Lucene search
K

23 matches found

CNNVD
CNNVD
added 2026/05/08 12:0 a.m.12 views

Gitroom Postiz 代码问题漏洞

Gitroom Postiz is an open-source social media scheduling tool developed by Gitroom. Versions of Gitroom Postiz from 2.16.6 to 2.21.7 contained code vulnerabilities. These vulnerabilities were caused by a TOCTOU vulnerability in the SSRF protection mechanism, which could allow attackers to redirec...

6.5CVSS5.9AI score0.00224EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/01/30 3:54 p.m.8 views

@activepieces/piece-amazon-s3 (>=0.5.4 <=0.5.9), @activepieces/piece-amazon-ses (>=0.0.1 <=0.1.3) +990 more potentially affected by CVE-2026-25128 via fast-xml-parser (>=5.0.9 <=5.3.3)

fast-xml-parser NPM version =5.0.9, =0.5.4, =0.0.1, =13.1.4, =1.0.0, =1.9.12, =1.0.3, =1.1.31, =1.0.0, =1.7.16, =2.33.6, =1.4.37, =1.6.11, =1.7.1 and more Source cves: CVE-2026-25128 Source advisory: SNYK:JS-FASTXMLPARSER-15155603...

7.5CVSS5.7AI score0.00559EPSS
Exploits1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-39592

Malicious code in bioql PyPI...

5.3CVSS6.4AI score0.00301EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-50939

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00514EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/16 12:0 a.m.3 views

Authen::SASL::Perl::DIGEST_MD5 安全漏洞

Authen::SASL::Perl::DIGESTMD5 is a module in the Perl language from the Perl community. A security vulnerability exists in Authen::SASL::Perl::DIGESTMD5 versions 2.04 through 2.1800 and earlier, which stems from insecure cnonce generation...

6.5CVSS6.4AI score0.00394EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/23 7:40 a.m.9 views

CVE-2024-6595

An issue was discovered in GitLab CE/EE affecting all versions starting from 11.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 where it was possible to upload an NPM package with conflicting package data...

5.3CVSS6.4AI score0.00462EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:6 a.m.2 views

CVE-2023-22725

GLPI is a Free Asset and IT Management Software package. Versions 0.6.0 and above, prior to 10.0.6 are vulnerable to Cross-site Scripting. This vulnerability allow for an administrator to create a malicious external link. This issue is patched in 10.0.6...

6.2CVSS6.8AI score0.0062EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:8 a.m.7 views

CVE-2023-46772

Vulnerability of parameters being out of the value range in the QMI service module. Successful exploitation of this vulnerability may cause errors in reading file data...

7.5CVSS6.9AI score0.00514EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:47 a.m.7 views

CVE-2023-52728

Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.25 allows an index out-of-range condition in putBitString...

5.5CVSS6.9AI score0.00207EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 7:10 a.m.8 views

CVE-2024-32086

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in AitThemes Citadela Listing.This issue affects Citadela Listing: from n/a through 5.18.1...

7.5CVSS5.2AI score0.00519EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2024/05/20 10:15 a.m.18 views

CVE-2024-35980

In the Linux kernel, the following vulnerability has been resolved: arm64: tlb: Fix TLBI RANGE operand KVM/arm64 relies on TLBI RANGE feature to flush TLBs when the dirty pages are collected by VMM and the page table entries become write protected during live migration. Unfortunately, the operand...

5.5CVSS5.8AI score0.00225EPSS
Exploits0References9
BDU FSTEC
BDU FSTEC
added 2024/04/04 12:0 a.m.3 views

The vulnerability of the Range component in the module interface between web servers and web applications in Rack architecture allows a attacker to cause a service failure.

The vulnerability of the Range component in the module interface between web servers and web applications in Rack is related to the processing of input data according to RFC2183. This can take an unexpected amount of time. Exploiting this vulnerability could allow a malicious actor to cause servi...

7.8CVSS6.5AI score0.01617EPSS
Exploits0References7Affected Software4
OSV
OSV
added 2024/03/29 12:15 p.m.11 views

CVE-2024-23449

An uncaught exception in Elasticsearch = 8.4.0 and 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with unencrypte...

5.3CVSS5AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2023/10/05 8:18 p.m.3 views

nodejs-semver: Regular expression denial of service

A Regular Expression Denial of Service ReDoS vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size,...

7.5CVSS6.8AI score0.02761EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2023/09/26 2:56 p.m.1 views

nodejs-semver: Regular expression denial of service

A Regular Expression Denial of Service ReDoS vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size,...

7.5CVSS6.8AI score0.02761EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2023/06/22 2:42 a.m.2 views

SUSE CVE-2022-25883

Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service ReDoS via the function new Range, when untrusted user data is provided as a range...

4CVSS8.1AI score0.02761EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/04/01 12:0 a.m.6 views

NVIDIA GPU Display Driver for Linux 缓冲区错误漏洞

NVIDIA GPU Display Driver for Linux is a driver from NVIDIA Corporation for interactive support of graphics card display modules in Linux systems. A security vulnerability exists in the NVIDIA GPU Display Driver for Linux version, which arises from improperly restricting operations within a memor...

7.8CVSS7.5AI score0.0025EPSS
Exploits0References3
Snyk
Snyk
added 2023/01/25 4:0 p.m.2 views

Regular Expression Denial of Service (ReDoS)

Overview semver is a semantic version parser used by npm. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the function new Range, when untrusted user data is provided as a range. PoC js const semver = require'semver' const lengths2 = 2000, 4000,...

7.5CVSS6.8AI score0.02761EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/12/21 12:0 a.m.5 views

Isode M-Vault 安全漏洞

Isode M-Vault is a high performance secure LDAP/X.500 server from Isode UK. A security vulnerability exists in Isode M-Vault versions R16.0v0 through R17.0v23, which stems from a program that crashes on LDAP v1 bind requests...

7.5CVSS7.3AI score0.00616EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2022/10/04 10:17 p.m.5 views

ae.teletronics.nlp:entityextraction (=1.3), ae.teletronics.nlp:w2vec (=1.0) +20762 more potentially affected by CVE-2022-3171 via com.google.protobuf:protobuf-java (>=2.0.3 <=3.16.1)

com.google.protobuf:protobuf-java MAVEN version =2.0.3, =0.25-rc1, =0.25-rc1, =0.25, =0.25, =0.25, =0.25, =1.0.1, =1.0.6, =1.0.6, =1.1, =1.1.1, =1.2, =1.2, =1.2.10 and more Source cves: CVE-2022-3171 Source advisory: OSV:GHSA-H4H5-3HR4-J3G2...

7.5CVSS6.6AI score0.01048EPSS
Exploits0
Rows per page
Query Builder