Lucene search
K

20 matches found

EUVD
EUVD
added 2026/03/31 12:31 a.m.5 views

EUVD-2026-17219

Improper Certificate Validation vulnerability in Apache Airflow Provider for Databricks. Provider code did not validate certificates for connections to Databricks back-end which could result in a man-of-a-middle attack that traffic is intercepted and manipulated or credentials exfiltrated w/o...

4.8CVSS5.9AI score0.00355EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/30 9:43 p.m.2 views

CVE-2026-32794

Improper Certificate Validation vulnerability in Apache Airflow Provider for Databricks. Provider code did not validate certificates for connections to Databricks back-end which could result in a man-of-a-middle attack that traffic is intercepted and manipulated or credentials exfiltrated w/o...

5.9AI score0.00355EPSS
Exploits1References3Affected Software1
Snyk
Snyk
added 2026/03/26 6:35 p.m.8 views

Improper Check for Unusual or Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions due to missing timestamp validation in the Zoom webhook handler. An attacker can corrupt meeting state by replaying webhook requests. Remediation Upgrade...

2.2CVSS5.9AI score0.00291EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/01/07 1:1 p.m.6 views

WordPress Racquet theme <= 1.12.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Racquet versions = 1.12.0...

7.1AI score0.00327EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2025/11/13 11:29 a.m.10 views

CVE-2025-12377 Gallery Plugin for WordPress – Envira Photo Gallery <= 1.12.0 - Missing Authorization to Authenticated (Author+) Multiple Gallery Actions

The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.12.0. This makes it possible for authenticated attackers, with Author-leve...

4.3CVSS0.00284EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/29 10:13 a.m.10 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in formidable

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in formidable Vulnerability Details CVEID:CVE-2025-46653 DESCRIPTION: Formidable aka node-formidable 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted...

3.1CVSS6.4AI score0.00357EPSS
Exploits1Affected Software1
Positive Technologies
Positive Technologies
added 2025/10/29 12:0 a.m.5 views

PT-2025-44360

Name of the Vulnerable Software and Affected Versions Drupal CivicTheme Design System versions prior to 1.12.0 Description An incorrect authorization issue exists in the CivicTheme Design System that allows for forceful browsing. This occurs due to insufficient access controls, potentially allowi...

7.5CVSS6.6AI score0.0028EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/24 11:8 a.m.10 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-pip-wheel urllib3

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-pip-wheel urllib3 Vulnerability Details CVEID:CVE-2025-50182 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does...

6.1CVSS6.3AI score0.00313EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/22 11:24 a.m.10 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in pbkdf2-3.1.2.tgz

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in pbkdf2-3.1.2.tgz Vulnerability Details CVEID:CVE-2025-6547 DESCRIPTION: Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation.This issue affects pbkdf2:...

9.1CVSS6.9AI score0.00387EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/22 11:13 a.m.5 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in urllib3-2.3.0-py3-none-any.whl

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in urllib3-2.3.0-py3-none-any.whl Vulnerability Details CVEID:CVE-2025-50182 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3...

6.1CVSS6.2AI score0.004EPSS
Exploits1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 3:0 a.m.6 views

CVE-2023-1573

A vulnerability was found in DataGear up to 1.11.1 and classified as problematic. This issue affects some unknown processing of the component Graph Dataset Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public a...

6.1CVSS5.8AI score0.0063EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/06 2:54 a.m.8 views

CVE-2025-23432

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AlTi5 AlT Report alt-report allows Reflected XSS.This issue affects AlT Report: from n/a through = 1.12.0...

7.2AI score0.00397EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/03 12:0 a.m.5 views

PT-2025-1002 · Karmada +1 · Karmada +1

Name of the Vulnerable Software and Affected Versions: Karmada versions prior to 1.12.0 Description: The issue is related to excessive privileges in PULL mode clusters, allowing an attacker who can authenticate as the karmada-agent to obtain administrative privileges over the entire federation...

9.9CVSS5.9AI score0.75197EPSS
Exploits5References75
Positive Technologies
Positive Technologies
added 2023/03/22 12:0 a.m.7 views

PT-2023-17089 · Datagear · Datagear

Name of the Vulnerable Software and Affected Versions: DataGear versions up to 1.11.1 Description: A vulnerability was found in the Graph Dataset Handler component, leading to cross-site scripting. The attack can be initiated remotely. The issue affects some unknown processing of this component...

6.1CVSS6.8AI score0.0063EPSS
Exploits1References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:0 a.m.3 views

SUSE CVE-2020-10812

An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference exists in the function H5Fgetnrefs located in H5Fquery.c. It allows an attacker to cause Denial of Service...

3.3CVSS7.6AI score0.01483EPSS
Exploits1References12
RubySec
RubySec
added 2023/01/05 12:0 a.m.24 views

Potential remote code execution in ruby-git

The git gem, between versions 1.2.0 and 1.12.0, incorrectly parsed the output of the 'git ls-files' command using eval to unescape quoted file names. If a file name was added to the git repository contained special characters, such as '\n', then the 'git ls-files' command would print the file nam...

8CVSS4.3AI score0.01351EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2020/07/15 12:0 a.m.4 views

PT-2020-14198 · Synergy +1 · Synergy +1

Name of the Vulnerable Software and Affected Versions: Synergy versions prior to 1.12.0 Description: The issue allows a Synergy server to be crashed by receiving a kMsgHelloBack packet with a client name length set to 0xffffffff 4294967295 if the server's memory is less than 4 GB. However, it was...

6.5CVSS6.7AI score0.02494EPSS
Exploits0References21
OSV
OSV
added 2019/09/26 4:15 p.m.4 views

ALPINE-CVE-2018-11782

In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server...

6.5CVSS6.7AI score0.02422EPSS
Exploits0References1
OSV
OSV
added 2019/07/31 12:0 p.m.4 views

UBUNTU-CVE-2018-11782

In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server...

6.5CVSS6.8AI score0.02422EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.89 views

jQuery 1.4.0 < 1.12.0 Cross-Site Scripting

According to its self-reported version number, jQuery is at least 1.4.0 and prior to 1.12.0 or at least 1.12.4 and prior to 3.0.0-beta1. Therefore, it may be affected by a cross-site scripting vulnerability due to cross-domain ajax request performed without the dataType. Note that the scanner has...

6.1CVSS6.6AI score0.29726EPSS
Exploits2References3
Rows per page
Query Builder