Lucene search
K

10 matches found

Cvelist
Cvelist
added 2026/06/15 8:41 p.m.35 views

CVE-2026-48714 i18next-http-middleware missingKeyHandler does not reject keys whose segments contain prototype-polluting names

i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. In versions prior to 3.9.7, the missingKeyHandler blocked the literal request-body keys proto, constructor, and prototype added in 3.9.3, see GHSA-5fgg-jcpf-8jjw, but did not...

9.1CVSS0.00419EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/16 7:22 p.m.6 views

CVE-2026-40740

Missing Authorization vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through = 3.9.7...

5.4CVSS5.8AI score0.00177EPSS
Exploits0References1
NVD
NVD
added 2026/04/15 11:16 a.m.8 views

CVE-2026-40740

Missing Authorization vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through = 3.9.7...

5.4CVSS0.00177EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/13 7:23 p.m.3 views

CVE-2026-3358

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized private course enrollment in all versions up to, and including, 3.9.7. This is due to missing poststatus validation in the enrollnow and courseenrollment functions. Both enrollment endpoints...

5.4CVSS5.8AI score0.00374EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/04/23 12:0 a.m.4 views

PT-2024-6583

Name of the Vulnerable Software and Affected Versions: mysql2 versions prior to 3.9.7 Description: The issue is related to improper sanitization of the timezone parameter in the readCodeFor function, which can lead to Arbitrary Code Injection when calling a native MySQL Server date/time function...

10CVSS8.8AI score0.01025EPSS
Exploits0References11
CNNVD
CNNVD
added 2024/02/21 12:0 a.m.5 views

ConnectWise ScreenConnect Path Traversal Vulnerability

ConnectWise ScreenConnect is a self-hosted remote desktop software application from ConnectWise. A security vulnerability exists in ConnectWise ScreenConnect version 23.9.7 and earlier, which stems from a path traversal vulnerability...

8.4CVSS6.9AI score0.87624EPSS
Exploits5References4
VulnCheck KEV
VulnCheck KEV
added 2023/12/19 12:0 a.m.6 views

VulnCheck KEV: CVE-2020-13638

lib/crud/userprocess.php in rConfig 3.9.x before 3.9.7 has an authentication bypass, leading to administrator account creation. This issue has been fixed in 3.9.7...

9.8CVSS7.2AI score0.76758EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2023/02/15 4:38 a.m.3 views

SUSE CVE-2017-15046

LAME 3.99.5, 3.99.4, 3.98.4, 3.98.2, 3.98 and 3.97 have a stack-based buffer overflow in unpackreadsamples in frontend/getaudio.c, a different vulnerability than CVE-2017-9412...

5.5CVSS9.9AI score0.00734EPSS
Exploits1References3
OSV
OSV
added 2020/11/13 8:15 p.m.3 views

CVE-2020-13638

lib/crud/userprocess.php in rConfig 3.9.x before 3.9.7 has an authentication bypass, leading to administrator account creation. This issue has been fixed in 3.9.7...

9.8CVSS7.2AI score0.76758EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2019/06/11 12:0 a.m.4 views

PT-2019-12933 · Open Source Matters · Joomla!

Name of the Vulnerable Software and Affected Versions: Joomla! versions prior to 3.9.7 Description: An issue was discovered where the subform fieldtype does not sufficiently filter or validate input of subfields, leading to XSS attack vectors. Recommendations: For versions prior to 3.9.7, update ...

6.1CVSS5.9AI score0.00922EPSS
Exploits0References5
Rows per page
Query Builder