Lucene search
K

17 matches found

Github Security Blog
Github Security Blog
added 2026/04/22 7:23 p.m.8 views

nimiq-blockchain: Peer-triggerable panic during history sync

Impact HistoryStore::puthistorictxns uses an assert! to enforce invariants about HistoricTransaction.blocknumber must be within the macro block being pushed and within the same epoch. During history sync, a peer can influence the history: &HistoricTransaction input passed into...

5.3CVSS5.7AI score0.00242EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/08 7:20 p.m.2 views

CVE-2026-35477 InvenTree has SSTI in PART_NAME_FORMAT bypasses CVE-2026-27629 fix via {% if part.pk %} sandbox escape

InvenTree is an Open Source Inventory Management System. From 1.2.3 to 1.2.6, the fix for CVE-2026-27629 upgraded the PARTNAMEFORMAT validator to use jinja2.sandbox.SandboxedEnvironment. However, the actual renderer in part/helpers.py was not updated and still uses the non-sandboxed...

5.5CVSS6AI score0.00259EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/27 8:13 p.m.2 views

EUVD-2026-9061

pillowheif is a Python library for working with HEIF images and plugin for Pillow. Prior to version 1.3.0, an integer overflow in the encode path buffer validation of pillowheif.c allows an attacker to bypass bounds checks by providing large image dimensions, resulting in a heap out-of-bounds rea...

6.9CVSS6.1AI score0.00632EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/19 8:27 a.m.27 views

CVE-2026-25391 WordPress WP Wand plugin <= 1.3.07 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Grids WP Wand ai-content-generation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Wand: from n/a through = 1.3.07...

5.4CVSS0.00209EPSS
Exploits0References1
OSV
OSV
added 2026/01/10 2:57 a.m.8 views

CVE-2026-22597 Ghost has SSRF via External Media Inliner

Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF...

5.1CVSS6.6AI score0.00265EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/09/26 12:0 a.m.4 views

Vimesoft Messaging Platform 安全漏洞

Vimesoft Messaging Platform is an enterprise instant messaging platform from the Turkish company Vimesoft. A security vulnerability exists in Vimesoft Messaging Platform version V1.3.0 up to and including version V2.0.0, which stems from the embedding of sensitive information in the sent data and...

5.3CVSS6.5AI score0.00267EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/31 12:0 a.m.4 views

EasyVirt DC Scope和EasyVirt CO2 Scope 安全漏洞

EasyVirt DC Scope and EasyVirt CO2 Scope are both products of the French company EasyVirt.EasyVirt DC Scope is a monitoring and management solution for VMware Virtualization VMware.EasyVirt CO2 Scope is a real-time monitoring and control solution for IT services, virtual machines and servers in...

9.8CVSS7.7AI score0.0109EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/12/07 12:0 a.m.4 views

Dalmann OCPP.Core Security Vulnerability

Dalmann OCPP.Core is an OCPP Open Charge Point Protocol server written in .NET 6 by Ulrich Personal Developer. A security vulnerability exists in Dalmann OCPP.Core versions prior to 1.3.0, which stems from the server allowing an attacker to stop a transaction using a Random Transaction ID...

7.5CVSS7.5AI score0.00713EPSS
Exploits1References2
OSV
OSV
added 2023/07/05 8:15 p.m.3 views

DEBIAN-CVE-2023-34457

MechanicalSoup is a Python library for automating interaction with websites. Starting in version 0.2.0 and prior to version 1.3.0, a malicious web server can read arbitrary files on the client using a inside HTML form. All users of MechanicalSoup's form submission are affected, unless they took...

7.5CVSS7.5AI score0.009EPSS
Exploits1References1
OSV
OSV
added 2023/01/18 12:15 a.m.2 views

CVE-2023-21838

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle...

7.5CVSS7.2AI score0.00857EPSS
Exploits0References1
Circl
Circl
added 2022/08/11 12:26 a.m.24 views

CVE-2022-38130

creationtimestamp| type| source ---|---|--- 2022-08-11 00:26:35+00:00| seen| https://t.me/cibsecurity/47904 2024-11-16 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2024-11-16 2025-01-26 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities -...

9.8CVSS7.3AI score0.53389EPSS
In wildExploits0References5
OSV
OSV
added 2022/07/26 1:15 p.m.5 views

AZL-10337 CVE-2021-33467 affecting package yasm 1.3.0-17

An issue was discovered in yasm version 1.3.0. There is a use-after-free in ppgetline in modules/preprocs/nasm/nasm-pp.c...

5.5CVSS6AI score0.00317EPSS
Exploits1References1
OSV
OSV
added 2022/01/25 2:15 p.m.2 views

UBUNTU-CVE-2021-45846

A flaw in the AMF parser of Slic3r libslic3r 1.3.0 allows an attacker to cause an application crash using a crafted AMF document, where a metadata tag lacks a "type" attribute...

5.5CVSS6AI score0.00609EPSS
Exploits1References3
OSV
OSV
added 2020/10/21 3:15 p.m.4 views

CVE-2020-14864

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware component: Installation. Supported versions that are affected are 5.5.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via...

7.5CVSS7.3AI score0.97233EPSS
Exploits2References3
CNVD
CNVD
added 2020/03/31 12:0 a.m.3 views

USC iLab cereal buffer overflow vulnerability

USC iLab cereal is a C++ library for serialization. A security vulnerability exists in USC iLab cereal version 1.3.0 and earlier. An attacker can exploit the vulnerability to obtain sensitive information memory layout or private key...

5.3CVSS6.6AI score0.01534EPSS
Exploits1
OSV
OSV
added 2016/07/21 10:12 a.m.4 views

CVE-2016-3468

Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.3.0 and 6.2.0.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Install...

9.8CVSS5.8AI score0.05477EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2015/01/21 6:59 p.m.7 views

CVE-2015-0386

Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect availability via unknown vectors related to Web Listener, a different vulnerability than CVE-2013-0338, CVE-2013-2877, and CVE-2014-0191...

5CVSS5.6AI score0.081EPSS
Exploits1References3
Rows per page
Query Builder