Lucene search
K

182 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/08/14 8:53 a.m.6 views

Security Bulletin: Multiple security vulnerabilities have been identified in IBM Db2 shipped with IBM Security Guardium Key Lifecycle Manager

Summary IBM Db2 is shipped as a component of IBM Security Key Lifecycle Manager SKLM/GKLM. Information about multiple security vulnerabilities affecting IBM Db2 has been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

9.8CVSS8.1AI score0.01966EPSS
Exploits2Affected Software1
Positive Technologies
Positive Technologies
added 2025/08/14 12:0 a.m.4 views

PT-2025-33252

Name of the Vulnerable Software and Affected Versions: ThemeMove Makeaholic versions through 1.8.4 Description: The software contains an Improper Control of Filename for Include/Require Statement, also known as a PHP Remote File Inclusion issue. This allows for PHP Local File Inclusion...

9.8CVSS5.5AI score0.00364EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/08/14 12:0 a.m.8 views

PT-2025-33381 · Unknown · Bplugins B Blocks

Name of the Vulnerable Software and Affected Versions: bPlugins B Blocks versions through 2.0.5 Description: The software contains a DOM-Based Cross-site Scripting issue due to Improper Neutralization of Input During Web Page Generation. Recommendations: Update bPlugins B Blocks to a version late...

6.5CVSS6.8AI score0.00196EPSS
Exploits0References3
ICS
ICS
added 2025/08/12 12:0 a.m.6 views

Siemens SIMATIC S7-PLCSIM

SUMMARY Affected products do not properly sanitize user-controllable input when parsing project files. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. Siemens has released new versions for several affected products and recommends...

8.5CVSS7.8AI score0.00172EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/08/08 6:29 a.m.3 views

WordPress plugin "Advanced Custom Fields" vulnerable to HTML injection

Overview Advanced Custom Fields provided by WPEngine, Inc. contains the following vulnerability. HTML injection WE-94 - CVE-2025-54940 Shogo Kumamaru of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

4.6CVSS7AI score0.00193EPSS
Exploits0References4
Amazon
Amazon
added 2025/08/08 12:0 a.m.4 views

Medium: jackson-core

Issue Overview: jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth...

8.7CVSS6.8AI score0.00634EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/07/09 12:0 a.m.4 views

PT-2025-28889

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 5.12.0-rc2-syzkaller-00467-g0d7588ab9ef9 and earlier. Description: A flaw exists in the Linux kernel's task switching routine on RISC-V architecture. Specifically, the issue relates to the handling of the SR SUM status...

7.8CVSS6.4AI score0.00167EPSS
Exploits0References215
Tenable Nessus
Tenable Nessus
added 2025/06/12 12:0 a.m.32 views

Amazon Linux 2 : git (ALAS-2025-2884)

The version of git installed on the remote host is prior to 2.47.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2884 advisory. Git is a source code management tool. When cloning from a server or fetching, or pushing, informational or error messages are...

8.8CVSS7.8AI score0.00494EPSS
Exploits1References4
Amazon
Amazon
added 2025/06/10 12:0 a.m.3 views

Medium: git

Issue Overview: Git is a source code management tool. When cloning from a server or fetching, or pushing, informational or error messages are transported from the remote Git process to the client via the so-called "sideband channel". These messages will be prefixed with "remote:" and printed...

7.5CVSS7.5AI score0.00494EPSS
Exploits1
Amazon
Amazon
added 2025/06/02 12:0 a.m.5 views

Important: perl-Mojolicious

Issue Overview: Mojolicious versions from 0.999922 through 9.39 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default. These predictable default secrets can be exploited to forge session cookies. An attacker who knows or guesses the secret could...

8.1CVSS6.7AI score0.00473EPSS
Exploits2
OpenVAS
OpenVAS
added 2025/05/26 12:0 a.m.4 views

Fedora: Security Advisory (FEDORA-2025-99f0d93d68)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 8:10 a.m.8 views

CVE-2024-54142

Discourse AI is a Discourse plugin which provides a number of AI features. When sharing Discourse AI Bot conversations into posts, if the conversation had HTML entities those could leak into the Discourse application when a user visited a post with a onebox to said conversation. This issue has be...

9CVSS6.4AI score0.00406EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:33 a.m.11 views

CVE-2024-22407

Shopware is an open headless commerce platform. In the Shopware CMS, the state handler for orders fails to sufficiently verify user authorizations for actions that modify the payment, delivery, and/or order status. Due to this inadequate implementation, users lacking 'write' permissions for order...

6.5CVSS6.8AI score0.004EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:14 a.m.9 views

CVE-2024-25107

WikiDiscover is an extension designed for use with a CreateWiki managed farm to display wikis. On Special:WikiDiscover, the Language::date function is used when making the human-readable timestamp for inclusion on the wikicreation column. This function uses interface messages to translate the nam...

6.1CVSS6AI score0.00402EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:6 a.m.7 views

CVE-2023-34099

Shopware is an open source e-commerce software. The mail validation in the registration process had some flaws, so it was possible to construct different mail addresses, that in the end result in the same address, which is shared by multiple accounts. This issue has been addressed in version 5.7....

5.3CVSS6.9AI score0.00649EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:24 a.m.7 views

CVE-2023-43644

Sing-box is an open source proxy system. Affected versions are subject to an authentication bypass when specially crafted requests are sent to sing-box. This affects all SOCKS5 inbounds with user authentication and an attacker may be able to bypass authentication. Users are advised to update to...

9.8CVSS7AI score0.00679EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 1:55 a.m.7 views

CVE-2023-24814

TYPO3 is a free and open source Content Management Framework released under the GNU General Public License. In affected versions the TYPO3 core component GeneralUtility::getIndpEnv uses the unfiltered server environment variable PATHINFO, which allows attackers to inject malicious content. In...

8.8CVSS6AI score0.00831EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:55 p.m.7 views

CVE-2022-23615

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with SCRIPT right can save a document with the right of the current user which allow accessing API requiring programming right if the current user has programming...

5.5CVSS6.7AI score0.00684EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:53 p.m.5 views

CVE-2021-43829

PatrOwl is a free and open-source solution for orchestrating Security Operations. In versions prior to 1.7.7 PatrowlManager unrestrictly handle upload files in the findings import feature. This vulnerability is capable of uploading dangerous type of file to server leading to XSS attacks and...

8.8CVSS6.6AI score0.59246EPSS
Exploits1
Amazon
Amazon
added 2025/05/13 12:0 a.m.8 views

Important: tomcat10

Issue Overview: Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException...

9.8CVSS7.3AI score0.66933EPSS
Exploits6
Rows per page
Query Builder