Lucene search
K

6 matches found

EUVD
EUVD
added 2026/05/26 5:7 p.m.15 views

EUVD-2026-31913

Chatwoot is a customer engagement suite. From 2.2.0 to before 4.11.2, a SQL injection vulnerability exists in the conversation and contact filter APIs. When filtering by a custom attribute of type date or number using the isgreaterthan or islessthan operators, user-supplied values in the values...

8.5CVSS6.1AI score0.00227EPSS
Exploits1References1
CVE
CVE
added 2026/04/08 8:30 a.m.16 views

CVE-2026-39526

WpStream WordPress plugin < 4.11.2 contains an Insecure Direct Object References (IDOR) vulnerability leading to an Authorization Bypass via a user-controlled key. Root cause: misconfigured access control allowing unauthorized access to resources. Affected product/version: WPStream plugin for ...

5.4CVSS5.9AI score0.00229EPSS
Exploits0References1
OSV
OSV
added 2025/12/10 9:31 p.m.2 views

GHSA-WCGJ-F865-C7J7 Improper Request Caching Lookup in the Auth0 Next.js SDK

Description When using affected versions of the Next.js SDK, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. Am I Affected? You are affected if you meet the following preconditions: - Applications using the auth0/nextjs-aut...

5.4CVSS6.8AI score0.00172EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.6 views

PT-2025-50552

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in...

5.4CVSS7AI score0.00172EPSS
Exploits0References4
OSV
OSV
added 2022/10/26 8:15 p.m.2 views

UBUNTU-CVE-2022-39286

Jupyter Core is a package for the core common functionality of Jupyter projects. Jupyter Core prior to version 4.11.2 contains an arbitrary code execution vulnerability in jupytercore that stems from jupytercore executing untrusted files in CWD. This vulnerability allows one user to run code as...

8.8CVSS7.6AI score0.01056EPSS
Exploits0References5
OSV
OSV
added 2019/11/06 10:15 a.m.2 views

ALPINE-CVE-2019-10218

A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this...

6.5CVSS6.6AI score0.03515EPSS
Exploits0References1
Rows per page
Query Builder