Lucene search
+L

20 matches found

redhat
redhat
added 2026/07/07 11:9 a.m.7 views

Important: Red Hat Security Advisory: RHACS 4.11.1 security and bug fix update

Updated images are now available for Red Hat Advanced Cluster Security RHACS, which typically include new features, bug fixes, and/or security patches. See the release notes link in the references section for a description of the fixes and enhancements in this particular release...

10CVSS5.9AI score0.00813EPSS
Exploits1References14
nvd
nvd
added 2026/03/10 6:17 p.m.4 views

CVE-2025-27769

A vulnerability has been identified in Heliox Flex 180 kW EV Charging Station All versions F4.11.1, Heliox Mobile DC 40 kW EV Charging Station All versions L4.10.1. Affected devices contain improper access control that could allow an attacker to reach unauthorized services via the charging cable...

2.6CVSS0.00141EPSS
Exploits0References1
cve
cve
added 2026/03/07 3:7 p.m.34 views

CVE-2026-29191

Technical details about CVE-2026-29191 are not publicly available in the provided documents. Based on the initial description, no affected products, versions, root cause, or remediation are specified beyond the patch version 4.12.0. Monitor for updates.

9.3CVSS5.7AI score0.00402EPSS
Exploits0References1Affected Software1
github
github
added 2026/02/27 9:33 p.m.11 views

ZITADEL has potential SSRF via Actions

Summary ZITADEL Action V2 introduced as early preview in 2.59.0, beta in 3.0.0 and GA in 4.0.0 is a webhook based approach to allow developers act on API request to Zitadel and customize flows such the issue of a token. ZITADEL's Action target URLs can point to local hosts, potentially allowing...

6.5CVSS5.9AI score0.00226EPSS
Exploits0References5Affected Software1
euvd
euvd
added 2026/02/27 9:26 p.m.7 views

EUVD-2026-8794

ZITADEL Users Can Self-Verify Email/Phone via UpdateHumanUser API...

8.2CVSS5.9AI score0.00176EPSS
Exploits0References5
snyk
snyk
added 2026/02/26 3:13 a.m.2 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Actions V2 webhook. An attacker can access internal network resources and gather information about internal services by specifying target URLs that resolve to local hosts or internal IP addresses...

6.5CVSS6AI score0.00226EPSS
Exploits0References2
snyk
snyk
added 2026/02/26 3:13 a.m.1 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Actions V2 webhook. An attacker can access internal network resources and gather information about internal services by specifying target URLs that resolve to local hosts or internal IP addresses...

6.5CVSS6AI score0.00226EPSS
Exploits0References2
cve
cve
added 2026/02/26 12:34 a.m.23 views

CVE-2026-27946

ZITADEL exposes a vulnerability in its self-management capability prior to versions 4.11.1 and 3.4.7 that allowed a user to mark their email and/or phone as verified without going through actual verification. The fix, in versions 4.11.1 and 3.4.7, enforces the correct permission when the verifica...

8.2CVSS5.5AI score0.00176EPSS
Exploits0References1Affected Software1
cnnvd
cnnvd
added 2026/02/26 12:0 a.m.9 views

ZITADEL 安全漏洞

ZITADEL is a modern open-source alternative to Auth0, Firebase Auth, AWS Cognito, and Keycloak, developed by ZITADEL in Switzerland for the era of containers and serverless architectures. Versions of ZITADEL prior to 4.11.1 and 3.4.7 contain security vulnerabilities. These vulnerabilities stem fr...

8.2CVSS7.3AI score0.00176EPSS
Exploits0References1
nessus
nessus
added 2026/01/15 12:0 a.m.3 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003417)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003417 advisory. The docheck function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allowptrleaks value available for restricting the output of the...

5.5CVSS6.3AI score0.01261EPSS
Exploits0References10
osv
osv
added 2025/12/10 9:31 p.m.2 views

GHSA-WCGJ-F865-C7J7 Improper Request Caching Lookup in the Auth0 Next.js SDK

Description When using affected versions of the Next.js SDK, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. Am I Affected? You are affected if you meet the following preconditions: - Applications using the auth0/nextjs-aut...

5.4CVSS6.8AI score0.00178EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2025/11/13 7:3 p.m.3 views

CVE-2025-43515

The issue was addressed by refusing external connections by default. This issue is fixed in Compressor 4.11.1. An unauthenticated user on the same network as a Compressor server may be able to execute arbitrary code...

7AI score0.00275EPSS
Exploits0References1
cve
cve
added 2025/11/13 7:3 p.m.432 views

CVE-2025-43515

CVE-2025-43515 affects Apple Compressor. Concrete details across connected sources confirm that an unauthenticated user on the same network as a Compressor server may execute arbitrary code. The root fix is to refuse external connections by default, implemented in Compressor 4.11.1. References fr...

8.8CVSS7AI score0.00275EPSS
Exploits0References2Affected Software1
ptsecurity
ptsecurity
added 2025/11/13 12:0 a.m.6 views

PT-2025-46891

Name of the Vulnerable Software and Affected Versions Compressor versions prior to 4.11.1 Description An unauthenticated user on the same network as a Compressor server may be able to execute arbitrary code. The issue was addressed by refusing external connections by default. Recommendations Upda...

8.8CVSS7.2AI score0.00275EPSS
Exploits0References4
cve
cve
added 2025/10/22 8:45 p.m.21 views

CVE-2025-62612

The CVE-2025-62612 advisory concerns FastGPT prior to version 4.11.1, where the workflow file reading node does not verify the security of the network link, enabling potential SSRF attacks. Multiple connected sources corroborate the issue as a FastGPT SSRF in the workflow file reading node with u...

6.9CVSS6.5AI score0.00217EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2025/10/22 8:45 p.m.8 views

CVE-2025-62612 FastGPT File Reading Node SSRF Vulnerability

FastGPT is an AI Agent building platform. Prior to version 4.11.1, in the workflow file reading node, the network link is not security-verified, posing a risk of SSRF attacks. This issue has been patched in version 4.11.1...

6.9CVSS0.00217EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/03/31 12:0 a.m.7 views

Adtran 411 ONT 安全漏洞

The Adtran 411 ONT is an optical network terminal ONT from Adtran, Inc. It is used to provide fiber-to-the-home FTTH services and support high-speed Internet access. A security vulnerability exists in the Adtran 411 ONT version L80.00.0011.M2, which originates from a command injection in the teln...

9.8CVSS7.6AI score0.02498EPSS
Exploits1References4
cnnvd
cnnvd
added 2021/09/14 12:0 a.m.3 views

CS-Cart 跨站脚本漏洞

CS-Cart is an e-commerce platform developed from the former open source PHP. A cross-site scripting vulnerability exists in CS-Cart version 4.11.1, which stems from the lack of effective validation and escaping of user input in the post description on the blog post creation page in the software,...

6.1CVSS5.9AI score0.00649EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2017/05/19 12:0 a.m.9 views

PT-2017-2222 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.11.1 Description: The issue is related to the dccp v6 request recv sock function in the net/dccp/ipv6.c file of the Linux kernel, which mishandles inheritance. This allows local users to cause a denial of...

10CVSS8AI score0.60631EPSS
Exploits104References897
ptsecurity
ptsecurity
added 2017/05/02 12:0 a.m.5 views

PT-2017-2770 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.11.1 Description: The issue is related to the sanity check raw super function in the Linux kernel, which does not properly validate the segment count. This allows local users to gain privileges via unspecified...

7.8CVSS6.3AI score0.13378EPSS
Exploits11References53
Rows per page
Query Builder