Lucene search
K

11 matches found

RedHat Linux
RedHat Linux
added 2026/03/30 11:0 a.m.7 views

org.apache.cxf/cxf: CXF JMS Code Execution Vulnerability

A flaw was found in org.apache.cxf/cxf, where untrusted users can configure JMS to allow the specification of RMI or LDAP URLs, possibly leading to code execution. This vulnerability allows an attacker to provide malicious protocol URLs during JMS configuration...

9.8CVSS6.9AI score0.00793EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-1049

Malicious code in bioql PyPI...

8.8CVSS7.4AI score0.01618EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/05/23 3:55 a.m.11 views

CVE-2023-34102

Avo is an open source ruby on rails admin panel creation framework. The polymorphic field type stores the classes to operate on when updating a record with user input, and does not validate them in the back end. This can lead to unexpected behavior, remote code execution, or application crashes...

8.8CVSS7.3AI score0.0161EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:19 p.m.10 views

CVE-2021-32674

Zope is an open-source web application server. This advisory extends the previous advisory at https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36 with additional cases of TAL expression traversal vulnerabilities. Most Python modules are not available for using in TAL...

8.8CVSS6.6AI score0.01574EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:18 p.m.29 views

CVE-2021-21298

Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED 1.2.7 and earlier has a vulnerability which allows arbitrary path traversal via the Projects API. If the Projects feature is enabled, a user with projects.read permission is able to access any file via t...

6.5CVSS6.8AI score0.01177EPSS
Exploits0References1
OSV
OSV
added 2024/06/10 12:0 a.m.9 views

CVE-2024-37014

Langflow through 0.6.19 allows remote code execution if untrusted users are able to reach the "POST /api/v1/customcomponent" endpoint and provide a Python script...

8.8CVSS9.7AI score0.00923EPSS
Exploits1References3
Prion
Prion
added 2023/06/05 11:15 p.m.21 views

Cross site scripting

Avo is an open source ruby on rails admin panel creation framework. In affected versions some avo fields are vulnerable to Cross Site Scripting XSS when rendering html based content. Attackers do need form edit privilege in order to successfully exploit this vulnerability, but the results are...

4.9CVSS5.2AI score0.00563EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/27 6:41 p.m.121 views

opencontainers runc contains procfs race condition with a shared volume mount

Impact By crafting a malicious root filesystem with /proc being a symlink to a directory which was inside a volume shared with another running container, an attacker in control of both containers can trick runc into not correctly configuring the container's security labels and not correctly maski...

7CVSS6.8AI score0.00457EPSS
Exploits0References21Affected Software1
Positive Technologies
Positive Technologies
added 2019/07/30 12:0 a.m.11 views

PT-2019-3138 · Openssl +1 · Openssl +1

Name of the Vulnerable Software and Affected Versions: OpenSSL versions 1.0.2 through 1.0.2s OpenSSL versions 1.1.0 through 1.1.0k OpenSSL versions 1.1.1 through 1.1.1c Description: The issue is related to errors in the certificate authentication procedure. It allows an attacker to impact data...

7.4CVSS6.4AI score0.14298EPSS
Exploits3References56
OSV
OSV
added 2006/07/07 11:5 p.m.5 views

PYSEC-2006-7

Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 Zope2 does not disable the "raw" command when providing untrusted users with restructured text reStructuredText functionality from docutils, which allows local users to read arbitrary files...

2.1CVSS7AI score0.00422EPSS
Exploits0References13
Cvelist
Cvelist
added 2003/04/02 5:0 a.m.25 views

CVE-2002-0687

The "through the web code" capability for Zope 2.0 through 2.5.1 b1 allows untrusted users to shut down the Zope server via certain headers...

6.5AI score0.01467EPSS
Exploits0References5
Rows per page
Query Builder