Lucene search
K

25 matches found

EUVD
EUVD
added 2026/04/29 7:27 a.m.9 views

EUVD-2026-26194

Missing Authorization vulnerability in Brainstorm Force SureForms Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SureForms Pro: from n/a through 2.8.0...

7.3CVSS5.2AI score0.00229EPSS
Exploits0References1
CVE
CVE
added 2026/04/12 12:45 a.m.7 views

CVE-2026-6107

Affected product: 1Panel-dev MaxKB (

5.1CVSS4.5AI score0.00212EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/04/11 12:0 a.m.8 views

PT-2026-32127

A vulnerability was detected in 1Panel-dev MaxKB up to 2.2.1. This vulnerability affects the function StaticHeadersMiddleware of the file apps/common/middleware/static headers middleware.py of the component Public Chat Interface. The manipulation of the argument Name results in cross site...

5.1CVSS4.3AI score0.00266EPSS
Exploits0References9
Snyk
Snyk
added 2026/03/18 4:41 a.m.4 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the proxy module due to blindly trusting ExternalIPs/LoadBalancer IPs. An attacker can redirect cluster-wide network traffic or disrupt DNS services by assigning arbitrary external IPs or loadBalancer IPs withou...

7.1CVSS6AI score0.00297EPSS
Exploits1References2
OSV
OSV
added 2026/02/20 8:45 a.m.5 views

BIT-NIFI-2026-25903 Apache NiFi: Missing Authorization of Restricted Permissions for Component Updates

Apache NiFi 1.1.0 through 2.7.2 are missing authorization when updating configuration properties on extension components that have specific Required Permissions based on the Restricted annotation. The Restricted annotation indicates additional privileges required to add the annotated component to...

8.7CVSS5.6AI score0.0075EPSS
Exploits0References3
OSV
OSV
added 2026/02/17 12:31 p.m.3 views

GHSA-C5W7-M8WF-XC77 Apache NiFi: Missing Authorization of Restricted Permissions for Component Updates

Apache NiFi 1.1.0 through 2.7.2 are missing authorization when updating configuration properties on extension components that have specific Required Permissions based on the Restricted annotation. The Restricted annotation indicates additional privileges required to add the annotated component to...

8.7CVSS5.6AI score0.0075EPSS
Exploits0References6
Snyk
Snyk
added 2026/02/17 10:54 a.m.2 views

Missing Authorization

Overview org.apache.nifi:nifi-web-api is a system to process and distribute data. Affected versions of this package are vulnerable to Missing Authorization when updating configuration properties on extension components with restricted permissions. An attacker can modify sensitive configuration...

8.7CVSS5.7AI score0.0075EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/17 9:54 a.m.3 views

CVE-2026-25903 Apache NiFi: Missing Authorization of Restricted Permissions for Component Updates

Apache NiFi 1.1.0 through 2.7.2 are missing authorization when updating configuration properties on extension components that have specific Required Permissions based on the Restricted annotation. The Restricted annotation indicates additional privileges required to add the annotated component to...

8.7CVSS5.6AI score0.0075EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/17 9:54 a.m.32 views

CVE-2026-25903 Apache NiFi: Missing Authorization of Restricted Permissions for Component Updates

Apache NiFi 1.1.0 through 2.7.2 are missing authorization when updating configuration properties on extension components that have specific Required Permissions based on the Restricted annotation. The Restricted annotation indicates additional privileges required to add the annotated component to...

8.7CVSS0.0075EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/25 12:0 a.m.5 views

console 路径遍历漏洞

console is an application by Grayson Groshong Individual Developer. A path traversal vulnerability exists in console versions prior to 2.8.0, which stems from a path traversal that could result in a write to a non-target directory...

8.7CVSS6.6AI score0.0037EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2022-33980

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolatio...

9.8CVSS8.3AI score0.42646EPSS
Exploits3References2
Positive Technologies
Positive Technologies
added 2025/08/19 12:0 a.m.6 views

PT-2025-33855 · Flaskblog · Flaskblog

Name of the Vulnerable Software and Affected Versions: flaskBlog versions prior to 2.8.0 Description: flaskBlog is a blog application built with Flask. A flaw exists where there is no validation of comment ownership during deletion. This allows any user to delete comments belonging to other users...

6.9CVSS7.1AI score0.00274EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/05/14 12:0 a.m.7 views

PT-2025-21163 · Netgate · Pfsense Ce

Name of the Vulnerable Software and Affected Versions: Netgate pfSense CE versions prior to 2.8.0 beta release Netgate pfSense CE corresponding Plus builds versions prior to 2.8.0 beta release Description: The issue allows remote attackers to execute arbitrary JavaScript, delete backups, or leak...

5.4CVSS8.8AI score0.01181EPSS
Exploits1References12
Positive Technologies
Positive Technologies
added 2025/05/14 12:0 a.m.6 views

PT-2025-21161 · Netgate · Pfsense Ce

Name of the Vulnerable Software and Affected Versions: Netgate pfSense CE versions prior to 2.8.0 beta release Netgate pfSense CE corresponding Plus builds versions prior to 2.8.0 beta release Description: The issue is related to Cross Site Scripting XSS in the widgets/log.widget.php file. This...

5.4CVSS8.7AI score0.03737EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2025/05/14 12:0 a.m.4 views

PT-2025-21162 · Unknown +1 · Pfsense Ce +1

Name of the Vulnerable Software and Affected Versions: pfSense CE versions prior to 2.8.0 beta release corresponding Plus builds versions prior to 2.8.0 beta release Description: The issue is related to command injection in the OpenVPN widget due to improper sanitization of user-supplied input to...

8.8CVSS9.5AI score0.11991EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2025/02/05 8:35 a.m.6 views

CVE-2024-47350

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in YITHEMES YITH WooCommerce Ajax Search yith-woocommerce-ajax-search.This issue affects YITH WooCommerce Ajax Search: from n/a through = 2.8.0...

9.3CVSS5.9AI score0.00404EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/11/12 6:49 p.m.3 views

WordPress Product Delivery Date for WooCommerce - Lite plugin <= 2.8.0 - Reflected Cross-Site Scripting vulnerability

WordPress Product Delivery Date for WooCommerce - Lite plugin = 2.8.0 - Reflected Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin Product Delivery Date for WooCommerce – Lite versions = 2.8.0...

6.1CVSS6.4AI score0.00481EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/03/19 8:20 a.m.25 views

CVE-2024-24683 Apache Hop Engine: ID isn't escaped when generating HTML

Improper Input Validation vulnerability in Apache Hop Engine.This issue affects Apache Hop Engine: before 2.8.0. Users are recommended to upgrade to version 2.8.0, which fixes the issue. When Hop Server writes links to the PrepareExecutionPipelineServlet page one of the parameters provided to the...

6.8AI score0.01239EPSS
Exploits0References2
OSV
OSV
added 2024/03/06 10:51 a.m.16 views

BIT-AIRFLOW-2023-49920 Apache Airflow: Missing CSRF protection on DAG/trigger

Apache Airflow, version 2.7.0 through 2.7.3, has a vulnerability that allows an attacker to trigger a DAG in a GET request without CSRF validation. As a result, it was possible for a malicious website opened in the same browser - by the user who also had Airflow UI opened - to trigger the executi...

6.5CVSS6.4AI score0.01032EPSS
Exploits0References4
PyPA
PyPA
added 2023/12/21 10:15 a.m.9 views

PYSEC-2023-267

Apache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable.This flaw compromises the integrity of variable management, potentially leading to unauthorized data modification.Users are recommende...

6.5CVSS6.8AI score0.0139EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder