Lucene search
K

10 matches found

NVD
NVD
added 2026/05/12 6:17 p.m.13 views

CVE-2026-44183

Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prior to 2.9.10, TrustedNetworkAuthenticationHandler.ResolveClientIp parses the leftmost entry of the X-Forwarded-For header as the client IP. That entr...

9.8CVSS0.00222EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 5:33 p.m.35 views

CVE-2026-44184 Cleanuparr: Reflective CORS combined with trusted-network auth allows cross-origin admin API reads

Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prior to 2.9.10, Cleanuparr's global CORS policy reflects every request Origin and combines it with AllowCredentials. When DisableAuthForLocalAddresses ...

8CVSS0.0012EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/09 8:2 p.m.10 views

CVE-2025-11554 Portabilis i-Educar User Type AccessLevelController.php insecure inherited permissions

A security vulnerability has been detected in Portabilis i-Educar up to 2.9.10. Affected by this issue is some unknown functionality of the file app/Http/Controllers/AccessLevelController.php of the component User Type Handler. The manipulation leads to insecure inherited permissions. The attack...

6.5CVSS0.00351EPSS
Exploits1References4
OSV
OSV
added 2025/07/02 3:15 p.m.4 views

UBUNTU-CVE-2025-52891

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.8 to before 2.9.11, an empty XML tag can cause a segmentation fault. If SecParseXmlIntoArgs is set to On or OnlyArgs, and the request type is application/xml, and at least...

6.5CVSS7AI score0.00346EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/06/02 12:0 a.m.2 views

ModSecurity 安全漏洞

ModSecurity is an open source, cross-platform web application firewall WAF engine from OWASP ModSecurity Open Source. A security vulnerability exists in ModSecurity versions prior to 2.9.10, which stems from a sanitiseArg operation that may add too many parameters, potentially resulting in a deni...

7.5CVSS8AI score0.0076EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/05/23 7:50 a.m.8 views

CVE-2024-11338

The PIXNET Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gtm' and 'venue' parameters in all versions up to, and including, 2.9.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-lev...

6.4CVSS5AI score0.00316EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/01/01 12:0 a.m.15 views

PT-2021-3164

Name of the Vulnerable Software and Affected Versions FasterXML jackson-databind versions 2.x before 2.9.10.8 FasterXML jackson-databind versions 2.6.x before 2.6.7.5 Description The issue is related to the interaction between serialization gadgets and typing, specifically with the...

9.3CVSS6.8AI score0.20929EPSS
Exploits11References44
RedHat Linux
RedHat Linux
added 2020/05/28 3:58 p.m.3 views

jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.8CVSS7.1AI score0.02959EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/05/18 10:24 a.m.4 views

jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.8CVSS7.1AI score0.06278EPSS
Exploits0References5
CNVD
CNVD
added 2019/09/29 12:0 a.m.1 views

FasterXML jackson-databind input validation error vulnerability (CNVD-2019-37149)

FasterXML Jackson is a U.S. FasterXML company for Java data processing tools . jackson-databind is one of the components with data binding capabilities . An input validation error vulnerability exists in FasterXML jackson-databind versions prior to 2.9.10. The vulnerability stems from a network...

9.8CVSS6.7AI score0.04918EPSS
Exploits0References1
Rows per page
Query Builder