Lucene search
+L

14 matches found

NVD
NVD
added 2026/03/31 8:16 p.m.19 views

CVE-2026-2950

Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg only guards against string key members, so an attacker can bypass the check by...

6.5CVSS0.00317EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.8 views

CVE-2026-32262

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.5 and from version 5.0.0-RC1 to before version 5.9.11, the AssetsController-replaceFile method has a targetFilename body parameter that is used unsanitized in a deleteFile call before...

5.3CVSS5.8AI score0.00291EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.7 views

Craft CMS 安全漏洞

Craft CMS is an open-source content management system developed by Craft Studio. Vulnerabilities existed in versions of Craft CMS from 4.0.0-RC1 to 4.17.6, as well as in versions 5.0.0-RC1 to 5.9.12. These vulnerabilities stemmed from a potential exploit where low-privilege users or unverified...

9.8CVSS5.8AI score0.0773EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/11 12:26 a.m.5 views

Improper Encoding or Escaping of Output

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the setReturnUrl function. An attacker can execute arbitrary JavaScript in the context of the application by supplying a crafted return URL...

6.9CVSS6AI score0.00185EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.5 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002777)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002777 advisory. In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by...

5.5CVSS6.4AI score0.00683EPSS
Exploits1References18
CNNVD
CNNVD
added 2025/12/18 12:0 a.m.4 views

proxychains-ng 安全漏洞

proxychains-ng is a preloaded program by rofl0r individual developers. A security vulnerability exists in proxychains-ng versions 4.17 and earlier and cc005b7 and earlier, which stems from a stack buffer overflow in the proxyfromstring function, which could lead to memory corruption or a crash...

7.8CVSS6.9AI score0.00227EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/23 1:58 a.m.9 views

CVE-2023-47112

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In affected versions access to two URLs used in both Rundeck Open Source and Process Automation products could allow authenticated users to access the URL path, which provides a list of job names and...

4.3CVSS6.6AI score0.00481EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/12/25 12:0 a.m.6 views

openNDS Security Vulnerabilities

openNDS is a high-performance, small footprint portal system open sourced from openNDS. A security vulnerability exists in openNDS that stems from a null pointer dereference issue that results in a denial of service DOS in products that use OpenNDS, such as Sierra Wireless ALEOS versions prior to...

7.5CVSS6.6AI score0.01103EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:30 a.m.4 views

SUSE CVE-2018-6554

Memory leak in the irdabind function in net/irda/afirda.c and later in drivers/staging/irda/net/afirda.c in the Linux kernel before 4.17 allows local users to cause a denial of service memory consumption by repeatedly binding an AFIRDA socket...

3.3CVSS7AI score0.00506EPSS
Exploits0References20
OSV
OSV
added 2021/11/17 8:15 p.m.1 views

DEBIAN-CVE-2021-41165

CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result...

5.4CVSS6.9AI score0.0147EPSS
Exploits0References1
OSV
OSV
added 2021/11/17 7:15 p.m.5 views

UBUNTU-CVE-2021-41164

CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter ACF module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result ...

8.2CVSS6.7AI score0.01257EPSS
Exploits0References6
OSV
OSV
added 2020/07/15 7:15 p.m.2 views

GHSA-P6MC-M468-83GW Prototype Pollution in lodash

Versions of lodash prior to 4.17.19 are vulnerable to Prototype Pollution. The functions pick, set, setWith, update, updateWith, and zipObjectDeep allow a malicious user to modify the prototype of Object if the property identifiers are user-supplied. Being affected by this issue requires...

7.4CVSS6.9AI score0.05213EPSS
Exploits1References12
CNVD
CNVD
added 2018/07/27 12:0 a.m.22 views

Linux kernel buffer overflow vulnerability (CNVD-2018-14219)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A buffer overflow vulnerability exists in the 'truncateinlineinode' function in the fs/f2fs/inline.c file in Linux kernel versions 4.17.10 and earlier, which stems fro...

7.1CVSS6.3AI score0.02306EPSS
Exploits1References1
CNVD
CNVD
added 2018/07/03 12:0 a.m.2 views

Linux kernel denial of service vulnerability (CNVD-2018-12664)

The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. A denial of service vulnerability exists in fs/xfs/xfsicache.c in 4.17.3 and earlier versions of the Linux kernel. An...

5.5CVSS5.9AI score0.01725EPSS
Exploits0References1
Rows per page
Query Builder