Lucene search
K

207 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 11:22 p.m.8 views

CVE-2022-39385

Discourse is the an open source discussion platform. In some rare cases users redeeming an invitation can be added as a participant to several private message topics that they should not be added to. They are not notified of this, it happens transparently in the background. This issue has been...

6.5CVSS6.7AI score0.00497EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:36 p.m.18 views

CVE-2021-43780

Redash is a package for data visualization and sharing. In versions 10.0 and priorm the implementation of URL-loading data sources like JSON, CSV, or Excel is vulnerable to advanced methods of Server Side Request Forgery SSRF. These vulnerabilities are only exploitable on installations where a...

8.8CVSS7.1AI score0.01005EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 5:38 p.m.7 views

CVE-2020-36828

A vulnerability was found in DiscuzX up to 3.4-20200818. It has been classified as problematic. Affected is the function shownextstep of the file upload/install/include/installfunction.php. The manipulation of the argument uchidden leads to cross site scripting. It is possible to launch the attac...

4CVSS6.3AI score0.00484EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 11:19 a.m.5 views

CVE-2013-10007

A vulnerability classified as problematic has been found in ethitter WP-Print-Friendly up to 0.5.2. This affects an unknown part of the file wp-print-friendly.php. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. Upgrading to version 0.5.3 is able ...

7.5CVSS6.6AI score0.00887EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:38 a.m.8 views

CVE-2019-25103

A vulnerability has been found in simple-markdown 0.5.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file simple-markdown.js. The manipulation leads to inefficient regular expression complexity. The attack can be launched remotely. Upgrading to...

7.5CVSS6.9AI score0.0094EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:34 a.m.6 views

CVE-2015-10072

A vulnerability classified as problematic was found in NREL api-umbrella-web 0.7.1. This vulnerability affects unknown code of the component Flash Message Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.8.0 is able to address...

6.1CVSS6.5AI score0.00535EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:5 a.m.5 views

CVE-2014-125089

A vulnerability was found in cention-chatserver 3.8.0-rc1. It has been declared as problematic. Affected by this vulnerability is the function formatBody of the file lib/InternalChatProtocol.fe. The manipulation of the argument body leads to cross site scripting. The attack can be launched...

6.1CVSS6.3AI score0.00489EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:35 a.m.4 views

CVE-2018-25058

A vulnerability classified as problematic has been found in Twitter-Post-Fetcher up to 17.x. This affects an unknown part of the file js/twitterFetcher.js of the component Link Target Handler. The manipulation leads to use of web link to untrusted target with window.opener access. It is possible ...

6.1CVSS6.9AI score0.00518EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/16 10:33 a.m.13 views

Security Bulletin: There is a vulnerability in netty-common-4.1.115.Final.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-25193)

Summary There is a vulnerability in netty-common-4.1.115.Final.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2025-25193 DESCRIPTION: Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up ...

5.5CVSS5.5AI score0.00357EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2025/05/15 9:13 p.m.15 views

CVE-2025-47275 Brute Force Authentication Tags of CookieStore Sessions in Auth0-PHP SDK

Auth0-PHP provides the PHP SDK for Auth0 Authentication and Management APIs. Starting in version 8.0.0-BETA1 and prior to version 8.14.0, session cookies of applications using the Auth0-PHP SDK configured with CookieStore have authentication tags that can be brute forced, which may result in...

9.1CVSS0.00467EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/05/13 9:34 p.m.20 views

OpenPubkey Vulnerable to Authentication Bypass

Impact Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification. Patches Upgrade to v0.10.0 or greater. This vulnerability is not present in versions of OpenPubkey after v0.9.0. References CVE-2025-3757...

9.8CVSS6.7AI score0.00355EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/05/02 9:15 p.m.3 views

UBUNTU-CVE-2025-4215

A vulnerability was found in gorhill uBlock Origin up to 1.63.3b16. It has been classified as problematic. Affected is the function currentStateChanged of the file src/js/1p-filters.js of the component UI. The manipulation leads to inefficient regular expression complexity. It is possible to laun...

3.7CVSS4.3AI score0.0057EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2025/04/25 6:37 p.m.23 views

CVE-2025-3509

A Remote Code Execution RCE vulnerability was identified in GitHub Enterprise Server that allowed attackers to execute arbitrary code by exploiting the pre-receive hook functionality, potentially leading to privilege escalation and system compromise. The vulnerability involves using dynamically...

7.2CVSS7.9AI score0.01209EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/17 10:50 p.m.38 views

CVE-2025-3509 Pre-Receive Hook Remote Code Execution vulnerability was identified in GitHub Enterprise Server that allowing Privilege Escalation

A Remote Code Execution RCE vulnerability was identified in GitHub Enterprise Server that allowed attackers to execute arbitrary code by exploiting the pre-receive hook functionality, potentially leading to privilege escalation and system compromise. The vulnerability involves using dynamically...

7.1CVSS0.01209EPSS
Exploits0References5
CVE
CVE
added 2025/04/04 2:0 a.m.50 views

CVE-2025-3199

The CVE refers to ageerle ruoyi-ai up to 2.0.1 with a vulnerability in the API Interface component (SysModelController.java) that leads to improper authorization. Exploitation is described as remotely feasible, and public disclosures exist. A fix is available in version 2.0.2; applying the patch ...

9.8CVSS7.2AI score0.00536EPSS
Exploits1References8Affected Software1
Cvelist
Cvelist
added 2025/03/25 2:55 p.m.43 views

CVE-2025-30213 Frappe has Possibility of Remote Code Execution due to improper validation

Frappe is a full-stack web application framework. Prior to versions 14.91.0 and 15.52.0, a system user was able to create certain documents in a specific way that could lead to remote code execution. Versions 14.9.1 and 15.52.0 contain a patch for the vulnerability. There's no workaround; an...

8.7CVSS0.00669EPSS
Exploits0References1
OSV
OSV
added 2025/03/17 9:37 p.m.14 views

CVE-2025-29781 Bare Metal Operator (BMO) can expose any secret from other namespaces via BMCEventSubscription CRD

The Bare Metal Operator BMO implements a Kubernetes API for managing bare metal hosts in Metal3. Baremetal Operator enables users to load Secret from arbitrary namespaces upon deployment of the namespace scoped Custom Resource BMCEventSubscription. Prior to versions 0.8.1 and 0.9.1, an adversary...

6.5CVSS8AI score0.00169EPSS
Exploits0References7
OSV
OSV
added 2025/03/11 7:15 a.m.1 views

UBUNTU-CVE-2025-2174

A vulnerability was found in libzvbi up to 0.2.43. It has been declared as problematic. Affected by this vulnerability is the function vbistrndupiconvucs2 of the file src/conv.c. The manipulation of the argument srclength leads to integer overflow. The attack can be launched remotely. The exploit...

7.5CVSS5AI score0.00764EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2022-39958

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly...

7.5CVSS7.1AI score0.00953EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2023-40181

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions are subject to an Integer-Underflow...

9.1CVSS6.8AI score0.01432EPSS
Exploits1References2
Rows per page
Query Builder