Lucene search
K

15 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/22 9:16 p.m.6 views

CVE-2026-48510

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, when MessagePack-CSharp decompresses Lz4Block or Lz4BlockArray payloads, it reads declared uncompressed lengths from the wire and allocates output buffers based on those lengths before validating that the compressed...

7.5CVSS5.9AI score0.00236EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.8 views

UTT HiPER 1200GW 安全漏洞

UTT HiPER 1200GW is a wireless gateway device developed by UTT Corporation. Versions of UTT HiPER 1200GW prior to 2.5.3-170306 contained security vulnerabilities. These vulnerabilities were caused by incorrect operations with the strcpy function in the file/goform/formTaskEdit, which could lead t...

9CVSS8.4AI score0.00472EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/05/15 1:57 a.m.12 views

CVE-2026-44380

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, an improper access control vulnerability in the authentication key reset functionality allowed an authenticated organization administrator to reset authentication keys belonging to site administrator accounts within...

8.6CVSS5.8AI score0.00403EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/14 2:36 p.m.11 views

CVE-2026-42186 OpenBao's Namespace Deletion May Not Delete Data Properly

OpenBao is an open source identity-based secrets management system. Prior to 2.5.3, when OpenBao's initial namespace deletion fails, subsequent retries fail to properly remove all data before marking the namespace as deleted. This can affect any outstanding leases as well as potentially leaving...

2.3CVSS5.8AI score0.00248EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/07 8:57 a.m.20 views

CVE-2026-34903 WordPress Ocean Extra plugin <= 2.5.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in OceanWP Ocean Extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ocean Extra: from n/a through 2.5.3...

5.4CVSS0.00293EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.5 views

PT-2026-30810

Name of the Vulnerable Software and Affected Versions OceanWP Ocean Extra versions through 2.5.3 Description An authorization issue exists in OceanWP Ocean Extra. This allows exploitation due to incorrectly configured access control security levels. Recommendations Update OceanWP Ocean Extra to a...

5.4CVSS5.8AI score0.00293EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/28 11:9 p.m.5 views

CVE-2026-33953

LinkAce is a self-hosted archive to collect website links. Versions prior to 2.5.3 block direct requests to private IP literals, but still performs server-side requests to internal-only resources when those resources are referenced through an internal hostname. This allows an authenticated user t...

8.5CVSS5.9AI score0.00274EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/26 6:53 p.m.5 views

CVE-2026-33149 Tandoor Recipes Vulnerable to Host Header Injection

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Versions up to and including 2.5.3 set ALLOWEDHOSTS = '' by default, which causes Django to accept any value in the HTTP Host header without validation. The application uses request.buildabsoluteu...

8.1CVSS5.9AI score0.00304EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/19 5:11 p.m.5 views

EUVD-2025-204580

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.8.1 through 2.52.0, an attacker with an account on a CVAT instance is able to retrieve the contents of any file system directory accessible to the CVAT server. The exposed information is names of...

5.3CVSS6.1AI score0.0024EPSS
Exploits0References2
OSV
OSV
added 2025/12/19 5:11 p.m.5 views

CVE-2025-68430 CVAT vulnerable to directory traversal via mounted share listing

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.8.1 through 2.52.0, an attacker with an account on a CVAT instance is able to retrieve the contents of any file system directory accessible to the CVAT server. The exposed information is names of...

5.3CVSS6.5AI score0.0024EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/17 10:2 a.m.5 views

CVE-2025-64248

Missing Authorization vulnerability in emarket-design Request a Quote request-a-quote allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Request a Quote: from n/a through = 2.5.3...

4.3CVSS7AI score0.00185EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/11 9:59 p.m.8 views

WordPress Foxtool All-in-One: Contact chat button, Custom login, Media optimize images plugin <= 2.5.2 - Cross-Site Request Forgery to Google OAuth Connection vulnerability

Cross-Site Request Forgery to Google OAuth Connection vulnerability discovered by D01EXPLOIT OFFICIAL in WordPress Plugin Foxtool All-in-One versions = 2.5.2...

4.3CVSS6.7AI score0.00145EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/09/22 6:22 p.m.10 views

CVE-2025-58703

CVE-2025-58703: Stored XSS in Skyword API Plugin (WordPress) affecting Skyword API Plugin versions up to 2.5.3. Impact per CVSS: NETWORK attack, Low to Low confidentiality/integrity/availability, UI interaction required. Connected sources indicate the issue is currently Unpatched (no public fix d...

6.5CVSS5.9AI score0.00196EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 3:28 a.m.4 views

SUSE CVE-2022-23578

Tensorflow is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of ImmutableExecutorState::Initialize. Here, we set item-kernel to nullptr but it is a simple OpKernel pointer so the memory that was previously allocated to it...

4.3CVSS4.7AI score0.00716EPSS
Exploits1References3
CNVD
CNVD
added 2017/08/25 12:0 a.m.5 views

HP Integrated Lights-out 4 Remote Code Execution Vulnerability

HP Integrated Lights-Out 4 iLO 4 is an embedded server management technology from Hewlett-Packard HP in the United States that monitors and maintains server operations, remote control of servers, and more through an integrated remote management port. A security vulnerability exists in versions of...

10CVSS9.1AI score0.99335EPSS
Exploits9References1
Rows per page
Query Builder