Lucene search
K

16 matches found

debiancve
debiancve
added 2026/06/30 11:24 p.m.6 views

CVE-2026-54898

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2,Oj::Parserparse is vulnerable to a heap use-after-free when a SAJ/SAJ2 callback mutates the input JSON string during parsing. The C engine holds a raw const byte pointer into the Ruby...

2.1CVSS5.9AI score0.00117EPSS
Exploits0
nessus
nessus
added 2026/06/11 12:0 a.m.9 views

FreeBSD : Erlang/OTP -- TLS distribution check_ip flag does not enforce same-LAN constraint (d87e5fb4-64d4-11f1-ab11-4c526214c986)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the d87e5fb4-64d4-11f1-ab11-4c526214c986 advisory. https://github.com/erlang/otp/security/advisories/GHSA-gp7x-mfv6-52cv reports: Erlang distribution over...

7.5CVSS5.3AI score0.00194EPSS
Exploits0References3
nessus
nessus
added 2026/05/21 12:0 a.m.29 views

F5 Networks BIG-IP : BIG-IP TMM vulnerability (K000158038)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4 / 21.0.0. It is, therefore, affected by a vulnerability as referenced in the K000158038 advisory. When a classification profile is configured on a UDP virtual server, undisclosed requests can cause the...

8.7CVSS5.8AI score0.00263EPSS
Exploits0References2
cvelist
cvelist
added 2026/05/07 10:25 p.m.32 views

CVE-2026-6411 MAXHUB Pivot Client Application Use of a Broken or Risky Cryptographic Algorithm

This vulnerability, in the MAXHUB Pivot client application versions prior to v1.36.2, may allow an attacker to obtain encrypted tenant email addresses and related metadata from any tenant. Due to the presence of a hardcoded AES key within the application, the encrypted data can be decrypted,...

7.3CVSS0.00159EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/03/05 8:23 p.m.5 views

CVE-2026-29081 Frappe: Possibility of SQL Injection due to improper fieldname sanitization

Frappe is a full-stack web application framework. Prior to versions 14.100.1 and 15.100.0, an endpoint was vulnerable to SQL injection through specially crafted requests, which would allow a malicious actor to extract sensitive information. This issue has been patched in versions 14.100.1 and...

6.5CVSS5.8AI score0.00273EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/01/07 12:0 a.m.6 views

ABB WebPro SNMP Card PowerValue和ABB WebPro SNMP Card PowerValue UL 安全漏洞

ABB WebPro SNMP Card PowerValue and ABB WebPro SNMP Card PowerValue UL are both a remote web management system from ABB Switzerland. A security vulnerability exists in ABB WebPro SNMP Card PowerValue and ABB WebPro SNMP Card PowerValue UL 1.1.8.K and earlier versions, which stems from an incorrec...

8.8CVSS6.8AI score0.00244EPSS
Exploits0References1
nvd
nvd
added 2026/01/05 10:15 p.m.7 views

CVE-2025-69223

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host's memory...

7.5CVSS0.00487EPSS
Exploits0References25
redhatcve
redhatcve
added 2025/08/14 6:24 p.m.6 views

CVE-2025-49557

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be exploited by a low-privileged attacker to inject malicious scripts into vulnerable form fields. A successful attacker...

8.7CVSS5AI score0.00604EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 6:8 a.m.4 views

CVE-2018-11317

Subrion CMS before 4.1.4 has XSS...

6.1CVSS7AI score0.00905EPSS
Exploits0References1
redhat
redhat
added 2025/03/18 2:8 p.m.6 views

firefox: thunderbird: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume...

7.5CVSS7.2AI score0.00519EPSS
Exploits1References8
osv
osv
added 2024/11/06 10:15 a.m.6 views

AZL-52384 CVE-2024-9902 affecting package ansible for versions less than 2.14.18-1

A flaw was found in Ansible. The ansible-core user module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the user module against the unprivileged user's home directory. If the...

6.3CVSS6.9AI score0.00256EPSS
Exploits0References1
osv
osv
added 2024/01/11 4:15 p.m.7 views

CVE-2023-5118

The application is vulnerable to Stored Cross-Site Scripting XSS in the endpoint /sofer/DocumentService.asc/SaveAnnotation, where input data transmitted via the POST method in the parameters author and text are not adequately sanitized and validated. This allows for the injection of malicious...

5.4CVSS5.7AI score0.00335EPSS
Exploits0References2
osv
osv
added 2023/08/14 8:15 p.m.3 views

CVE-2023-3721

The WP-EMail WordPress plugin before 2.69.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00402EPSS
Exploits2References1
pypa
pypa
added 2023/06/08 9:15 p.m.7 views

PYSEC-2023-88

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Versions prior to 3.0.2 are vulnerable to command injection via single sign-onSSO browser URL authentication. In order to exploit the...

8.8CVSS8.1AI score0.01841EPSS
Exploits1References4Affected Software1
osv
osv
added 2022/10/18 9:15 p.m.2 views

UBUNTU-CVE-2022-21621

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 6.1.40. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise...

6CVSS6.7AI score0.00316EPSS
Exploits0References4
cnvd
cnvd
added 2017/09/14 12:0 a.m.2 views

Tcpdump EIGRP Parser Buffer Overflow Vulnerability

Tcpdump is a set of sniffing tools developed by the Tcpdump team that run at the command line. The tools allow users to intercept and display TCP/IP and other packets sent or received over a network connection to that computer.EIGRP parser is one of the enhanced interior gateway routing protocol...

9.8CVSS9.4AI score0.02389EPSS
Exploits0References1
Rows per page
Query Builder