Lucene search
K

8338 matches found

Positive Technologies
Positive Technologies
•added 2025/08/12 12:0 a.m.•9 views

PT-2025-32686 Ā· Kanboard Ā· Kanboard

Name of the Vulnerable Software and Affected Versions: Kanboard versions prior to 1.2.47 Description: Kanboard is project management software based on the Kanban methodology. A deserialization issue in ProjectEventActvityFormatter allows administrators to instantiate arbitrary PHP objects by...

9.1CVSS8.4AI score0.0087EPSS
Exploits1References9
Intel
Intel
•added 2025/08/12 12:0 a.m.•8 views

Device Plugins for Kubernetes Advisory

Summary: A potential security vulnerability for some Device Plugins for Kubernetes software maintained by Intel may allow denial of service. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2025-24313 Description: Improper access...

6.7CVSS7AI score0.00133EPSS
Exploits0
NVD
NVD
•added 2025/08/10 4:15 a.m.•8 views

CVE-2025-52136

In EMQX before 5.8.6, administrators can install arbitrary novel plugins via the Dashboard web interface. NOTE: the Supplier's position is that this is the intended behavior; however, 5.8.6 adds a defense-in-depth feature in which a plugin's acceptability for later Dashboard installation is set b...

3CVSS0.00257EPSS
Exploits0References3
Vulnrichment
Vulnrichment
•added 2025/08/10 12:0 a.m.•5 views

CVE-2025-52136

In EMQX before 5.8.6, administrators can install arbitrary novel plugins via the Dashboard web interface. NOTE: the Supplier's position is that this is the intended behavior; however, 5.8.6 adds a defense-in-depth feature in which a plugin's acceptability for later Dashboard installation is set b...

3CVSS7.2AI score0.00257EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2025/08/10 12:0 a.m.•7 views

PT-2025-32464 Ā· Emqx Ā· Emqx

Name of the Vulnerable Software and Affected Versions: EMQX versions prior to 5.8.6 Description: Administrators could install arbitrary novel plugins via the Dashboard web interface. The supplier considers this intended behavior; however, version 5.8.6 introduced a defense-in-depth feature...

3CVSS7.3AI score0.00257EPSS
Exploits0References8
Cvelist
Cvelist
•added 2025/08/10 12:0 a.m.•11 views

CVE-2025-52136

In EMQX before 5.8.6, administrators can install arbitrary novel plugins via the Dashboard web interface. NOTE: the Supplier's position is that this is the intended behavior; however, 5.8.6 adds a defense-in-depth feature in which a plugin's acceptability for later Dashboard installation is set b...

3CVSS0.00257EPSS
Exploits0References3
CNNVD
CNNVD
•added 2025/08/10 12:0 a.m.•12 views

EMQX ä»£ē é—®é¢˜ę¼ę“ž

EMQX is an MQTT messaging server from EMQX Corporation. A code issue vulnerability exists in EMQX versions prior to 5.8.6 that stems from the Dashboard interface allowing the installation of arbitrary plugins, which could lead to a security risk...

3CVSS6.9AI score0.00257EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2025/08/08 11:35 a.m.•2 views

CVE-2025-47808

A flaw was found in gstreamer1-plugins-base. The subparse plugin's tmplayerparseline function incorrectly attempts to dereference a NULL pointer during subtitle file parsing. This flaw allows a local attacker to provide a specially crafted subtitle file, causing the program to crash. Mitigation...

5.6CVSS5.7AI score0.00428EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2025/08/08 11:35 a.m.•4 views

CVE-2025-47219

A flaw was found in gstreamer1-plugins-good. The isomp4 plugin's qtdemuxparsetrak function incorrectly handles MP4 file parsing, resulting in a heap buffer over-read. This flaw allows a local attacker to provide a specially crafted MP4 file. This over-read can lead to information disclosure...

8.1CVSS5.7AI score0.00578EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2025/08/08 11:35 a.m.•4 views

CVE-2025-47183

A flaw was found in gstreamer1-plugins-good. The isomp4 plugin's qtdemuxparsetree function incorrectly handles MP4 file parsing, resulting in a heap buffer over-read. This flaw allows a local attacker to trigger this vulnerability by providing a specially crafted MP4 file. This over-read can lead...

6.6CVSS5.7AI score0.00187EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2025/08/08 11:35 a.m.•3 views

CVE-2025-47807

A flaw was found in gstreamer1-plugins-base. The subparse plugin's subripunescapeformatting function contains a NULL pointer dereference when parsing a subtitle file, which can lead to a program crash. This vulnerability allows a local attacker to provide a specially crafted subtitle file, causin...

5.6CVSS5.6AI score0.00185EPSS
Exploits1References5
OSV
OSV
•added 2025/08/07 8:15 p.m.•7 views

AZL-66192 CVE-2025-47808 affecting package gstreamer1-plugins-base 1.20.0-3

In GStreamer through 1.26.1, the subparse plugin's tmplayerparseline function may dereference a NULL pointer while parsing a subtitle file, leading to a crash...

5.6CVSS7.4AI score0.00428EPSS
Exploits1References1
Wordfence Blog
Wordfence Blog
•added 2025/08/06 5:43 p.m.•20 views

How To Find SQL Injection Vulnerabilities in WordPress Plugins and Themes

SQL Injection SQLi , a vulnerability almost as old as database-driven web applications themselves CWE-89, persists as a classic example of failing to neutralize user-supplied input before it's used in a SQL query. So why does this well-understood vulnerability type continue to exist? In the...

9.8CVSS9.5AI score0.89431EPSS
Exploits15
Cvelist
Cvelist
•added 2025/08/06 2:10 p.m.•12 views

CVE-2025-8616 Malicious browser plugins may cause Authentication replay attack vulnerability to bypass authentication in OpenText Advanced Authentication

A weakness identified in OpenText Advanced Authentication where a Malicious browser plugin can record and replay the user authentication process to bypass Authentication. This issue affects Advanced Authentication on or before 6.5.0...

6.1CVSS0.00377EPSS
Exploits0References1
SUSE CVE
SUSE CVE
•added 2025/08/06 2:53 a.m.•2 views

SUSE CVE-2025-47943

Gogs is an open source self-hosted Git service. In application version 0.14.0+dev and prior, there is a stored cross-site scripting XSS vulnerability present in Gogs, which allows client-side Javascript code execution. The vulnerability is caused by the usage of a vulnerable and outdated componen...

6.3CVSS6.3AI score0.00302EPSS
Exploits0References2
CNNVD
CNNVD
•added 2025/08/06 12:0 a.m.•4 views

Grav CMS å®‰å…Øę¼ę“ž

Grav CMS is Grav open source a flat file-based content management system . Grav CMS suffers from a remote code execution vulnerability that originates from allowing authenticated administrators to upload malicious plugins via the admin/tools/direct-install interface, which can be exploited by an...

8.1CVSS8.4AI score0.0871EPSS
Exploits7References4
OSV
OSV
•added 2025/08/05 4:51 p.m.•7 views

CLSA-2025-1754412669 gstreamer1-plugins-bad-free: Fix of CVE-2023-44446

CVE-2023-44446: fix use-after-free in MXF demuxer by storing essence tracks in fixed allocations...

8.8CVSS7.3AI score0.01744EPSS
Exploits0References1
RedHat Linux
RedHat Linux
•added 2025/08/01 5:42 p.m.•2 views

kafka-clients: privilege escalation to filesystem read-access via automatic ConfigProvider

A flaw was found in Apache Kafka Clients. Apache Kafka Clients accepts configuration data for customizing behavior and includes ConfigProvider plugins to manipulate these configurations. Apache Kafka also provides FileConfigProvider, DirectoryConfigProvider, and EnvVarConfigProvider...

6.5CVSS7.4AI score0.01129EPSS
Exploits0References5
vulnersOsv
vulnersOsv
•added 2025/07/30 1:16 p.m.•3 views

ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.charlyghislain.keycloak:keycloak-importexport (>=21.0.0 <=23.0.1) +105 more potentially affected by CVE-2025-7365 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=26.0.1)

org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =0.1.0, =21.0.0, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.0.1, =1.0.2 - com.kleegroup.accelerator:accelerator-security-keycloakmfa =1.0.1 and more Source cves: CVE-2025-7365 Source advisory:...

7.1CVSS5.5AI score0.00226EPSS
Exploits0
Rockylinux
Rockylinux
•added 2025/07/29 1:38 p.m.•2 views

gstreamer1-plugins-bad-free security update

An update is available for gstreamer1-plugins-bad-free. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GStreamer is a streaming media framework based on graphs ...

8.8CVSS9.2AI score0.00708EPSS
Exploits0
Rows per page
Query Builder