Lucene search
K

19 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.10 views

Unity Linux 20.1060e / 20.1070e Security Update: rubygem-nokogiri (UTSA-2026-016661)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016661 advisory. Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE...

4.3CVSS6.7AI score0.01109EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.10 views

Bandit 安全漏洞

Bandit is a high-performance HTTP and WebSocket server from the individual developer Mat Trudel. A security vulnerability exists in Bandit versions 0.5.9 through 1.11.0 and earlier, which stems from an unrestricted resource allocation when WebSocket permessage-deflate compression is enabled, whic...

8.2CVSS5.8AI score0.00625EPSS
Exploits0References1
NVD
NVD
added 2026/04/29 12:16 p.m.4 views

CVE-2026-42645

Cross-Site Request Forgery CSRF vulnerability in Dmitry V. CEO of "UKR Solution" Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders allows Cross Site Request Forgery.This issue affects Barcode Scanner with Inventory & Order Manager: fro...

4.3CVSS0.001EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.11 views

Tekton Pipelines 参数注入漏洞

Tekton Pipelines is a cloud-native pipeline developed by Tekton Open Source. In versions 1.0.0 to 1.11.0 of Tekton Pipelines, there is a parameter injection vulnerability. This vulnerability stems from the fact that the revision parameter of the git resolver is passed directly as a positional...

8.5CVSS5.9AI score0.00788EPSS
Exploits1References3
EUVD
EUVD
added 2026/04/02 12:31 a.m.3 views

EUVD-2025-209184

IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

4.8CVSS5.9AI score0.00241EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/02 12:31 a.m.3 views

EUVD-2025-209178

IBM Aspera Shares 1.9.9 through 1.11.0 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system...

6.3CVSS5.9AI score0.00176EPSS
Exploits0References2
CVE
CVE
added 2026/04/01 11:3 p.m.7 views

CVE-2025-66486

IBM Aspera Shares versions 1.9.9–1.11.0 are vulnerable to HTML injection, enabling a remote attacker to inject HTML that runs in the victim’s browser within the site’s security context. The issue affects IBM Aspera Shares web application components and is addressed by upgrading to version 1.11.1 ...

6.1CVSS5.9AI score0.00241EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/04/01 9:30 p.m.2 views

EUVD-2025-209172

IBM Aspera Shares 1.9.9 through 1.11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

5.9CVSS5.9AI score0.00203EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.12 views

IBM Aspera Shares 安全漏洞

IBM Aspera Shares is a web application developed by IBM. Versions 1.9.9 to 1.11.0 of IBM Aspera Shares contain security vulnerabilities. These vulnerabilities stem from the lack of proper rate limiting on the frequency with which emails are sent to authenticated users, which may lead to email...

6.5CVSS5.8AI score0.00333EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/03 2:8 p.m.7 views

EUVD-2026-5256

Missing Authorization vulnerability in gfazioli WP Bannerize Pro wp-bannerize-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Bannerize Pro: from n/a through = 1.11.0...

5.3CVSS5.3AI score0.00187EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/03 2:8 p.m.6 views

CVE-2026-25012

Missing Authorization vulnerability in gfazioli WP Bannerize Pro wp-bannerize-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Bannerize Pro: from n/a through = 1.11.0...

5.3AI score0.00187EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/12 12:30 p.m.6 views

EUVD-2025-203066

Authorization Bypass Through User-Controlled Key vulnerability in Apache Fineract. This issue affects Apache Fineract: through 1.11.0. The issue is fixed in version 1.12.1. Users are encouraged to upgrade to version 1.13.0, the latest release...

8.1CVSS6.4AI score0.00333EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.7 views

PT-2025-50905

Name of the Vulnerable Software and Affected Versions Apache Fineract versions through 1.11.0 Description A flaw exists in Apache Fineract related to insufficiently protected credentials. Upgrade to version 1.13.0, the latest release, to address this issue. The issue is resolved in version 1.12.1...

9.1CVSS6.6AI score0.00366EPSS
Exploits0References7
NVD
NVD
added 2025/11/21 1:15 p.m.8 views

CVE-2025-66071

Missing Authorization vulnerability in tychesoftwares Custom Order Numbers for WooCommerce custom-order-numbers-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Order Numbers for WooCommerce: from n/a through = 1.11.0...

5.3CVSS0.00282EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/26 5:49 p.m.6 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in commons-beanutils-1.9.4.jar

Summary IBM Watson Discovery Cartridge contains a vulnerable version of commons-beanutils-1.9.4.jar Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to sto...

8.8CVSS8.1AI score0.01495EPSS
Exploits1Affected Software1
OSV
OSV
added 2025/07/08 9:15 p.m.7 views

CVE-2025-7030

Privilege Defined With Unsafe Actions vulnerability in Drupal Two-factor Authentication TFA allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Two-factor Authentication TFA: from 0.0.0 before 1.11.0...

6.5CVSS5.8AI score0.00364EPSS
Exploits0References1
OSV
OSV
added 2024/03/06 12:15 p.m.4 views

CVE-2024-26580

Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.8.0 through 1.10.0, the attackers can use the specific payload to read from an arbitrary file. Users are advised to upgrade to Apache InLong's 1.11.0 or cherry-pick 1 to solve it. 1...

9.1CVSS5.9AI score0.0122EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/01/06 12:0 a.m.4 views

PT-2022-11763 · Apache · Apache Avro

Name of the Vulnerable Software and Affected Versions: Apache Avro versions 1.10.2 and prior versions Description: A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service attack. Recommendations: For Apache Avro...

7.5CVSS7.3AI score0.0296EPSS
Exploits0References11
OpenVAS
OpenVAS
added 2021/06/11 12:0 a.m.125 views

jQuery 1.4.2 <= 1.11.0 XSS Vulnerability

jQuery is prone to a cross-site scripting XSS vulnerability via vectors related to use of the text method inside after. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

6.1CVSS6AI score0.02338EPSS
Exploits0References1
Rows per page
Query Builder