Lucene search
K

14 matches found

OSV
OSV
added 2026/06/25 5:41 p.m.2 views

JLSEC-2026-631 Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in...

Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recvfiles in receiver.c that allows a malicious rsync server to crash the rsync client process. Attackers can exploit the vulnerability by setting CFINCRECURSE in compatibility flags and sending a...

6.9CVSS5.8AI score0.00503EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/25 1:12 p.m.5 views

CVE-2026-54841

Unauthenticated Sensitive Data Exposure in Vitepos = 3.4.2 versions...

7.5CVSS5.8AI score0.00294EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 1:17 p.m.3 views

Security Bulletin: Vulnerability in flatted affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in flatted has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabili...

9.8CVSS6.9AI score0.00808EPSS
Exploits2Affected Software2
Vulnrichment
Vulnrichment
added 2026/03/27 12:30 a.m.4 views

CVE-2026-33730 Open Source Point of Sale has an IDOR in Password Change (Home)

Open Source Point of Sale opensourcepos is a web based point of sale application written in PHP using CodeIgniter framework. Prior to version 3.4.2, an Insecure Direct Object Reference IDOR vulnerability allows an authenticated low-privileged user to access the password change functionality of...

6.5CVSS5.9AI score0.00277EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/27 12:30 a.m.6 views

EUVD-2026-16509

Open Source Point of Sale opensourcepos is a web based point of sale application written in PHP using CodeIgniter framework. Prior to version 3.4.2, an Insecure Direct Object Reference IDOR vulnerability allows an authenticated low-privileged user to access the password change functionality of...

6.5CVSS5.8AI score0.00277EPSS
Exploits1References2
OSV
OSV
added 2026/03/04 3:16 p.m.8 views

CVE-2025-70341

Insecure permissions in App-Auto-Patch v3.4.2 create a race condition which allows attackers to write arbitrary files...

7.8CVSS5.9AI score0.00216EPSS
Exploits2References4
CVE
CVE
added 2025/12/17 10:20 p.m.19 views

CVE-2025-68434

CVE-2025-68434 affects OpenSourcePOS 3.4.0–3.4.1, where CSRF protection was explicitly disabled in the global filters, allowing a logged-in administrator’s browser to be coerced into making state-changing POST requests and silently create a new Administrator account. The issue is fixed in 3.4.2 b...

8.8CVSS6.7AI score0.00236EPSS
Exploits3References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/12/16 12:0 a.m.4 views

PT-2024-36294 · Unknown +1 · Syntaxhighlighter +1

Name of the Vulnerable Software and Affected Versions: CK and SyntaxHighlighter versions n/a through 3.4.2 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a w...

7.1CVSS6.7AI score0.0019EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/04/15 12:0 a.m.4 views

LibreSSL 信任管理问题漏洞

LibreSSL is an open source implementation of a secure socket layer and transport layer security protocol. A security vulnerability exists in LibreSSL versions prior to 3.4.2, which stems from an error that sometimes drops unvalidated certificate chains, and an authentication bypass...

9.8CVSS8.3AI score0.00568EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:28 a.m.3 views

SUSE CVE-2018-10001

The decodeinit function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service out of array read via an AVI file...

6.5CVSS6.7AI score0.02428EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/01/02 12:0 a.m.6 views

go-with-me SQL注入漏洞

go-with-me is a CPE342 database project by porpeeranut individual developers. A SQL injection vulnerability exists in go-with-me. An attacker could exploit this vulnerability to perform a sql injection attack...

9.8CVSS6.8AI score0.00657EPSS
Exploits0References4
Circl
Circl
added 2022/08/26 8:30 p.m.14 views

CVE-2021-3427

creationtimestamp| type| source ---|---|--- 2022-08-26 20:30:23+00:00| seen| https://t.me/cibsecurity/48892...

6.1CVSS6AI score0.00736EPSS
Exploits1References1
Microsoft CVE
Microsoft CVE
added 2021/08/13 7:0 a.m.2 views

drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allows physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations.

...

6.8CVSS7AI score0.00333EPSS
Exploits0
CNVD
CNVD
added 2019/04/10 12:0 a.m.3 views

Adobe Shockwave Player Memory Corruption Vulnerability (CNVD-2019-10621)

Adobe Shockwave Player is a multimedia player product from the American company Adobe. The product is able to Adobe Director a multimedia production software produced by the application published to the Internet, installed with the Shockwave plug-in browser can be viewed. A memory corruption...

10CVSS7.4AI score0.05185EPSS
Exploits0References1
Rows per page
Query Builder