Lucene search
K

113 matches found

Tenable Nessus
Tenable Nessus
added 2025/09/09 12:0 a.m.5 views

Metabase < 0.44.5

The version of Metabase installed on the remote host is prior to 0.44.5. It is, therefore, affected by a The url parameter of the /api/geojson endpoint in Metabase versions 0.44.5 can be used to perform Server Side Request Forgery attacks. Previously implemented blacklists could be circumvented b...

6.5CVSS7.2AI score0.00656EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2021-33929

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer overflow vulnerability in function pooldisabledsolvable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service...

7.5CVSS6.9AI score0.01441EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/12 12:0 a.m.4 views

Adobe Dimension < 4.1.4 Memory leak (APSB25-84)

The version of Adobe Dimension installed on the remote Windows host is prior to 4.1.4. It is, therefore, affected by a vulnerability as referenced in the APSB25-84 advisory. - Out-of-bounds Read CWE-125 potentially leading to Memory leak CVE-2025-54238 Note that Nessus has not tested for this iss...

5.5CVSS5.6AI score0.00188EPSS
Exploits0References2
OSV
OSV
added 2025/07/30 12:34 a.m.4 views

CVE-2025-8217 Inert Malicious script injected into Amazon Q Developer Visual Studio Code (VS Code) Extension

The Amazon Q Developer Visual Studio Code VS Code extension v1.84.0 contains inert, injected code designed to call the Q Developer CLI. The code executes when the extension is launched within the VS Code environment; however the injected code contains a syntax error which prevents it from making ...

5.1CVSS6AI score0.00197EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/05/28 12:0 a.m.5 views

Mautic 安全漏洞

Mautic is an open source marketing automation software from Mautic Open Source. The software monitors and manages websites, sends emails and manages customer resources. A security vulnerability exists in versions prior to Mautic 6.0.2, which stems from a time-difference attack in the Forgot...

5.3CVSS6.3AI score0.00267EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/05/21 12:45 a.m.4 views

SUSE CVE-2025-46721

nosurf is cross-site request forgery CSRF protection middleware for Go. A vulnerability in versions prior to 1.2.0 allows an attacker who controls content on the target site, or on a subdomain of the target site either via XSS, or otherwise to bypass CSRF checks and issue requests on user's behal...

6.1CVSS6.7AI score0.00203EPSS
Exploits2References3
CNNVD
CNNVD
added 2025/05/05 12:0 a.m.5 views

October 代码问题漏洞

October is a content management system CMS and web platform from October Open Source. A code issue vulnerability exists in versions prior to October 3.7.5 that stems from not properly cleaning SVG files, which could lead to bypassing protection...

4.9CVSS6.6AI score0.00306EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/04/16 12:0 a.m.9 views

PT-2025-16929

Name of the Vulnerable Software and Affected Versions Nullsoft Scriptable Install System NSIS versions prior to 3.11 Description The issue allows local users to escalate privileges to SYSTEM during an installation. This occurs because the temporary plugins directory is created under %WINDIR%temp...

8.1CVSS5.9AI score0.00179EPSS
Exploits0References19
OSV
OSV
added 2025/01/15 11:15 a.m.1 views

DEBIAN-CVE-2025-0435

Inappropriate implementation in Navigation in Google Chrome on Android prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: High...

6.5CVSS5.3AI score0.00334EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/12/27 12:0 a.m.5 views

LinkAce 安全漏洞

LinkAce is a self-hosted archive of links to your favorite websites by Kevin Woblick Personal Developer. A security vulnerability exists in LinkAce versions prior to 1.15.6. An attacker exploiting this vulnerability could upload a malicious HTML file containing a JavaScript payload...

7.6CVSS6.4AI score0.00416EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/10/20 12:0 a.m.9 views

PT-2024-33431 · Unknown · Cooked Pro

Name of the Vulnerable Software and Affected Versions: Cooked Pro versions prior to 1.8.0 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Cross Site Request Forgery. This problem involves CSRF attacks. Recommendations: For versions prior to 1.8.0, update to...

8.8CVSS7.2AI score0.00204EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/08/21 12:0 a.m.4 views

PT-2024-29645 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 2.10.0 Description: The issue allows the developer of a malicious provider to execute a cross-site scripting attack when clicking on a provider documentation link. This requires the provider to be installed on...

6.1CVSS6.3AI score0.01804EPSS
Exploits0References19
OSV
OSV
added 2024/08/06 6:15 a.m.10 views

CVE-2024-6651

The WordPress File Upload WordPress plugin before 4.24.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS5.8AI score0.14058EPSS
Exploits2References1
RedHat Linux
RedHat Linux
added 2024/07/31 12:44 a.m.3 views

haproxy: untrimmed URI fragments may lead to exposure of confidential data on static servers

HAProxy before 2.8.2 accepts as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a pathend rule, such as routing index.html.png to a static server...

8.2CVSS6AI score0.01526EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2024/06/07 12:0 a.m.12 views

Fedora: Security Advisory (FEDORA-2024-a702b78744)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.6AI score0.00333EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/04/02 12:0 a.m.5 views

OpenHarmony 安全漏洞

OpenHarmony is a kind of Hongmeng operating system open source project of China OpenAtom Foundation OpenAtom Foundation Foundation. A security vulnerability exists in OpenHarmony prior to version v3.2.4. A remote attacker could exploit the vulnerability to bypass privilege authentication to insta...

7.7CVSS7AI score0.00446EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/03/27 12:0 a.m.4 views

util-linux 安全漏洞

util-linux is an open source software package. A security vulnerability exists in util-linux version 2.40 and earlier, which stems from the fact that wall is typically installed with the setgid tty permission, which allows escape sequences to be sent to other users' terminals via argv, which coul...

3.3CVSS6.4AI score0.02242EPSS
Exploits3References19
Positive Technologies
Positive Technologies
added 2024/03/13 12:0 a.m.5 views

PT-2024-20749 · Unknown · Maspik – Spam Blacklist

Name of the Vulnerable Software and Affected Versions: Maspik – Spam Blacklist versions 0.10.6 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for stored cross-site scripting XSS. This means that an attacker can inject...

5.9CVSS8.9AI score0.00418EPSS
Exploits0References5
OSV
OSV
added 2024/01/16 4:15 p.m.7 views

AZL-39220 CVE-2023-45237 affecting package edk2 for versions less than 20230301gitf80f052277c8-40

EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality...

7.5CVSS6.7AI score0.00986EPSS
Exploits0References1
OSV
OSV
added 2024/01/16 4:15 p.m.5 views

CVE-2022-2413

The Slide Anything WordPress plugin before 2.3.47 does not properly sanitize or escape the slide title before outputting it in the admin pages, allowing a logged in user with roles as low as Author to inject a javascript payload into the slide title even when the unfilteredhtml capability is...

5.4CVSS5.8AI score0.0053EPSS
Exploits2References1
Rows per page
Query Builder