Lucene search
K

13 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.7 views

CVE-2026-43936

e107 is a content management system CMS. Prior to 2.3.4, you can access the local environment by specifying the URL of the local environment from "Image/File URL:" of "From a remote location" in "Media Manager" on the administrator screen. This vulnerability is fixed in 2.3.4...

4.3CVSS5.5AI score0.00193EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.9 views

CVE-2026-33031

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, a user who was disabled by an administrator can use previously issued API tokens for up to the token lifetime. In practice, disabling a compromised account does not actually terminate that user’s access, so an...

8.6CVSS5.4AI score0.00274EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2026/04/30 2:25 a.m.7 views

SUSE CVE-2026-41140

Poetry is a dependency manager for Python. Prior to 2.3.4, the extractall function in src/poetry/utils/helpers.py:410-426 extracts sdist tarballs without path traversal protection on Python versions where tarfile.datafilter is unavailable. Considering only Python versions which are still supporte...

2.3CVSS5.4AI score0.00294EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/04/06 11:25 p.m.3 views

SUSE CVE-2026-33026

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui backup restore mechanism allows attackers to tamper with encrypted backup archives and inject malicious configuration during restoration. This issue has been patched in version 2.3.4...

9.4CVSS5.7AI score0.00328EPSS
Exploits1References3
OSV
OSV
added 2026/03/30 5:59 p.m.5 views

CVE-2026-33027 Nginx UI: Improper Path Validation Allows Recursive Deletion of the Nginx Configuration Directory

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui configuration improperly handles URL-encoded traversal sequences. When specially crafted paths are supplied, the backend resolves them to the base Nginx configuration directory and executes the operati...

6.9CVSS5.8AI score0.00397EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/21 5:11 a.m.3 views

CVE-2026-27198

Formwork is a flat file-based Content Management System CMS. In versions 2.0.0 through 2.3.3, the application fails to properly enforce role-based authorization during account creation. Although the system validates that the specified role exists, it does not verify whether the current user has...

8.8CVSS5.6AI score0.00415EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.5 views

PT-2026-20766

Missing Authorization vulnerability in PI Web Solution Live sales notification for WooCommerce live-sales-notifications-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live sales notification for WooCommerce: from n/a through = 2.3.46...

5.5AI score0.00042EPSS
Exploits0References1
NVD
NVD
added 2026/01/08 10:15 a.m.3 views

CVE-2025-22708

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove Mitech mitech allows PHP Local File Inclusion.This issue affects Mitech: from n/a through = 2.3.4...

8.1CVSS0.00512EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:58 p.m.9 views

CVE-2022-34013

OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery SSRF vulnerability via the Logo parameter under the Link module...

4.3CVSS7.4AI score0.00527EPSS
Exploits1References1
Oracle linux
Oracle linux
added 2025/04/28 12:0 a.m.55 views

glibc security update

2.34-125.0.1.8 - Forward-port Oracle patches for ol9-u5 glibc-2.34-125.0.1.8 Reviewed by: David Faust Oracle history:...

7.5CVSS7.5AI score0.00349EPSS
Exploits0
CNNVD
CNNVD
added 2024/03/20 12:0 a.m.2 views

OneBlog 安全漏洞

OneBlog is a Java blog. A cross-site scripting vulnerability exists in OneBlog v2.3.4, which stems from the lack of effective filtering and escaping of user-supplied data in the component rootpath/links, and can be exploited by an attacker to execute arbitrary web script or HTML by injecting a...

6.1CVSS6AI score0.00375EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/02/15 3:36 a.m.3 views

SUSE CVE-2021-43396

In iconvdata/iso-2022-jp-3.c in the GNU C Library aka glibc 2.34, remote attackers can force iconv to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv use cases. NOTE: the vendor states "t...

7.5CVSS8.7AI score0.02943EPSS
Exploits1References3
OSV
OSV
added 2021/01/04 3:15 p.m.2 views

DEBIAN-CVE-2020-35495

There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34...

5.5CVSS6.3AI score0.01156EPSS
Exploits1References1
Rows per page
Query Builder