. Remediation i...

5.4CVSS5.8AI score0.0022EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/03/25 6:31 p.m.8 views

EUVD-2026-15536

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themepassion Ultra WordPress Admin ultra-admin allows Reflected XSS.This issue affects Ultra WordPress Admin: from n/a through = 11.7...

7.1CVSS5.8AI score0.00175EPSS
Exploits0References2
Rows per page
Query Builder