Lucene search
K

25 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/24 2:4 p.m.5 views

Security Bulletin: The Network Threat Analytics App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. Network Threat Analytics App for IBM QRadar SIEM has addressed the applicable CVEs in an update. Vulnerability Details CVEID:CVE-2026-0994 DESCRIPTION: A...

8.2CVSS5.8AI score0.00613EPSS
Exploits0Affected Software1
Snyk
Snyk
added 2026/05/12 3:6 p.m.6 views

Improper Check for Unusual or Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions when handling field names containing control characters in schemas or JSON descriptors. An attacker can cause runtime errors and disrupt application functionality by supplying crafted...

6.9CVSS5.9AI score0.00431EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/10 1:30 a.m.3 views

CVE-2026-5998

A flaw has been found in zhayujie chatgpt-on-wechat CowAgent up to 2.0.4. This affects the function dispatch of the file agent/memory/service.py of the component API Memory Content Endpoint. This manipulation of the argument filename causes path traversal. The attack can be initiated remotely. Th...

6.9CVSS5.6AI score0.00632EPSS
Exploits0References7Affected Software1
Snyk
Snyk
added 2025/11/10 10:43 p.m.2 views

Allocation of Resources Without Limits or Throttling

Overview bugsink is a Self-hosted Error Tracking Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the Brotli Decompression process. An attacker can cause the server to exhaust available memory by sending highly compressed Brotli streams,...

8.7CVSS6.8AI score0.00457EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/04 6:39 p.m.1 views

Missing Authentication

Overview Affected versions of this package are vulnerable to Missing Authentication in the xDS interface. An attacker can access sensitive configuration data, including certificate information, backend service details, routing rules, and cluster metadata, by connecting to the exposed port without...

6CVSS6.5AI score0.00154EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/25 8:41 a.m.19 views

CVE-2025-48392

A vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.3.3 through 1.3.4, from 2.0.1-beta through 2.0.4. Users are recommended to upgrade to version 2.0.5, which fixes the issue...

7.5CVSS6.9AI score0.00562EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/09/24 9:30 a.m.13 views

Apache IoTDB: DoS Vulnerability

A vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.3.3 through 1.3.4, from 2.0.1-beta through 2.0.4. Users are recommended to upgrade to version 2.0.5, which fixes the issue...

7.5CVSS7AI score0.00562EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/09/24 9:30 a.m.11 views

GHSA-776Q-JW43-FHJX Apache IoTDB: Deserialization of untrusted Data

Summary Apache IoTDB deserializes data from external inputs without sufficient validation, allowing attacker-controlled serialized objects to be processed. In environments where a compatible gadget chain is reachable, this can be abused to execute arbitrary code or alter server state; at minimum ...

9.3CVSS6.2AI score0.00457EPSS
Exploits0References7
Snyk
Snyk
added 2025/09/24 9:30 a.m.5 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the procedure module. An attacker can execute arbitrary code by sending specially crafted procedure files. Details Serialization is a process of converting an object into a sequence of bytes which c...

9.3CVSS7.8AI score0.00457EPSS
Exploits0References2
OSV
OSV
added 2025/09/24 9:30 a.m.3 views

GHSA-VX84-XVR8-W24C Apache IoTDB: DoS Vulnerability

A vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.3.3 through 1.3.4, from 2.0.1-beta through 2.0.4. Users are recommended to upgrade to version 2.0.5, which fixes the issue...

8.7CVSS7AI score0.00562EPSS
Exploits0References4
OSV
OSV
added 2025/09/24 8:15 a.m.11 views

PYSEC-2025-88

Deserialization of Untrusted Data vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 2.0.5. Users are recommended to upgrade to version 2.0.5, which fixes the issue...

5.3CVSS5.8AI score0.00457EPSS
Exploits0References3
NVD
NVD
added 2025/09/24 8:15 a.m.5 views

CVE-2025-48392

A vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.3.3 through 1.3.4, from 2.0.1-beta through 2.0.4. Users are recommended to upgrade to version 2.0.5, which fixes the issue...

7.5CVSS0.00562EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/24 7:59 a.m.9 views

CVE-2025-48392 Apache IoTDB: DoS Vulnerability

A vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.3.3 through 1.3.4, from 2.0.1-beta through 2.0.4. Users are recommended to upgrade to version 2.0.5, which fixes the issue...

0.00562EPSS
Exploits0References1
OSV
OSV
added 2025/09/24 7:59 a.m.5 views

CVE-2025-48392 Apache IoTDB: DoS Vulnerability

A vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.3.3 through 1.3.4, from 2.0.1-beta through 2.0.4. Users are recommended to upgrade to version 2.0.5, which fixes the issue...

7.5CVSS5.9AI score0.00562EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/09/24 7:59 a.m.2 views

CVE-2025-48392 Apache IoTDB: DoS Vulnerability

A vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.3.3 through 1.3.4, from 2.0.1-beta through 2.0.4. Users are recommended to upgrade to version 2.0.5, which fixes the issue...

6.6AI score0.00562EPSS
Exploits0References1
CVE
CVE
added 2025/09/24 7:59 a.m.25 views

CVE-2025-48392

Apache IoTDB contains a DoS vulnerability affecting 1.3.3–1.3.4 and 2.0.1-beta–2.0.4. The issue is fixed in 2.0.5. CVSS v3.1 metrics from NVD indicate HIGH impact with Availability loss (A=HIGH) and no confidentiality/integrity impact, network attack vector, low complexity, no auth required. Affe...

7.5CVSS6.6AI score0.00562EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/09/24 7:57 a.m.14 views

CVE-2025-48459 Apache IoTDB: Deserialization of untrusted Data

Deserialization of Untrusted Data vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 2.0.5. Users are recommended to upgrade to version 2.0.5, which fixes the issue...

0.00457EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/24 12:0 a.m.7 views

PT-2025-39234

Name of the Vulnerable Software and Affected Versions Apache IoTDB versions 1.3.3 through 1.3.4 Apache IoTDB versions 2.0.1-beta through 2.0.4 Description A security issue exists in Apache IoTDB. Upgrade to version 2.0.5 to resolve the problem. Recommendations Upgrade to version 2.0.5...

7.5CVSS6.5AI score0.00562EPSS
Exploits0References9
Snyk
Snyk
added 2025/05/21 5:43 p.m.1 views

Incorrect Privilege Assignment

Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment due to the incorrect assignment of cgroup hierarchy. An attacker can cause a denial of service of the Kubernetes node by exploiting this misconfiguration, where some Kubernetes limits are not honored. This...

7.5CVSS6.8AI score0.00242EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/07/01 12:0 a.m.6 views

PT-2024-28436 · WordPress · Basil +1

Name of the Vulnerable Software and Affected Versions: The Basil recipe theme for WordPress versions up to, and including, 2.0.4 Description: The issue is related to Persistent Cross-Site Scripting XSS via the post title parameter due to insufficient input sanitization and output escaping. This...

5.4CVSS6AI score0.00298EPSS
Exploits0References4
Rows per page
Query Builder