Lucene search
K

32 matches found

SUSE CVE
SUSE CVE
added 2026/06/03 2:24 a.m.11 views

SUSE CVE-2026-38978

transmission through 4.1.1 was found to have a clickjacking weakness in the browser-facing WebUI and RPC response paths...

5.8AI score0.00305EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/02 12:0 a.m.10 views

EUVD-2026-33971

transmission through 4.1.1 was found to have a clickjacking weakness in the browser-facing WebUI and RPC response paths...

5.8AI score0.00305EPSS
Exploits0References3
NVD
NVD
added 2026/05/13 7:17 p.m.18 views

CVE-2026-42585

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty incorrectly parses malformed Transfer-Encoding, enabling request smuggling attacks. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final...

7.5CVSS0.00248EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.8 views

Apache Kafka 安全漏洞

Apache Kafka is an open-source distributed streaming platform developed by the Apache Foundation in the United States. This platform enables the acquisition of real-time data, allowing for the creation of applications that can respond in real time to changes in data streams. Versions 4.1.0 and...

9.1CVSS5.8AI score0.00581EPSS
Exploits0References1
NVD
NVD
added 2026/04/02 3:16 p.m.5 views

CVE-2026-32629

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, an unauthenticated attacker can submit a guest FAQ with an email address that is syntactically valid per RFC 5321 quoted local part yet contains raw HTML — for example "alert1"@evil.com. PHP's FILTERVALIDATEEMAIL accepts this...

6.4CVSS0.00262EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/02 2:47 p.m.1 views

CVE-2026-34973 phpMyFAQ has a LIKE Wildcard Injection in Search.php — Unescaped % and _ Metacharacters Enable Broad Content Disclosure

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the searchCustomPages method in phpmyfaq/src/phpMyFAQ/Search.php uses realescapestring via escape to sanitize the search term before embedding it in LIKE clauses. However, realescapestring does not escape SQL LIKE...

6.9CVSS5.8AI score0.00336EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/02 2:46 p.m.23 views

CVE-2026-34729 phpMyFAQ: Stored XSS via Regex Bypass in Filter::removeAttributes()

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, there is a stored XSS vulnerability via Regex Bypass in Filter::removeAttributes. This issue has been patched in version 4.1.1...

6.1CVSS0.00241EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/02 2:44 p.m.4 views

CVE-2026-34728 phpMyFAQ: Path Traversal - Arbitrary File Deletion in MediaBrowserController

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the MediaBrowserController::index method handles file deletion for the media browser. When the fileRemove action is triggered, the user-supplied name parameter is concatenated with the base upload directory path without any...

8.7CVSS5.7AI score0.00693EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.5 views

PT-2026-29784

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the searchCustomPages method in phpmyfaq/src/phpMyFAQ/Search.php uses real escape string via escape to sanitize the search term before embedding it in LIKE clauses. However, real escape string does not escape SQL LIKE...

6.9CVSS5.8AI score0.00336EPSS
Exploits1References3
OSV
OSV
added 2026/03/23 8:39 p.m.3 views

GHSA-QR6X-WVXR-8HM9 Connect CMS: Improper Authorization in the My Page Profile Update Feature Allows Modification of Arbitrary User Information

Security Advisory — My Page Profile Update Improper Authorization Summary An improper authorization issue in the My Page profile update feature may allow modification of arbitrary user information. Affected Versions - 1.x series: = 1.41.0 - 2.x series: = 2.41.0 Patched Versions - 1.41.1 - 2.41.1...

8.1CVSS5.9AI score0.00305EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/01/27 3:55 p.m.3 views

CVE-2026-24875 Integer overflow in modizer

Integer Overflow or Wraparound vulnerability in yoyofr modizer.This issue affects modizer: before 4.1.1...

7.8CVSS5.9AI score0.00118EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/27 12:0 a.m.6 views

Knock Subdomain Scan security vulnerability

Knock Subdomain Scan is a domain name scanning tool developed by Gianni Amato. Version 4.1.1 of Knock Subdomain Scan contains a security vulnerability, which stems from unfiltered server headers, potentially allowing for CSV injection attacks...

9.8CVSS5.8AI score0.00494EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/01/15 12:0 a.m.6 views

Juniper Networks Paragon Automation security vulnerabilities

Juniper Networks Paragon Automation is an automation and operations platform provided by the American company Juniper Networks. Versions of Juniper Networks Paragon Automation prior to 24.1.1 contained security vulnerabilities. These vulnerabilities stemmed from the lack of appropriate...

6.1CVSS5.8AI score0.00242EPSS
Exploits0References2
OSV
OSV
added 2025/12/22 10:16 p.m.2 views

DEBIAN-CVE-2025-68480

Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to before 3.26.2 and from 4.0.0 to before 4.1.2, Schema.loaddata, many=True is vulnerable to denial of service attacks. A moderately sized request can consume a...

5.3CVSS5.3AI score0.00252EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/14 2:29 p.m.5 views

EUVD-2025-175314

js-yaml has prototype pollution in merge...

5.3CVSS6.3AI score0.00378EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-25137

Malicious code in bioql PyPI...

5.3CVSS6.4AI score0.00275EPSS
Exploits0References3
CVE
CVE
added 2025/09/09 4:26 p.m.22 views

CVE-2025-48101

CVE-2025-48101 describes a PHP object injection vulnerability in the WordPress plugin “Constant Contact for WordPress” (up to version 4.1.1). The issue arises from deserializing untrusted data, enabling object injection. Public data (NVD/Red Hat/Wordfence/Patchstack/PT-Security) confirms the affe...

8.8CVSS5.2AI score0.00305EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:36 a.m.4 views

CVE-2023-23660

Auth. subscriber+ SQL Injection SQLi vulnerability in MainWP MainWP Maintenance Extension plugin = 4.1.1 versions...

8.8CVSS9.1AI score0.00772EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/06/24 12:0 a.m.4 views

FreeRTOS-Plus-TCP Security Vulnerability

FreeRTOS-Plus-TCP is an extensible open source and thread-safe TCP/IP stack for FreeRTOS. A security vulnerability exists in FreeRTOS-Plus-TCP versions prior to 4.1.1 that stems from a buffer over-read in the DNS response parser...

9.6CVSS7AI score0.00615EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/24 5:21 p.m.5 views

Mattermost Server does not neutralize HTML content in an Email template field

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. E-mail templates can have a field in which HTML content is not neutralized...

6.1CVSS6.9AI score0.0069EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder