Lucene search
+L

44 matches found

OSV
OSV
added 2026/05/29 3:59 p.m.10 views

GHSA-PJWM-PJ3P-43MV axios's shouldBypassProxy does not recognize IPv4-mapped IPv6 addresses, allowing NO_PROXY bypass (incomplete fix for CVE-2025-62718)

Summary shouldBypassProxy, introduced in v1.15.0 to fix CVE-2025-62718, does not normalise IPv4-mapped IPv6 addresses. When NOPROXY lists an IPv4 address such as 127.0.0.1 or 169.254.169.254, a request URL using the IPv4-mapped IPv6 form ::ffff:7f00:1, ::ffff:a9fe:a9fe still routes through the...

8.6CVSS6.6AI score0.01161EPSS
Exploits2References36
NVD
NVD
added 2026/01/14 7:16 p.m.11 views

CVE-2026-22036

Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocation. This...

7.5CVSS0.00433EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/14 7:7 p.m.2 views

CVE-2026-22036

Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocation. This...

7.5CVSS5.5AI score0.00433EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/01/14 7:7 p.m.6 views

CVE-2026-22036 Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion

Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocation. This...

5.9CVSS6.7AI score0.00433EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.11 views

PT-2026-2950

Name of the Vulnerable Software and Affected Versions Undici versions prior to 7.18.0 Undici versions prior to 6.23.0 Description Undici is an HTTP/1.1 client for Node.js. A malicious server can insert thousands of compression steps due to an unbounded number of links in the decompression chain a...

7.5CVSS6.6AI score0.00433EPSS
Exploits0References77
NVD
NVD
added 2025/11/25 4:16 p.m.9 views

CVE-2025-60739

Cross Site Request Forgery CSRF vulnerability in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before, Logic Version v6.00 - 20250721 allows a remote attacker to execute arbitrary code via the /bhwebbackend component...

9.6CVSS0.00283EPSS
Exploits4References1
NVD
NVD
added 2025/10/16 6:15 p.m.6 views

CVE-2025-34517

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an absolute path traversal vulnerability in getfilecontent.php that allows an attacker to read arbitrary files. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet...

8.7CVSS0.00613EPSS
Exploits3References3
ATTACKERKB
ATTACKERKB
added 2025/09/16 7:39 p.m.4 views

CVE-2025-34183

Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains a vulnerability in its server-side logging mechanism that allows unauthenticated remote attackers to retrieve plaintext credentials from exposed .log files. This flaw enables full authentication bypass and system compromise through credential...

9.3CVSS5.8AI score0.00655EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2025/08/21 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2017-10365

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: InnoDB. Supported versions that are affected are 5.7.18 and earlier. Easily...

5.5CVSS5.8AI score0.01571EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2017-3644

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DML. Supported versions that are affected are 5.7.18 and earlier. Easily...

4.9CVSS5.5AI score0.0245EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2017-3643

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DML. Supported versions that are affected are 5.7.18 and earlier. Easily...

4.9CVSS5.5AI score0.0245EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2017-3642

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.7.18 and earlier. Easily...

4.9CVSS5.5AI score0.0245EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2017-3645

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.7.18 and earlier. Easily...

4.9CVSS5.5AI score0.0245EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 6:6 a.m.8 views

CVE-2023-34099

Shopware is an open source e-commerce software. The mail validation in the registration process had some flaws, so it was possible to construct different mail addresses, that in the end result in the same address, which is shared by multiple accounts. This issue has been addressed in version 5.7....

5.3CVSS6.9AI score0.00649EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 2:22 p.m.10 views

CVE-2020-2718

Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications component: Core. Supported versions that are affected are 12.3.0-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

7.1CVSS6.5AI score0.01123EPSS
Exploits0
OSV
OSV
added 2024/10/01 7:15 a.m.2 views

CVE-2024-8107

The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.7.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...

5.4CVSS5.9AI score
Exploits0References3
Patchstack
Patchstack
added 2024/10/01 3:7 a.m.6 views

WordPress Slider Revolution plugin <= 6.7.18 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by wesley wcraft in WordPress Plugin Slider Revolution versions = 6.7.18...

6.4CVSS5.8AI score0.00304EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/10/01 12:0 a.m.4 views

Pluck 安全漏洞

Pluck is a small and simple content management system written in PHP by Pluck CMS Open Source. A security vulnerability exists in Pluck version 4.7.18, which stems from an incorrect path restriction to a restricted directory that could allow an unauthenticated attacker to extract sensitive...

5.3CVSS6.7AI score0.00457EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/08/16 12:0 a.m.18 views

PT-2024-30268 · Pluck Cms · Pluck Cms

Name of the Vulnerable Software and Affected Versions: Pluck CMS version 4.7.18 Description: The issue allows attackers to execute a brute force attack due to the lack of restriction on failed login attempts. Recommendations: For Pluck CMS version 4.7.18, consider implementing a custom restrictio...

9.8CVSS7.6AI score0.00632EPSS
Exploits1References8
CNNVD
CNNVD
added 2023/06/27 12:0 a.m.6 views

Shopware 信息泄露漏洞

Shopware is a set of open source e-commerce software from the German company Shopware. An information disclosure vulnerability exists in Shopware versions prior to 5.7.18, which stems from an incorrect configuration in the htaccess file, which can read the Javascript configuration file...

5.3CVSS5.6AI score0.00611EPSS
Exploits0References5
Rows per page
Query Builder