Lucene search
K

88 matches found

Snyk
Snyk
added 2026/07/06 9:37 p.m.4 views

Incorrect Authorization

Overview 9router is a 9Router CLI - Start and manage 9Router server Affected versions of this package are vulnerable to Incorrect Authorization via the /api/settings/database endpoint, which allows exporting the entire database including plaintext API keys, OAuth tokens, and sensitive settings, a...

9.9CVSS6AI score0.00685EPSS
Exploits0References2
Mageia
Mageia
added 2026/06/10 5:7 a.m.14 views

Updated libssh packages fix security vulnerabilities

CVE-2025-4877 Write beyond bounds in binary to base64 conversion functions CVE-2025-4878 Use of uninitialized variable in privatekeyfromfile CVE-2025-5318 Likely read beyond bounds in sftp server handle management CVE-2025-5351 Double free in functions exporting keys CVE-2025-5372 sshkdf returns ...

8.8CVSS6.2AI score0.02449EPSS
Exploits0References2
CVE
CVE
added 2026/05/21 12:17 p.m.15 views

CVE-2026-43498

CVE-2026-43498 is a Linux kernel issue in the accel/ivpu path. The vulnerability stems from the ability to re-export imported GEM buffers; a fix adds a custom prime_handle_to_fd callback that checks if the GEM object is imported and returns -EOPNOTSUPP in that case. Under re-export scenarios, buf...

7.8CVSS5.9AI score0.00113EPSS
Exploits0References2Affected Software1
Fedora
Fedora
added 2026/04/13 9:7 p.m.6 views

[SECURITY] Fedora 44 Update: rawtherapee-5.12-8.fc44

Rawtherapee is a RAW image processing software. It gives full control over many parameters to enhance the raw picture before finally exporting it to some common image format...

9.8CVSS5.8AI score0.00735EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2026/01/09 11:22 a.m.8 views

CVE-2021-31902

In JetBrains YouTrack before 2020.6.6600, access control during the exporting of issues was implemented improperly...

7.5CVSS7AI score0.01192EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:56 a.m.6 views

CVE-2022-38844

CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system commands via creating contacts with payloads capable of executing system commands. Admin user exporting contacts in CSV file may end up executing the malicious system commands on his system...

8CVSS7.8AI score0.01138EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/12/11 12:0 a.m.6 views

PT-2025-50609

A vulnerability was determined in Yalantis uCrop 2.2.11. This affects the function UCropActivity of the file AndroidManifest.xml. Executing manipulation can lead to improper export of android application components. The attack can only be executed locally. The exploit has been publicly disclosed...

5.3CVSS6.5AI score0.00209EPSS
Exploits1References6
CNVD
CNVD
added 2025/11/18 12:0 a.m.3 views

WordPress Booking Manager plugin cross-site scripting vulnerability

WordPress Booking Manager plugin is a tool for managing appointments and schedules, supporting features such as synchronization with external ICS calendars, importing events and exporting booking data. A cross-site scripting vulnerability exists in the WordPress Booking Manager plugin, which stem...

6.5CVSS6.3AI score0.00151EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/31 12:30 a.m.10 views

EUVD-2020-30808

Nagios XI versions prior to 5.6.11 contain unauthenticated vulnerabilities in the Highcharts local exporting tool. Crafted export requests could 1 inject script into exported/returned content due to insufficient output encoding XSS, and 2 cause the server to fetch attacker-specified URLs SSRF,...

6.9CVSS6.2AI score0.00573EPSS
Exploits0References3
NVD
NVD
added 2025/10/30 10:15 p.m.7 views

CVE-2020-36862

Nagios XI versions prior to 5.6.11 contain unauthenticated vulnerabilities in the Highcharts local exporting tool. Crafted export requests could 1 inject script into exported/returned content due to insufficient output encoding XSS, and 2 cause the server to fetch attacker-specified URLs SSRF,...

6.9CVSS0.00573EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/30 9:46 p.m.4 views

CVE-2020-36862 Nagios XI < 5.6.11 Unauthenticated XSS and SSRF via Highcharts

Nagios XI versions prior to 5.6.11 contain unauthenticated vulnerabilities in the Highcharts local exporting tool. Crafted export requests could 1 inject script into exported/returned content due to insufficient output encoding XSS, and 2 cause the server to fetch attacker-specified URLs SSRF,...

6.9CVSS6.3AI score0.00573EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/30 12:0 a.m.6 views

PT-2025-44468

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 5.6.11 Description Nagios XI versions prior to 5.6.11 have unauthenticated issues in the Highcharts local exporting tool. Specifically, crafted export requests can lead to insufficient output encoding, resulting in...

6.9CVSS6.2AI score0.00573EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-19389

Malicious code in bioql PyPI...

8.8CVSS8.2AI score0.05013EPSS
Exploits0References1
Wired Threat Level
Wired Threat Level
added 2025/09/09 3:0 a.m.7 views

Massive Leak Shows How a Chinese Company Is Exporting the Great Firewall to the World

Geedge Networks, a company with ties to the founder of China’s mass censorship infrastructure, is selling its censorship and surveillance systems to at least four other countries in Asia and Africa...

7AI score
Exploits0
CNNVD
CNNVD
added 2025/09/04 12:0 a.m.5 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from the habanalabs driver not handling file descriptors correctly when exporting dmabuf, which could lead to reuse...

7.8CVSS6.3AI score0.00142EPSS
Exploits0References5
OSV
OSV
added 2025/09/01 6:30 p.m.9 views

CLSA-2025-1756751437 gnutls: Fix of CVE-2025-32988

CVE-2025-32988: fix double-free vulnerability when exporting othernames in SAN...

8.2CVSS7.1AI score0.01185EPSS
Exploits0References1
OSV
OSV
added 2025/07/07 12:29 p.m.6 views

USN-7619-1 libssh vulnerabilities

Ronald Crane discovered that libssh incorrectly handled certain base64 conversions. An attacker could use this issue to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2025-4877 Ronald Crane discovered that libssh incorrectly handled the...

8.8CVSS7AI score0.02449EPSS
Exploits0References8
Cvelist
Cvelist
added 2025/04/18 12:15 p.m.44 views

CVE-2025-32790 Dify Allows Insecure User Role Access Control for APP DSL Exporting

Dify is an open-source LLM app development platform. In versions 0.6.8 and prior, a vulnerability was identified in the DIFY AI where normal users are improperly granted permissions to export APP DSL. The feature in '/export' should only allow administrator users to export DSL. A workaround for...

6.3CVSS0.00255EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/02/05 10:56 a.m.11 views

CVE-2024-21775

Zoho ManageEngine Exchange Reporter Plus versions 5714 and below are vulnerable to the Authenticated SQL injection in report exporting feature...

8.8CVSS7.8AI score0.05013EPSS
Exploits0References1
OSV
OSV
added 2024/11/29 7:15 p.m.13 views

UBUNTU-CVE-2024-36615

FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if video encoding parameters were being exported, as the side data would be attached in the decoder thread while being read in the output thread...

5.9CVSS6.6AI score0.00436EPSS
Exploits0References5
Rows per page
Query Builder