Lucene search
K

32 matches found

RedHat Linux
RedHat Linux
added 2026/06/11 11:44 a.m.9 views

Important: Red Hat Security Advisory: redis:7 security update

An update for the redis:7 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.8CVSS6.6AI score0.02995EPSS
Exploits4References4
Vulnrichment
Vulnrichment
added 2026/05/14 9:13 p.m.9 views

CVE-2026-44671 ZITADEL: LDAP Filter Injection in Login Flow

ZITADEL is an open source identity management platform. From 2.71.11 to before 3.4.10 and 4.15.0, a vulnerability was discovered in Zitadel's LDAP identity provider implementation, which fails to properly escape user-provided usernames before incorporating them into LDAP search filters. This allo...

7.5CVSS5.8AI score0.00479EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/08 9:25 a.m.10 views

Always-Incorrect Control Flow Implementation

Overview Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation in the EqualsUri function. An attacker can cause incorrect URI comparisons by supplying specially crafted input values. Remediation Upgrade uriparser to version 1.0.2 or higher. References -...

5.3CVSS5.3AI score0.00211EPSS
Exploits0References2
OSV
OSV
added 2026/04/12 12:30 p.m.4 views

GHSA-822V-8W6H-5JXP Warm-Flow has a SpEL Expression Injection in SpelHelper.parseExpression

A security flaw has been discovered in Dromara warm-flow up to 1.8.4. Impacted is the function SpelHelper.parseExpression of the file /warm-flow/save-json of the component Workflow Definition Handler. The manipulation of the argument listenerPath/skipCondition/permissionFlag results in code...

6.3CVSS6.3AI score0.00301EPSS
Exploits0References8
Snyk
Snyk
added 2026/04/02 4:52 p.m.1 views

Always-Incorrect Control Flow Implementation

Overview Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation due to the misinterpretation of the PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms configuration, which causes unintended ECDSA algorithms to be accepted. An attacker can compromise...

6.5CVSS5.9AI score0.00237EPSS
Exploits0References2
OSV
OSV
added 2026/02/16 4:28 p.m.4 views

BIT-GITLAB-2025-14560 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized actions on behalf of another user by injecting malicious conten...

7.3CVSS5.7AI score0.00217EPSS
Exploits0References4
NVD
NVD
added 2026/02/11 12:16 p.m.8 views

CVE-2025-14560

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized actions on behalf of another user by injecting malicious conten...

7.3CVSS0.00217EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 9:6 a.m.8 views

CVE-2024-34600

Improper verification of intent by broadcast receiver vulnerability in Samsung Flow prior to version 4.9.13.0 allows local attackers to copy image files to external storage...

4.4CVSS6.7AI score0.0013EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/17 2:51 p.m.6 views

Security Bulletin: Vulnerability in requests affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2024-35195]

Summary The requests package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2024-35195 Vulnerability Details CVEID:CVE-2024-35195 DESCRIPTION: Psf Requests could allow a local authenticated attacker to bypass security...

5.6CVSS6.1AI score0.0034EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-34899

Malicious code in bioql PyPI...

4.4CVSS6.6AI score0.0013EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-28069

Malicious code in bioql PyPI...

5.3CVSS6.6AI score0.00254EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-24602

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.00876EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-32985

Malicious code in bioql PyPI...

5.5CVSS5.7AI score0.00313EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-57362

Malicious code in bioql PyPI...

9.8CVSS7AI score0.00892EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2025/08/11 12:0 a.m.20 views

The vulnerability of the key_extract_l3l4 function in the net_openvswitch/flow.c module of the openvswitch component of Linux kernel allows a attacker to cause a service failure.

The vulnerability of the keyextractl3l4 function in the netopenvswitch/flow.c module of the openvswitch component in Linux kernels is related to unvalidated array indexing. Exploiting this vulnerability could allow an attacker to cause service failures by sending specially crafted MPLS packets...

5.5CVSS7.2AI score0.00174EPSS
Exploits0References19Affected Software7
OSV
OSV
added 2025/08/08 7:15 p.m.6 views

UBUNTU-CVE-2025-8736

A vulnerability, which was classified as critical, has been found in GNU cflow up to 1.8. Affected by this issue is the function yylex of the file c.c of the component Lexer. The manipulation leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclose...

5.3CVSS5.7AI score0.00147EPSS
Exploits0References8
IBM Security Bulletins
IBM Security Bulletins
added 2024/12/19 6:14 a.m.14 views

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to multiple vulnerabilities due to python - requests

Summary IBM Sterling Connect:Direct Web Service uses python - requests , python-requests could allow a remote attacker to obtain sensitive information, caused by the leaking of Proxy-Authorization headers to destination servers during redirects to an HTTPS origin. Vulnerability Details...

6.1CVSS6.3AI score0.02782EPSS
Exploits1Affected Software1
CNNVD
CNNVD
added 2024/12/09 12:0 a.m.5 views

RAGFlow 安全漏洞

RAGFlow is an open source RAG engine based on deep document understanding from InfiniFlow Open Source. A security vulnerability exists in RAGFlow version 0.13.0, which stems from improper access control of document-hooks.ts and allows unauthorized access to user documents...

7.5CVSS6.6AI score0.00531EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/11/13 12:0 a.m.4 views

Intel QAT 安全漏洞

The Intel QAT Engine for OpenSSL software is an open source software plug-in designed to accelerate OpenSSL cryptographic operations with Intel Quick Assist Technology QAT hardware. A control flow management deficiency vulnerability exists in Intel QAT Engine for OpenSSL software, which can be...

8.2CVSS6.3AI score0.00449EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/11/12 4:23 p.m.13 views

CVE-2024-30133 HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a control flow vulnerability

HCL Traveler for Microsoft Outlook HTMO is susceptible to a control flow vulnerability. The application does not sufficiently manage its control flow during execution, creating conditions in which the control flow can be modified in unexpected ways...

5.3CVSS7AI score0.00254EPSS
Exploits0References1
Rows per page
Query Builder