Lucene search
K

32 matches found

OSV
OSV
added 2026/05/25 9:16 p.m.8 views

UBUNTU-CVE-2026-44598

With valid login credentials, URL Redirection to Untrusted Site 'Open Redirect', Server-Side Request Forgery SSRF vulnerability in Apache Shiro. This issue affects Apache Shiro from 2.0-alpha to 2.1.0, and 3.0.0-alpha-1, only when using shiro-jakarta-ee integration module. Users are recommended t...

5.4CVSS5.9AI score0.00383EPSS
Exploits0References5
Snyk
Snyk
added 2026/05/07 9:45 p.m.11 views

Timing Attack

Overview mcp-ssh-tool is a Model Context Protocol MCP SSH client server for remote automation Affected versions of this package are vulnerable to Timing Attack in the transfer-related filesystem handling process. An attacker can access unauthorized files or directories by bypassing local path...

8.7CVSS5.8AI score
Exploits0References3
EUVD
EUVD
added 2026/03/05 12:27 a.m.9 views

EUVD-2026-9423

Multer Vulnerable to Denial of Service via Uncontrolled Recursion...

8.7CVSS5.9AI score0.00713EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/04 4:17 p.m.3 views

CVE-2026-3520 Multer vulnerable to Denial of Service via uncontrolled recursion

Multer is a node.js middleware for handling multipart/form-data. A vulnerability in Multer prior to version 2.1.1 allows an attacker to trigger a Denial of Service DoS by sending malformed requests, potentially causing stack overflow. Users should upgrade to version 2.1.1 to receive a patch. No...

8.7CVSS6AI score0.00713EPSS
Exploits0References4
OSV
OSV
added 2026/03/04 4:17 p.m.6 views

CVE-2026-3520 Multer vulnerable to Denial of Service via uncontrolled recursion

Multer is a node.js middleware for handling multipart/form-data. A vulnerability in Multer prior to version 2.1.1 allows an attacker to trigger a Denial of Service DoS by sending malformed requests, potentially causing stack overflow. Users should upgrade to version 2.1.1 to receive a patch. No...

8.7CVSS6AI score0.00713EPSS
Exploits0References11
Snyk
Snyk
added 2026/02/10 6:56 p.m.5 views

SQL Injection

Overview @evershop/evershop is a The React Ecommerce platform. Built with React and Postgres. Open-source and free. Fast and customizable. Affected versions of this package are vulnerable to SQL Injection via the category value used for update and delete operations. It is input to the execute...

9.8CVSS6.2AI score0.0032EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-29159

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00288EPSS
Exploits0References6
Snyk
Snyk
added 2025/09/17 8:42 p.m.1 views

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to using os.MkdirAll function which does not perform any permission checks when a given directory path already exists. An attacker can gain unauthorized access or modify files by...

5.1CVSS6.6AI score0.00106EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/17 8:42 p.m.2 views

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to using os.MkdirAll function which does not perform any permission checks when a given directory path already exists. An attacker can gain unauthorized access or modify files by...

5.1CVSS6.6AI score0.00106EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/17 8:42 p.m.2 views

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to using os.MkdirAll function which does not perform any permission checks when a given directory path already exists. An attacker can gain unauthorized access or modify files by...

5.1CVSS6.6AI score0.00106EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/17 8:42 p.m.1 views

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to using os.MkdirAll function which does not perform any permission checks when a given directory path already exists. An attacker can gain unauthorized access or modify files by...

5.1CVSS6.6AI score0.00106EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/17 8:23 p.m.1 views

Missing Encryption of Sensitive Data

Overview Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data via the DownloadTinyFile function. An attacker can intercept and modify file downloads by performing a man-in-the-middle attack on network traffic, potentially causing peers to receive malicious file...

6.9CVSS6.6AI score0.0013EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/17 8:23 p.m.1 views

Missing Encryption of Sensitive Data

Overview Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data via the DownloadTinyFile function. An attacker can intercept and modify file downloads by performing a man-in-the-middle attack on network traffic, potentially causing peers to receive malicious file...

6.9CVSS6.6AI score0.0013EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/17 7:28 p.m.2 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via the getAuthToken function. An attacker can cause denial of service and compromise file integrity by performing a network-level man-in-the-middle attack that provides invalid data to the process. Remediation...

6.9CVSS6.5AI score0.00159EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/17 7:27 p.m.1 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the CreatePreheat process and peer-to-peer communication mechanisms. An attacker can access internal network resources by supplying crafted URLs to API endpoints or by leveraging peer requests,...

8.7CVSS6.7AI score0.00231EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/17 7:27 p.m.1 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the CreatePreheat process and peer-to-peer communication mechanisms. An attacker can access internal network resources by supplying crafted URLs to API endpoints or by leveraging peer requests,...

8.7CVSS6.7AI score0.00231EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/17 8:49 a.m.7 views

CVE-2025-10433

A vulnerability was determined in 1Panel-dev MaxKB up to 2.0.2/2.1.0. This issue affects some unknown processing of the file /admin/api/workspace/default/tool/debug. Executing manipulation of the argument code can lead to deserialization. The attack can be executed remotely. The exploit has been...

6.5CVSS7AI score0.00288EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/15 8:2 a.m.2 views

CVE-2025-10433 1Panel-dev MaxKB debug deserialization

A vulnerability was determined in 1Panel-dev MaxKB up to 2.0.2/2.1.0. This issue affects some unknown processing of the file /admin/api/workspace/default/tool/debug. Executing manipulation of the argument code can lead to deserialization. The attack can be executed remotely. The exploit has been...

6.5CVSS6.8AI score0.00288EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/09/15 8:2 a.m.10 views

CVE-2025-10433 1Panel-dev MaxKB debug deserialization

A vulnerability was determined in 1Panel-dev MaxKB up to 2.0.2/2.1.0. This issue affects some unknown processing of the file /admin/api/workspace/default/tool/debug. Executing manipulation of the argument code can lead to deserialization. The attack can be executed remotely. The exploit has been...

6.5CVSS0.00288EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2021-32708

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specif...

9.8CVSS7.3AI score0.03486EPSS
Exploits2References2
Rows per page
Query Builder