Lucene search
K

23 matches found

Spring Security Advisories
Spring Security Advisories
added 2026/06/09 12:0 a.m.9 views

This Week in Spring - June 9th, 2026

Hi Spring fans! Welcome to another installment of This Week in Spring! Tons of releases coming out today and this week! So make sure you're pulling in the latest posts, as often as possible! Spring LDAP 2026.06 Releases - Contains CVE Fix Spring Framework 7.0.8 and 6.2.19 Available Now Spring...

5.6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/11 8:27 p.m.9 views

CVE-2026-8212

A flaw has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this vulnerability is the function SWSDfldsrch of the file frmts/hdf4/hdf-eos/SWapi.c. Executing a manipulation can lead to heap-based buffer overflow. The attack requires local access. The exploit has been published and may be...

5.5CVSS6AI score0.00205EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/10 12:33 a.m.9 views

EUVD-2026-28949

A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit h...

5.3CVSS5.4AI score0.00258EPSS
Exploits1References9
OSV
OSV
added 2026/05/09 11:16 p.m.5 views

DEBIAN-CVE-2026-8213

A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit h...

5.5CVSS5.5AI score0.00258EPSS
Exploits1References1
OSV
OSV
added 2025/12/22 10:16 p.m.2 views

DEBIAN-CVE-2025-68480

Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to before 3.26.2 and from 4.0.0 to before 4.1.2, Schema.loaddata, many=True is vulnerable to denial of service attacks. A moderately sized request can consume a...

5.3CVSS5.3AI score0.00252EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/01 12:0 a.m.3 views

OpenVPN 安全漏洞

OpenVPN is a software package for creating encrypted tunnels for virtual private networks VPNs from US-based OpenVPN, which uses the OpenSSL library to encrypt data and control information and allows the created VPN to be authenticated using a public key, an electronic certificate, or a...

9.1CVSS7.6AI score0.00538EPSS
Exploits0References3
OSV
OSV
added 2025/08/14 6:52 p.m.2 views

MAL-2025-6989 Malicious code in 2.9.1-genesis-bugs-rc1 (npm)

The package 2.9.1-genesis-bugs-rc1 was found to contain malicious code...

7.2AI score
Exploits0
Vulnrichment
Vulnrichment
added 2025/08/11 2:55 p.m.1 views

CVE-2012-10039 ZEN Load Balancer Filelog Command Execution

ZEN Load Balancer versions 2.0 and 3.0-rc1 contain a command injection vulnerability in content2-2.cgi. The filelog parameter is passed directly into a backtick-delimited exec call without sanitation. An authenticated attacker can inject arbitrary shell commands, resulting in remote code executio...

9.4CVSS8.4AI score0.02451EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/08/11 12:0 a.m.2 views

PT-2025-32552 · Unknown +1 · Zen Load Balancer +2

Name of the Vulnerable Software and Affected Versions: ZEN Load Balancer versions 2.0 ZEN Load Balancer version 3.0-rc1 Description: ZEN Load Balancer versions 2.0 and 3.0-rc1 contain a command injection issue in the content2-2.cgi file. The filelog parameter is passed directly to an exec call...

9.4CVSS7.5AI score0.02451EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/12/02 12:0 a.m.2 views

PT-2024-35779 · Sangoma · Asterisk

Name of the Vulnerable Software and Affected Versions: Sangoma Asterisk versions 22.0.0-pre1 through 22.0.0-rc2 Description: The issue is related to the action listcategories function, which allows attackers to execute a path traversal. This could potentially lead to unauthorized access to...

5.5CVSS6.8AI score0.00292EPSS
Exploits0References17
CNNVD
CNNVD
added 2024/08/19 12:0 a.m.6 views

XWiki Platform 安全漏洞

XWiki Platform is XWiki's open source suite of Wiki platforms for creating web collaboration applications. A security vulnerability exists in versions of XWiki Platform prior to 15.10-rc-1, which originates from the WYSIWYG editor that can be used by an unprivileged user to trick a user with...

9CVSS6.3AI score0.00639EPSS
Exploits0References14
CNNVD
CNNVD
added 2024/02/08 12:0 a.m.5 views

Novel-Plus Code Issue Vulnerability

Novel-Plus is an online social reading and writing platform from Novel-Plus, Inc. A code issue vulnerability exists in Novel-Plus v4.3.0-RC1 and earlier versions, which stems from an arbitrary file download vulnerability in the component com.java2nb.common.controller.FileController: fileDownload...

9.8CVSS7.2AI score0.00654EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/02/07 12:0 a.m.5 views

PT-2024-20236 · Unknown · Novel-Plus

Name of the Vulnerable Software and Affected Versions: Novel-Plus versions 4.3.0-RC1 and prior Description: A SQL injection issue exists, allowing an attacker to perform SQL injection via the /system/dataPerm/list API endpoint by passing crafted offset, limit, and sort parameters. Recommendations...

9.8CVSS9.5AI score0.00609EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/02/06 12:0 a.m.5 views

Novel-Plus Security Vulnerability

Novel-Plus is an online social reading and writing platform from Novel-Plus, Inc. A security vulnerability exists in Novel-Plus version v4.3.0-RC1 and earlier versions. An attacker can exploit the vulnerability to pass specially crafted offset, limit, and sort parameters to perform a SQL injectio...

9.8CVSS7.8AI score0.00586EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/06/23 12:0 a.m.5 views

XWiki Platform 跨站脚本漏洞

XWiki Platform is a suite of Wiki platforms for creating web collaboration applications from the XWiki Foundation in France. A cross-site scripting vulnerability exists in XWiki Platform, which stems from. Affected products and versions: XWiki Platform 2.6 RC2 and earlier, 2.7 RC1 and earlier...

8.8CVSS5.9AI score0.01496EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/04/18 12:0 a.m.4 views

PT-2023-8600 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 13.10.11 XWiki Platform versions prior to 14.4.8 XWiki Platform versions prior to 14.10.2 XWiki Platform versions prior to 15.0-rc-1 Description: The issue exists due to the lack of measures to neutralize...

9CVSS9.1AI score0.01945EPSS
Exploits1References11
vulnersOsv
vulnersOsv
added 2022/02/09 11:54 p.m.4 views

aadhaar-detection (=0.5.0), accuinsight (>=1.0.84 <=1.0.87) +38 more potentially affected by CVE-2022-23562 via tensorflow (>=2.7.0 <=2.7.0rc1)

tensorflow PYPI version =2.7.0, =1.0.84, =3.0.22, =0.1.11, =0.1.11, =0.1.11, =0.1.0, =0.0.1, =0.1.5.dev202303131412, =0.1.0, =0.1.1 and more Source cves: CVE-2022-23562 Source advisory: OSV:GHSA-QX3F-P745-W4HR...

8.8CVSS7.2AI score0.00578EPSS
Exploits0
OSV
OSV
added 2021/05/26 9:15 p.m.1 views

DEBIAN-CVE-2021-20177

A flaw was found in the Linux kernel's implementation of string matching within a packet. A privileged user with root or CAPNETADMIN when inserting iptables rules could insert a rule which can panic the system. Kernel before kernel 5.5-rc1 is affected...

4.4CVSS6.3AI score0.00277EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/04/09 12:0 a.m.7 views

PT-2020-8679 · Argo · Argo

Name of the Vulnerable Software and Affected Versions: Argo versions prior to v1.5.0-rc1 Description: The issue allows authenticated Argo users to submit API calls to retrieve secrets and other manifests stored within git. Recommendations: For versions prior to v1.5.0-rc1, update to version...

6.5CVSS6.4AI score0.01374EPSS
Exploits1References13
RedHat Linux
RedHat Linux
added 2019/02/19 5:18 p.m.3 views

wildfly-core: Cross-site scripting (XSS) in JBoss Management Console

A cross-site scripting XSS vulnerability was found in the JBoss Management Console versions before 7.1.6.CR1, 7.1.6.GA. Users with roles that can create objects in the application can exploit this to attack other privileged users...

5.4CVSS5.6AI score0.00965EPSS
Exploits0References4
Rows per page
Query Builder