20 matches found
EUVD-2026-17219
Improper Certificate Validation vulnerability in Apache Airflow Provider for Databricks. Provider code did not validate certificates for connections to Databricks back-end which could result in a man-of-a-middle attack that traffic is intercepted and manipulated or credentials exfiltrated w/o...
CVE-2026-32794
Improper Certificate Validation vulnerability in Apache Airflow Provider for Databricks. Provider code did not validate certificates for connections to Databricks back-end which could result in a man-of-a-middle attack that traffic is intercepted and manipulated or credentials exfiltrated w/o...
Improper Check for Unusual or Exceptional Conditions
Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions due to missing timestamp validation in the Zoom webhook handler. An attacker can corrupt meeting state by replaying webhook requests. Remediation Upgrade...
WordPress Racquet theme <= 1.12.0 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Racquet versions = 1.12.0...
CVE-2025-12377 Gallery Plugin for WordPress – Envira Photo Gallery <= 1.12.0 - Missing Authorization to Authenticated (Author+) Multiple Gallery Actions
The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.12.0. This makes it possible for authenticated attackers, with Author-leve...
Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in formidable
Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in formidable Vulnerability Details CVEID:CVE-2025-46653 DESCRIPTION: Formidable aka node-formidable 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted...
PT-2025-44360
Name of the Vulnerable Software and Affected Versions Drupal CivicTheme Design System versions prior to 1.12.0 Description An incorrect authorization issue exists in the CivicTheme Design System that allows for forceful browsing. This occurs due to insufficient access controls, potentially allowi...
Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-pip-wheel urllib3
Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-pip-wheel urllib3 Vulnerability Details CVEID:CVE-2025-50182 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does...
Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in pbkdf2-3.1.2.tgz
Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in pbkdf2-3.1.2.tgz Vulnerability Details CVEID:CVE-2025-6547 DESCRIPTION: Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation.This issue affects pbkdf2:...
Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in urllib3-2.3.0-py3-none-any.whl
Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in urllib3-2.3.0-py3-none-any.whl Vulnerability Details CVEID:CVE-2025-50182 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3...
CVE-2023-1573
A vulnerability was found in DataGear up to 1.11.1 and classified as problematic. This issue affects some unknown processing of the component Graph Dataset Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public a...
CVE-2025-23432
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AlTi5 AlT Report alt-report allows Reflected XSS.This issue affects AlT Report: from n/a through = 1.12.0...
PT-2025-1002 · Karmada +1 · Karmada +1
Name of the Vulnerable Software and Affected Versions: Karmada versions prior to 1.12.0 Description: The issue is related to excessive privileges in PULL mode clusters, allowing an attacker who can authenticate as the karmada-agent to obtain administrative privileges over the entire federation...
PT-2023-17089 · Datagear · Datagear
Name of the Vulnerable Software and Affected Versions: DataGear versions up to 1.11.1 Description: A vulnerability was found in the Graph Dataset Handler component, leading to cross-site scripting. The attack can be initiated remotely. The issue affects some unknown processing of this component...
SUSE CVE-2020-10812
An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference exists in the function H5Fgetnrefs located in H5Fquery.c. It allows an attacker to cause Denial of Service...
Potential remote code execution in ruby-git
The git gem, between versions 1.2.0 and 1.12.0, incorrectly parsed the output of the 'git ls-files' command using eval to unescape quoted file names. If a file name was added to the git repository contained special characters, such as '\n', then the 'git ls-files' command would print the file nam...
PT-2020-14198 · Synergy +1 · Synergy +1
Name of the Vulnerable Software and Affected Versions: Synergy versions prior to 1.12.0 Description: The issue allows a Synergy server to be crashed by receiving a kMsgHelloBack packet with a client name length set to 0xffffffff 4294967295 if the server's memory is less than 4 GB. However, it was...
ALPINE-CVE-2018-11782
In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server...
UBUNTU-CVE-2018-11782
In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server...
jQuery 1.4.0 < 1.12.0 Cross-Site Scripting
According to its self-reported version number, jQuery is at least 1.4.0 and prior to 1.12.0 or at least 1.12.4 and prior to 3.0.0-beta1. Therefore, it may be affected by a cross-site scripting vulnerability due to cross-domain ajax request performed without the dataType. Note that the scanner has...