Lucene search
K

91 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-4688

Malicious code in bioql PyPI...

9.8CVSS7.9AI score0.01745EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.25 views

EUVD-2025-21448

Malicious code in bioql PyPI...

5.2CVSS6.3AI score0.00404EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-41607

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00708EPSS
Exploits0References1
Veracode
Veracode
added 2025/09/25 6:47 a.m.6 views

Improper Access Control

contao/contao is vulnerable to Improper Access Control. The vulnerability is due to protected content elements rendered as fragments being indexed in the front-end search, which allows an attacker to access sensitive content publicly...

5.3CVSS6.6AI score0.00266EPSS
Exploits0References5Affected Software2
Positive Technologies
Positive Technologies
added 2025/08/04 12:0 a.m.7 views

PT-2025-31829

Name of the Vulnerable Software and Affected Versions poppler version 25.04.0 Description The heap memory containing PDF stream objects is not cleared upon program exit, potentially allowing attackers to obtain sensitive PDF content via a memory dump. Recommendations At the moment, there is no...

6.5CVSS6.3AI score0.02117EPSS
Exploits1References39
NVD
NVD
added 2025/07/15 3:15 p.m.35 views

CVE-2025-53622

DSpace open source software is a repository application which provides durable access to digital resources. Prior to versions 7.6.4, 8.2, and 9.1, a path traversal vulnerability is possible during the import of an archive in Simple Archive Format, either from command-line ./dspace import command ...

5.2CVSS0.00404EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/07/15 2:47 p.m.5 views

CVE-2025-53622 DSpace has path traversal vulnerability in Simple Archive Format (SAF) package import via contents file

DSpace open source software is a repository application which provides durable access to digital resources. Prior to versions 7.6.4, 8.2, and 9.1, a path traversal vulnerability is possible during the import of an archive in Simple Archive Format, either from command-line ./dspace import command ...

5.2CVSS6.8AI score0.00404EPSS
Exploits0References7
CVE
CVE
added 2025/07/15 2:44 p.m.42 views

CVE-2025-53621

CVE-2025-53621 : DSpace prior to 7.6.4, 8.2, and 9.1 is vulnerable to XML External Entity (XXE) injection during archive imports (SAF) or when handling XML from upstream services. The issue arises because external entities are not disabled during XML parsing, enabling a trusted administrator to t...

6.9CVSS6.5AI score0.00368EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/07/15 12:0 a.m.6 views

PT-2025-29566 · Dspace · Dspace

Name of the Vulnerable Software and Affected Versions: DSpace versions prior to 7.6.4 DSpace versions prior to 8.2 DSpace versions prior to 9.1 Description: DSpace is a repository application that provides durable access to digital resources. Two related XML External Entity XXE injection...

6.9CVSS6.4AI score0.00368EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2025/07/15 12:0 a.m.8 views

PT-2025-29569 · Dspace · Dspace

Name of the Vulnerable Software and Affected Versions: DSpace versions prior to 7.6.4 DSpace versions prior to 8.2 DSpace versions prior to 9.1 Description: DSpace is a repository application providing access to digital resources. A path traversal issue exists during the import of an archive in...

5.2CVSS6.1AI score0.00404EPSS
Exploits0References12
OSV
OSV
added 2025/06/30 6:31 p.m.4 views

GHSA-V8FR-VXMW-6MF6 Mattermost Incorrect Authorization vulnerability

Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to properly enforce channel member management permissions when adding participants to playbook runs. This allows authenticated users with member-level permissions to bypass system admin...

5.4CVSS7.1AI score0.00177EPSS
Exploits0References5
CVE
CVE
added 2025/06/30 4:51 p.m.23 views

CVE-2025-46702

CVE-2025-46702 affects Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x

5.4CVSS6.5AI score0.00177EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/06/26 12:0 a.m.8 views

PT-2025-26940 · Unknown · Iroha Board

Name of the Vulnerable Software and Affected Versions: iroha Board versions 0.10.12 and earlier Description: The issue is related to a direct request problem, also known as forced browsing or navegación forzada, which could allow an attacker who has logged in to the affected product to access...

5.3CVSS6.8AI score0.00206EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 10:36 a.m.5 views

CVE-2024-8771

The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'previewemailtemplatedesign' function in all versions up to, and including,...

4.3CVSS6.5AI score0.00361EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:46 p.m.7 views

CVE-2022-2943

The WordPress Infinite Scroll – Ajax Load More plugin for Wordpress is vulnerable to arbitrary file reading in versions up to, and including, 5.5.3 due to insufficient file path validation on the almrepeatersexport function. This makes it possible for authenticated attackers, with administrative...

4.9CVSS6.6AI score0.01355EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 2:32 a.m.9 views

CVE-2013-4698

Cybozu Mailwise 5.0.4 and 5.0.5 allows remote authenticated users to obtain sensitive e-mail content intended for different persons in opportunistic circumstances by reading Subject header lines within the user's own mailbox...

3.5CVSS6.4AI score0.0097EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 7:45 p.m.9 views

CVE-2009-3568

Comment RSS 5.x before 5.x-2.2 and 6.x before 6.x-2.2, a module for Drupal, does not properly enforce permissions when a link is added to the RSS feed, which allows remote attackers to obtain the node title and possibly other sensitive content by reading the feed...

5CVSS6.9AI score0.01444EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2025/04/22 11:0 a.m.19 views

5 Major Concerns With Employees Using The Browser

As SaaS and cloud-native work reshape the enterprise, the web browser has emerged as the new endpoint. However, unlike endpoints, browsers remain mostly unmonitored, despite being responsible for more than 70% of modern malware attacks. Keep Aware's recent State of Browser Security report...

7.3AI score
Exploits0
CNNVD
CNNVD
added 2025/03/17 12:0 a.m.4 views

D-Link DIR-823G 安全漏洞

The D-Link DIR-823G is a wireless router from China's AUO D-Link. The D-Link DIR-823G suffers from an authorization issue vulnerability that stems from improper authorization and can be exploited by an attacker to cause access control to sensitive content...

9.8CVSS6.8AI score0.03768EPSS
Exploits1References2
Malwarebytes
Malwarebytes
added 2025/02/26 3:0 p.m.6 views

Android happy to check your nudes before you forward them

Sometimes the updates we install to keep our devices safe do a little bit more than we might suspect at first glance. Take the October 2024 Android Security Bulletin. It included a new service called Android System SafetyCore. If you can find a mention of that in the security bulletin, you’re a...

7.3AI score
Exploits0
Rows per page
Query Builder