Lucene search
+L

14 matches found

redhatcve
redhatcve
added 2026/06/05 7:46 p.m.17 views

CVE-2026-33877

ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain a timing side-channel vulnerability in the password reset endpoint /api/v1/@apostrophecms/login/reset-request that allows unauthenticated username and email enumeration. When a user is not found,...

3.7CVSS5.4AI score0.00365EPSS
Exploits1References1
euvd
euvd
added 2026/04/16 8:42 p.m.6 views

EUVD-2026-23104

ApostropheCMS: Stored XSS via CSS Custom Property Injection in @apostrophecms/color-field Escaping Style Tag Context...

5.4CVSS5.8AI score0.0021EPSS
Exploits1References3
osv
osv
added 2026/04/15 7:38 p.m.3 views

CVE-2026-39857 Information Disclosure via `choices`/`counts` Query Parameters Bypassing publicApiProjection Field Restrictions

ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain an authorization bypass vulnerability in the choices and counts query parameters of the REST API, where these query builders execute MongoDB distinct operations that bypass the publicApiProjection...

5.3CVSS6AI score0.00435EPSS
Exploits1References4
cvelist
cvelist
added 2026/04/15 7:25 p.m.17 views

CVE-2026-33888 ApostropheCMS: publicApiProjection Bypass via `project` Query Builder in Piece-Type REST API

ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain an authorization bypass vulnerability in the getRestQuery method of the @apostrophecms/piece-type module, where the method checks whether a MongoDB projection has already been set before applying...

5.3CVSS0.00512EPSS
Exploits1References3
cvelist
cvelist
added 2026/04/15 7:11 p.m.23 views

CVE-2026-33877 ApostropheCMS: User Enumeration via Timing Side Channel in Password Reset Endpoint

ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain a timing side-channel vulnerability in the password reset endpoint /api/v1/@apostrophecms/login/reset-request that allows unauthenticated username and email enumeration. When a user is not found,...

3.7CVSS0.00365EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2026/04/15 12:0 a.m.10 views

PT-2026-33119

ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain a timing side-channel vulnerability in the password reset endpoint /api/v1/@apostrophecms/login/reset-request that allows unauthenticated username and email enumeration. When a user is not found,...

3.7CVSS5.8AI score0.00365EPSS
Exploits1References4
cnnvd
cnnvd
added 2025/02/27 12:0 a.m.8 views

WordPress plugin FooGallery 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

5.1CVSS7.7AI score0.00384EPSS
Exploits0References3
cvelist
cvelist
added 2025/02/26 2:12 a.m.23 views

CVE-2022-49429 RDMA/hfi1: Prevent panic when SDMA is disabled

In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: Prevent panic when SDMA is disabled If the hfi1 module is loaded with HFI1CAPSDMA off, a call to hfi1writeiter will dereference a NULL pointer and panic. A typical stack frame is: sdmaselectuserengine hfi1...

0.00253EPSS
Exploits0References8
cnnvd
cnnvd
added 2024/07/09 12:0 a.m.5 views

Docker Desktop Security Vulnerabilities

Docker Desktop is a desktop software for lightweight deployment of applications based on container technology from Docker Inc. in the United States. The product provides a desktop environment that supports creating a container lightweight virtual machine and deploying and running applications on...

7.3CVSS7AI score0.00557EPSS
Exploits0References2
cnnvd
cnnvd
added 2023/04/12 12:0 a.m.5 views

Arista Networks Extensible Operating System 安全漏洞

Arista Networks Extensible Operating System EOS is a scalable operating system for next-generation data center and cloud solutions from Arista Networks, Inc. in the United States. A security vulnerability exists in the Arista Networks Extensible Operating System that stems from specially crafted...

7.5CVSS7.3AI score0.00836EPSS
Exploits1References2
osv
osv
added 2020/04/02 6:15 p.m.2 views

DEBIAN-CVE-2020-8835

In the Linux kernel 5.5.0 and newer, the bpf verifier kernel/bpf/verifier.c did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The vulnerability also affects the Linux 5.4 stable series, starting with v5.4.7, as the...

7.8CVSS6.5AI score0.0601EPSS
Exploits9References1
cnvd
cnvd
added 2020/02/28 12:0 a.m.2 views

Selesta Visual Access Manager Cross-Site Scripting Vulnerability

Selesta Visual Access Manager VAM is the Selesta Visual Access Manager. A cross-site scripting vulnerability exists in Selesta Visual Access Manager VAM versions 4.15.0 through 4.29. The vulnerability stems from a lack of proper validation of client data by the web application. An attacker can...

5.4CVSS6.4AI score0.00856EPSS
Exploits1References1
osv
osv
added 2017/11/27 4:29 p.m.4 views

CVE-2017-14586

The Hipchat for Mac desktop client is vulnerable to client-side remote code execution via video call link parsing. Hipchat for Mac desktop clients at or above version 4.0 and before version 4.30 are affected by this vulnerability...

9.8CVSS6.3AI score0.03505EPSS
Exploits1References3
bdu_fstec
bdu_fstec
added 2015/04/28 12:0 a.m.8 views

The vulnerability of the Red Hat Enterprise Linux operating system allows a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the stunnel-4.29 package for the Red Hat Enterprise Linux operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. Exploitation of this vulnerability can be carried out remotely...

6.6CVSS7.6AI score0.02932EPSS
Exploits0References2
Rows per page
Query Builder