Lucene search
K

37 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/18 6:33 a.m.7 views

CVE-2026-6334

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to enforce client identity binding during the OAuth authorization code redemption flow which allows an authenticated OAuth client to redeem authorization codes issued to a different client via a crafted token exchange request.. Mattermo...

3.1CVSS5.9AI score0.00118EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/27 6:31 p.m.7 views

Duplicate Advisory: Nest has a Fastify URL Encoding Middleware Bypass

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r4wm-x892-vjmx. This link is maintained to preserve external references. Original Description A NestJS application using @nestjs/platform-fastify can allow bypass of authentication/authorization middleware when...

9.8CVSS5.8AI score0.00666EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/02/27 6:31 p.m.4 views

GHSA-7Q64-3RG2-H9PF Duplicate Advisory: Nest has a Fastify URL Encoding Middleware Bypass

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r4wm-x892-vjmx. This link is maintained to preserve external references. Original Description A NestJS application using @nestjs/platform-fastify can allow bypass of authentication/authorization middleware when...

8.2CVSS5.8AI score0.00666EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/27 4:15 p.m.4 views

CVE-2026-2293

A NestJS application using @nestjs/platform-fastify can allow bypass of authentication/authorization middleware when Fastify path-normalization options are enabled. This issue affects nest.Js: 11.1.13...

8.2CVSS5.9AI score0.00666EPSS
Exploits1References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.5 views

MiracleLinux 8 : python3.11-3.11.13-2.el8_10 (AXSA:2025-10802:08)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10802:08 advisory. cpython: Cpython infinite loop when parsing a tarfile CVE-2025-8194 Tenable has extracted the preceding description block directly from the MiracleLinux...

7.5CVSS6.9AI score0.00611EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/14 10:1 p.m.11 views

CVE-2025-64748

Directus is a real-time API and App dashboard for managing SQL database content. A vulnerability in versions prior to 11.13.0 allows authenticated users to search concealed/sensitive fields when they have read permissions. While actual values remain masked , successful matches can be detected...

6.5CVSS7.1AI score0.00241EPSS
Exploits0References1
OSV
OSV
added 2025/11/13 9:13 p.m.4 views

CVE-2025-64747 Directus Vulnerable to Stored Cross-site Scripting

Directus is a real-time API and App dashboard for managing SQL database content. A stored cross-site scripting XSS vulnerability exists in versions prior to 11.13.0 that allows users with upload files and edit item permissions to inject malicious JavaScript through the Block Editor interface...

5.5CVSS5.9AI score0.0021EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/11/13 12:0 a.m.4 views

Directus 安全漏洞

Directus is a real-time Api and application dashboard open-sourced by Directus. It is used to manage Sql database content. A security vulnerability exists in Directus versions prior to 11.13.0 that stems from a REST API error message discrepancy that could lead to the disclosure of unauthorized...

4.3CVSS6.1AI score0.00302EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/11/13 12:0 a.m.8 views

PT-2025-46911

Name of the Vulnerable Software and Affected Versions Directus versions prior to 11.13.0 Description Directus does not properly remove field-level permissions when a field is deleted. When a field is removed from a collection, its reference in the permissions table is not cleared. This creates a...

4.6CVSS6.5AI score0.00163EPSS
Exploits1References9
EUVD
EUVD
added 2025/10/29 9:30 a.m.2 views

EUVD-2025-36625

Cross-Site Request Forgery CSRF vulnerability in blubrry PowerPress Podcasting powerpress allows Cross Site Request Forgery.This issue affects PowerPress Podcasting: from n/a through = 11.13.12...

4.3CVSS6.3AI score0.00117EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/29 8:38 a.m.2 views

CVE-2025-64201 WordPress PowerPress Podcasting plugin <= 11.13.12 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in blubrry PowerPress Podcasting powerpress allows Cross Site Request Forgery.This issue affects PowerPress Podcasting: from n/a through = 11.13.12...

4.3CVSS6.5AI score0.00117EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/29 12:0 a.m.4 views

PT-2025-44246

Name of the Vulnerable Software and Affected Versions blubrry PowerPress Podcasting versions through 11.13.12 Description A Cross-Site Request Forgery CSRF issue exists in blubrry PowerPress Podcasting. This allows attackers to potentially perform actions on behalf of authenticated users without...

4.3CVSS6.4AI score0.00117EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2023-21122

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In various functions of various files, there is a possible way to bypass the DISALLOWDEBUGGINGFEATURES restriction for tracing due to a missing permission check...

7.8CVSS7.5AI score0.00105EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/26 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2020-29396

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterprise 11.0 through 13.0, when running with Python 3.6 or later, allows remote authenticated...

9.9CVSS7.6AI score0.03239EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/06/09 12:0 a.m.6 views

WordPress plugin Welcart e-Commerce 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

6.8CVSS6.4AI score0.0046EPSS
Exploits0References2
OSV
OSV
added 2025/02/13 7:15 a.m.3 views

CVE-2024-13346

The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 7.11.13. This is due to the software allowing users to execute an action that does not properly validate a value before running...

9.8CVSS7.6AI score
Exploits0References2
CNNVD
CNNVD
added 2025/02/13 12:0 a.m.4 views

WordPress plugin Avada | Website Builder For WordPress & WooCommerce 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code injection vulnerability exists in...

9.8CVSS9.2AI score0.02104EPSS
Exploits1References2
Patchstack
Patchstack
added 2025/02/12 9:17 p.m.6 views

WordPress Avada theme <= 7.11.13 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by mikemyers in WordPress Theme Avada versions = 7.11.13...

9.8CVSS7.1AI score0.02104EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/15 12:0 a.m.4 views

PT-2024-9761 · Oracle · Oracle Enterprise Command Center Framework

Name of the Vulnerable Software and Affected Versions: Oracle Enterprise Command Center Framework versions 11 through 13 Description: The issue is related to insufficient input validation in the Diagnostics component of the Oracle Enterprise Command Center Framework. This can be exploited by a...

4.3CVSS7.9AI score0.0043EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2023/06/15 7:15 p.m.2 views

CVE-2023-21122

In various functions of various files, there is a possible way to bypass the DISALLOWDEBUGGINGFEATURES restriction for tracing due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS7.3AI score0.00105EPSS
Exploits0References2
Rows per page
Query Builder