Lucene search
+L

43 matches found

OSV
OSV
added 2026/06/22 10:57 p.m.6 views

GHSA-9M6G-WC8R-Q59C scimPatch vulnerable to prototype pollution via unfiltered keys in patch

Summary scim-patch performs prototype pollution when applying a SCIM PATCH operation whose value object contains a key like "proto.someProp". After one such patch, Object.prototype.someProp is set process-wide, affecting every plain object in the Node process. Any service that calls scimPatch on...

9.1CVSS5.8AI score
Exploits0References3
OSV
OSV
added 2026/06/11 9:41 a.m.3 views

CVE-2026-53911 Cerebrate primary key mass assignment in CRUD edit operations allows authenticated users to overwrite unrelated records

Cerebrate before version 1.37 allowed the id primary key field to be supplied through request input during CRUD edit operations and certain custom entity patching flows. In affected entities that did not explicitly mark id as inaccessible, an authenticated attacker could submit a crafted edit...

6.3CVSS6AI score0.00207EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/18 8:37 p.m.14 views

Uncontrolled Recursion

Overview Magick.NET-Q8-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.9CVSS5.8AI score0.0012EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 8:37 p.m.13 views

Uncontrolled Recursion

Overview Magick.NET-Q16-HDRI-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.9CVSS5.8AI score0.0012EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 8:37 p.m.15 views

Uncontrolled Recursion

Overview Magick.NET-Q16-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.9CVSS5.8AI score0.0012EPSS
Exploits0References2
Veracode
Veracode
added 2026/05/16 5:34 a.m.13 views

Filter Expression Injection

Spring AI is vulnerable to Filter Expression Injection. The vulnerability is due to insufficient sanitization of document IDs in MilvusVectorStoredoDeleteList, where attacker-controlled IDs are incorporated into Milvus filter expressions, allowing injection of malicious query conditions that can...

8.6CVSS5.8AI score0.00353EPSS
Exploits0References3Affected Software2
CNNVD
CNNVD
added 2026/02/21 12:0 a.m.10 views

OpenClaw 安全漏洞

OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw has a security vulnerability that originates in the Discord audit operation processing using the sender's identity in the request parameters, which can be exploited by an attacker to request an audit operation by...

4.3CVSS5.8AI score0.0019EPSS
Exploits0References3
OSV
OSV
added 2025/10/20 12:4 a.m.9 views

USN-7827-1 gst-plugins-base1.0 vulnerabilities

Shaun Mirani discovered that GStreamer Base Plugins did not correctly handle certain memory operations. An attacker could possibly use this issue to cause a denial of service...

5.6CVSS6.9AI score0.00459EPSS
Exploits3References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2009-4786

Malware in sbrugna...

4.3CVSS6.4AI score0.01734EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-33127

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00317EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-46524

Malicious code in bioql PyPI...

5.9CVSS5.4AI score0.0042EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/09/29 12:0 a.m.4 views

AlmaLinux 8 : postgresql:15 (ALSA-2025:15022)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:15022 advisory. postgresql: PostgreSQL executes arbitrary code in restore operation CVE-2025-8715 postgresql: PostgreSQL code execution in restore operation CVE-2025-871...

8.8CVSS7.9AI score0.00736EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2025/09/08 12:0 a.m.3 views

RockyLinux 9 : postgresql:16 (RLSA-2025:14827)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:14827 advisory. postgresql: PostgreSQL executes arbitrary code in restore operation CVE-2025-8715 postgresql: PostgreSQL code execution in restore operation CVE-2025-87...

8.8CVSS8.5AI score0.00736EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2025/09/08 12:0 a.m.3 views

RockyLinux 8 : postgresql:16 (RLSA-2025:14899)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:14899 advisory. postgresql: PostgreSQL executes arbitrary code in restore operation CVE-2025-8715 postgresql: PostgreSQL code execution in restore operation CVE-2025-87...

8.8CVSS8.5AI score0.00736EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2025/08/31 12:0 a.m.3 views

RHEL 9 : postgresql (RHSA-2025:14869)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14869 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL executes arbitrary code...

8.8CVSS8.5AI score0.00736EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/05/22 4:53 p.m.7 views

CVE-2020-8949

Gocloud S2AWL 4.2.7.16471, S2A 4.2.7.17278, S2A 4.3.0.15815, S2A 4.3.0.17193, S3A K2P MTK 4.2.7.16528, S3A 4.3.0.16572, and ISP3000 4.3.0.17190 devices allows remote attackers to execute arbitrary OS commands via shell metacharacters in a ping operation, as demonstrated by the...

9CVSS8.1AI score0.02829EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:36 a.m.8 views

CVE-2019-15665

An issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120004 in KfeCo10X64.sys fails to validate an offset passed as a parameter during a memory operation, leading to an arbitrary write primitive that can lead to code execution or escalation of privileges...

9CVSS7.8AI score0.02556EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/05/03 12:0 a.m.7 views

LG Simple Editor 安全漏洞

LG Simple Editor is a simple editor from Luckin LG Korea that creates new content by simplifying the process and instant playback on signage. LG Simple Editor suffers from a remote code execution vulnerability that is caused by failing to properly validate a user-supplied path before using it in ...

9.8CVSS8.1AI score0.02388EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/04/19 12:0 a.m.5 views

Code Sector TeraCopy 安全漏洞

Code Sector TeraCopy is Code Sector's free file transfer program designed to replace the built-in Windows Explorer file transfer feature. A security vulnerability exists in Code Sector TeraCopy version 3.9.7, which originates from the fact that proper access validation is not performed on the...

5.5CVSS6.8AI score0.00317EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2022/12/06 1:30 a.m.5 views

CVE-2022-34881 Information Exposure Vulnerability in JP1/Automatic Operation

Generation of Error Message Containing Sensitive Information vulnerability in Hitachi JP1/Automatic Operation allows local users to gain sensitive information. This issue affects JP1/Automatic Operation: from 10-00 through 10-54-03, from 11-00 before 11-51-09, from 12-00 before 12-60-01...

3.3CVSS4AI score0.00166EPSS
Exploits0References1
Rows per page
Query Builder