Lucene search
K

6 matches found

OSV
OSV
added 2026/02/05 10:43 a.m.3 views

SUSE-SU-2026:20232-1 Security update for golang-github-prometheus-prometheus

This update for golang-github-prometheus-prometheus fixes the following issues: Update to version 3.5.0: Security issues fixed: - CVE-2025-13465: prototype pollution in the .unset and .omit functions can lead to deletion of methods from global bsc1257329. - CVE-2025-12816: interpretation conflict...

8.6CVSS6.7AI score0.01535EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/01/12 12:0 a.m.4 views

PT-2026-1734

Name of the Vulnerable Software and Affected Versions MLFlow versions up to and including 3.4.0 Description MLFlow versions up to and including 3.4.0 are susceptible to DNS rebinding attacks because of missing Origin header validation within the MLFlow REST server. This allows malicious websites ...

8.1CVSS7.9AI score0.00193EPSS
Exploits1References13
NVD
NVD
added 2025/10/09 2:15 p.m.6 views

CVE-2025-62228

Apache Flink CDC version 3.4.0 was vulnerable to a SQL injection via maliciously crafted identifiers eg. crafted database name or crafted table name. Even through only the logged-in database user can trigger the attack, we recommend users update Flink CDC version to 3.5.0 which address this issue...

8.8CVSS0.00415EPSS
Exploits0References2
CVE
CVE
added 2025/10/09 1:15 p.m.498 views

CVE-2025-62228

CVE-2025-62228 affects Apache Flink CDC: version 3.4.0 is vulnerable to SQL injection via maliciously crafted identifiers (e.g., database or table names). The issue can be triggered by a logged-in database user, with remediation to upgrade to 3.5.0 (or apply fixes per advisories). Connected docum...

8.8CVSS7.5AI score0.00415EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/01/06 12:0 a.m.8 views

PT-2025-1013 · Openvpn · Openvpn Connect

Name of the Vulnerable Software and Affected Versions: OpenVPN Connect versions prior to 3.5.0 Description: The issue is related to the logging of clear-text private keys in the application log, which can be used by an unauthorized actor to decrypt VPN traffic. This could allow attackers to acces...

7.8CVSS9.1AI score0.00526EPSS
Exploits0References29
OSV
OSV
added 2019/02/18 11:39 p.m.19 views

GHSA-RHVC-X32H-5526 No CSRF Validation in droppy

Affected versions of droppy are vulnerable to cross-site socket forgery. The package does not perform verification for cross-domain websocket requests, and as a result, an attacker can create a web page that opens up a websocket connection on behalf of the user visiting the page. The attacker can...

8.8CVSS8.7AI score0.00493EPSS
Exploits0References3
Rows per page
Query Builder