Lucene search
K

19 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.12 views

Debian dla-4578 : rails - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4578 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4578-1 [email protected] https://www.debian.org/lts/security/...

9.8CVSS5.9AI score0.02386EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-49456

Malicious code in bioql PyPI...

4.3CVSS4.8AI score0.0048EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-18667

Malicious code in bioql PyPI...

6.1CVSS6.5AI score0.00338EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-16143

Malicious code in bioql PyPI...

7.5CVSS6.8AI score0.07416EPSS
Exploits0References3
OSV
OSV
added 2025/07/10 10:47 a.m.8 views

BIT-TOMCAT-2025-49125 Apache Tomcat: Security constraint bypass for pre/post-resources

Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat. When using PreResources or PostResources mounted other than at the root of the web application, it was possible to access those resources via an unexpected path. That path was likely not to be protected by th...

7.5CVSS7AI score0.03163EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 10:43 a.m.11 views

CVE-2024-52519

Nextcloud Server is a self hosted personal cloud system. The OAuth2 client secrets were stored in a recoverable way, so that an attacker that got access to a backup of the database and the Nextcloud config file, would be able to decrypt them. It is recommended that the Nextcloud Server is upgrade...

8.2CVSS6.5AI score0.00491EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:39 a.m.13 views

CVE-2024-45297

Discourse is an open source platform for community discussion. Users can see topics with a hidden tag if they know the label/name of that tag. This issue has been patched in the latest stable, beta and tests-passed version of Discourse. All users area are advised to upgrade. There are no known...

5.3CVSS6.7AI score0.00318EPSS
Exploits0
SonicWall
SonicWall
added 2025/05/14 3:39 p.m.23 views

SonicWall SMA1000 Encoded URL SSRF Vulnerability

A Server-side request forgery SSRF vulnerability has been identified in the SMA1000 Appliance Work Place interface. By using an encoded URL, a remote unauthenticated attacker could potentially cause the appliance to make requests to unintended location.IMPORTANT: SonicWall PSIRT strongly advises...

7.2CVSS7.3AI score0.0031EPSS
Exploits0
OSV
OSV
added 2025/03/27 3:31 p.m.8 views

GHSA-29M8-WH9P-5WC4 Apache Kylin Code Injection via JDBC Configuration Alteration

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Kylin. If an attacker gets access to Kylin's system or project admin permission, the JDBC connection configuration maybe altered to execute arbitrary code from the remote. You are fine as long as the Kylin's system an...

2.1CVSS8.2AI score0.00815EPSS
Exploits0References5
CVE
CVE
added 2025/02/14 4:50 p.m.73 views

CVE-2025-25295

Summary: CVE-2025-25295 affects Label Studio and its SDK with a path traversal vulnerability in VOC/COCO/YOLO exports. The root cause is improper file path validation in the label-studio-sdk download function, which processes image references during task exports and can read arbitrary server file...

8.7CVSS6.3AI score0.00708EPSS
Exploits0References2
Amazon
Amazon
added 2025/01/24 12:0 a.m.11 views

Important: tomcat9

Issue Overview: Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write non-default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through...

9.8CVSS10AI score0.43663EPSS
Exploits14
Positive Technologies
Positive Technologies
added 2024/07/16 12:0 a.m.4 views

PT-2024-14507 · Unknown · Streampark-Console

Name of the Vulnerable Software and Affected Versions: streampark-console versions prior to 2.1.4 Description: The issue arises from the lack of validation of the sort field sent from the front-end to the back-end, which is used to generate SQL queries. This poses a risk of SQL injection,...

8.1CVSS8.1AI score0.00639EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/10/24 12:0 a.m.7 views

PT-2023-29859 · Fides · Fides

Name of the Vulnerable Software and Affected Versions: Fides versions prior to 2.22.1 Description: The Fides web application allows users to edit consent and privacy notices, such as cookie banners. A vulnerability exists where a crafted payload in the privacy policy URL can trigger JavaScript...

5.4CVSS5.3AI score0.00607EPSS
Exploits0References8
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.10 views

JSA10402 - Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) - Multiple Web-based CGI and Cross Site Scripting (XSS) vulnerabilities.

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. CGI and Cross Site Scripting vulnerabilities found and fixed through a combination of internal and external proactive security testing: - Internal path was displayed in some error...

6.5AI score
Exploits0
OSV
OSV
added 2023/01/30 2:15 p.m.3 views

CVE-2023-0240

There is a logic error in iouring's implementation which can be used to trigger a use-after-free vulnerability leading to privilege escalation. In the ioprepasyncwork function the assumption that the last iograbidentity call cannot return false is not true, and in this case the function will use...

7.8CVSS7.7AI score
Exploits0References4
OSV
OSV
added 2004/11/25 12:0 a.m.25 views

DSA-597-1 cyrus-imapd - buffer overflow

Bulletin has no description...

10CVSS9.3AI score0.05951EPSS
Exploits0
OSV
OSV
added 2004/10/13 12:0 a.m.22 views

DSA-565-1 sox - buffer overflows

Bulletin has no description...

10CVSS6AI score0.2508EPSS
Exploits7
OSV
OSV
added 2003/04/23 12:0 a.m.16 views

DSA-294 gkrellm-newsticker - missing quoting, incomplete parser

Bulletin has no description...

7.5CVSS6.1AI score0.01924EPSS
Exploits0
OSV
OSV
added 2002/08/15 12:0 a.m.30 views

DSA-154 fam - privilege escalation

Bulletin has no description...

2.1CVSS6.2AI score0.00963EPSS
Exploits0
Rows per page
Query Builder