Lucene search
K

359 matches found

RedhatCVE
RedhatCVE
added 2025/02/22 8:22 p.m.22 views

CVE-2025-27097

GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as MongoDB, MySQL, and PostgreSQL. When a user transforms on the root level or single source with...

7.5CVSS6.8AI score0.00399EPSS
Exploits0References1
NVD
NVD
added 2025/02/20 9:15 p.m.15 views

CVE-2025-27097

GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as MongoDB, MySQL, and PostgreSQL. When a user transforms on the root level or single source with...

7.5CVSS0.00399EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/20 8:15 p.m.10 views

CVE-2025-27097 Cache variables with the operations when transforms exist on the root level even if variables change in the further requests with the same operation

GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as MongoDB, MySQL, and PostgreSQL. When a user transforms on the root level or single source with...

5.1CVSS6.6AI score0.00399EPSS
Exploits0References1
Veracode
Veracode
added 2025/02/14 6:43 a.m.7 views

Improper Data Encryption

Temporal api-go is vulnerable to Improper Data Encryption. The vulnerability is due to missing Data Converter transformations due to the update response information not being processed by the Data Converter when using a gRPC proxy with the api-go module, leading to unencrypted data exposure...

2CVSS5.9AI score0.0009EPSS
Exploits0References4Affected Software1
RedHat Linux
RedHat Linux
added 2025/02/12 9:37 a.m.3 views

firefox: thunderbird: Use-after-free in XSLT

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash...

9.8CVSS7.3AI score0.01196EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2025/02/12 4:23 a.m.5 views

firefox: thunderbird: Use-after-free in XSLT

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash...

9.8CVSS7.3AI score0.01196EPSS
Exploits0References10
OSV
OSV
added 2025/02/12 3:31 a.m.6 views

GHSA-Q9W6-CWJ4-GF4P Unencrypted transmission in Temporal api-go library

The Temporal api-go library prior to version 1.44.1 did not send update response information to Data Converter when the proxy package within the api-go module was used in a gRPC proxy prior to transmission. This resulted in information contained within the update response field not having Data...

2CVSS5.9AI score0.0009EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/02/11 4:42 p.m.2 views

firefox: thunderbird: Use-after-free in XSLT

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash...

9.8CVSS7.3AI score0.01196EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2025/02/11 11:29 a.m.5 views

firefox: thunderbird: Use-after-free in XSLT

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash...

9.8CVSS7.3AI score0.01196EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2025/02/06 11:37 a.m.4 views

firefox: thunderbird: Use-after-free in XSLT

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash...

9.8CVSS7.3AI score0.01196EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2025/02/06 11:30 a.m.5 views

firefox: thunderbird: Use-after-free in XSLT

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash...

9.8CVSS7.3AI score0.01196EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2025/01/24 12:0 a.m.12 views

PT-2025-2936

Name of the Vulnerable Software and Affected Versions HL7 FHIR IG publisher versions prior to 1.7.4 Description The HL7 FHIR IG publisher is vulnerable to XML external entity injections due to XSLT transforms performed by various components. This issue can be exploited by submitting a malicious X...

8.6CVSS5.9AI score0.00547EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.6 views

PT-2025-33109

Name of the Vulnerable Software and Affected Versions: Active Storage versions 5.2.0 through 8.0.2.1 Description: Active Storage allows the use of potentially unsafe image transformation methods and parameters by default. This can lead to command injection vulnerabilities when arbitrary...

9.2CVSS9.5AI score0.02388EPSS
Exploits0References23
Positive Technologies
Positive Technologies
added 2024/10/14 12:0 a.m.7 views

PT-2024-7417 · Splunk · Splunk Cloud Platform +1

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.3.1 Splunk Enterprise versions prior to 9.2.3 Splunk Enterprise versions prior to 9.1.6 Splunk Cloud Platform versions prior to 9.2.2403.107 Splunk Cloud Platform versions prior to 9.1.2312.204 Splunk Clo...

6.8CVSS6.8AI score0.00541EPSS
Exploits0References11
OSV
OSV
added 2024/09/06 7:45 p.m.2 views

GHSA-6CR6-PH3P-F5RF XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`

Impact XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where extern...

8.6CVSS5.7AI score0.00975EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/09/06 12:0 a.m.2 views

PT-2024-31547 · Unknown · Hl7 Fhir Core Artifacts

Name of the Vulnerable Software and Affected Versions: HL7 FHIR Core Artifacts repository versions prior to 6.3.23 Description: The issue concerns XML external entity injections in XSLT transforms performed by various components. A processed XML file with a malicious DTD tag could produce XML...

8.6CVSS7AI score0.00975EPSS
Exploits0References12
OpenVAS
OpenVAS
added 2024/08/28 12:0 a.m.20 views

openSUSE Security Advisory (SUSE-SU-2024:2786-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.4CVSS6.9AI score0.01257EPSS
Exploits0References9
Fedora
Fedora
added 2024/07/05 6:22 a.m.21 views

[SECURITY] Fedora 40 Update: python-astropy-5.3.3-1.fc40

The Astropy project is a common effort to develop a single core package for Astronomy. Major packages such as PyFITS, PyWCS, vo, and asciitable already merged in, and many more components being worked on. In particular, we are developing imaging, photometric, and spectroscopic functionality, as...

8.4CVSS8.4AI score0.01124EPSS
Exploits1
Fedora
Fedora
added 2024/07/05 1:18 a.m.16 views

[SECURITY] Fedora 39 Update: python-astropy-5.3.3-1.fc39

The Astropy project is a common effort to develop a single core package for Astronomy. Major packages such as PyFITS, PyWCS, vo, and asciitable already merged in, and many more components being worked on. In particular, we are developing imaging, photometric, and spectroscopic functionality, as...

8.4CVSS8.4AI score0.01124EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2024/05/16 12:0 a.m.4 views

The vulnerability in the compilation of compilers for various programming languages in the GNU Compiler Collection (GCC) relates to the incorrect handling of the sum of a pointer and an integer. This vulnerability allows an attacker to trigger a service failure or cause other adverse effects.

The vulnerability in the compiler set for various programming languages in the GNU Compiler Collection GCC relates to the incorrect handling of the sum of a pointer and an integer, when the sum is greater than or equal to the pointer, without using transformations. This can lead to the...

9CVSS5.6AI score0.01253EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder