Lucene search
K

16 matches found

NVD
NVD
added 2026/06/26 1:16 p.m.8 views

CVE-2026-57915

It is possible to bypass the Kerberos pre-authentication check in Apache Kerby by sending a PA-DATA with an unrecognized or unsupported type. Users are recommended to upgrade to version 2.1.2, which fixes this issue...

7.3CVSS0.00321EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/26 12:9 p.m.6 views

CVE-2026-57915 Apache Kerby: Kerberos Pre-Authentication Bypass

It is possible to bypass the Kerberos pre-authentication check in Apache Kerby by sending a PA-DATA with an unrecognized or unsupported type. Users are recommended to upgrade to version 2.1.2, which fixes this issue...

5.7AI score0.00321EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 12:9 p.m.21 views

CVE-2026-57915

CVE-2026-57915 affects Apache Kerby: Kerberos pre-authentication can be bypassed by sending a PA-DATA with an unrecognized/unsupported type. The issue is enabled by the underlying pre-auth check and is fixed in Apache Kerby version 2.1.2. Reported impact from sources indicates a high-severity con...

7.3CVSS5.7AI score0.00321EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/26 11:28 a.m.5 views

EUVD-2026-39648

By sending a deeply nested ASN1 structure to a Apache Kerby client or service, it's possible to trigger a StackOverFlow Exception which can lead to denial of service issues. Users are recommended to upgrade to version 2.1.2, which fixes this issue...

6.5CVSS5.7AI score0.00294EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/08 12:15 a.m.5 views

Not Failing Securely ('Failing Open')

Overview rack-session is a session implementation for Rack. Affected versions of this package are vulnerable to Not Failing Securely 'Failing Open' in the Rack::Session::Cookie function when it is configured with the secrets: option. An attacker can gain unauthorized access or escalate privileges...

9.8CVSS5.8AI score0.0027EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/09 9:30 a.m.11 views

CVE-2023-43701

Improper payload validation and an improper REST API response type, made it possible for an authenticated malicious actor to store malicious code into Chart's metadata, this code could get executed if a user specifically accesses a specific deprecated API endpoint. This issue affects Apache...

5.4CVSS6.8AI score0.01004EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/17 12:0 a.m.13 views

PT-2025-4847 · Boltdb +2 · Boltdb +2

Name of the Vulnerable Software and Affected Versions: zot versions prior to 2.1.2 Description: The issue arises from the way group data is stored for users in the boltdb database, specifically as an append-list. This leads to group revocations or removals being ignored in the API. When a user lo...

8.9CVSS6.4AI score0.0104EPSS
Exploits2References90
Positive Technologies
Positive Technologies
added 2024/09/02 12:0 a.m.4 views

PT-2024-29968 · Github · Actions/Artifact

Name of the Vulnerable Software and Affected Versions: actions/artifact versions 2.0.0 through 2.1.1 actions/artifact versions 2.1.2 through 2.1.6 Description: The issue concerns arbitrary file write when using downloadArtifactInternal, downloadArtifactPublic, or streamExtractExternal for...

8.6CVSS7.2AI score0.03037EPSS
Exploits4References24
Positive Technologies
Positive Technologies
added 2024/05/30 12:0 a.m.5 views

PT-2024-40404 · Thelia · Thelia

Name of the Vulnerable Software and Affected Versions: Thelia versions 2.1.0 through 2.1.1 Description: The BackOffice of Thelia has a cross-site scripting issue in the error.html template. Recommendations: For versions 2.1.0 and 2.1.1, update to version 2.1.2 to resolve the issue...

6.1CVSS6.6AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/01/22 12:0 a.m.3 views

PT-2024-19824 · Nautobot · Nautobot

Name of the Vulnerable Software and Affected Versions: Nautobot versions prior to 1.6.10 Nautobot versions prior to 2.1.2 Description: Nautobot is a Network Source of Truth and Network Automation Platform built as a web application. Due to inadequate input sanitization, any user-editable fields...

7.1CVSS5.7AI score0.00433EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2024/01/18 12:0 a.m.6 views

PT-2024-19279 · Nextcloud · Nextcloud Global Site Selector

Name of the Vulnerable Software and Affected Versions: Nextcloud Global Site Selector versions prior to 1.4.1 Nextcloud Global Site Selector versions prior to 2.1.2 Nextcloud Global Site Selector versions prior to 2.3.4 Nextcloud Global Site Selector versions prior to 2.4.5 Description: The...

9.8CVSS9.4AI score0.00755EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2023/11/27 12:0 a.m.8 views

PT-2023-28919 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions prior to 2.1.2 Description: The issue is caused by improper payload validation and an improper REST API response type. This allows an authenticated malicious actor to store malicious code into Chart's metadata. The co...

5.4CVSS7.1AI score0.01004EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2023/11/27 12:0 a.m.5 views

PT-2023-28376 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions prior to 2.1.2 Description: The issue allows authenticated users to read configured CSS templates and annotations due to unnecessary read permissions within the Gamma role. Recommendations: For versions prior to 2.1.2...

4.3CVSS6.9AI score0.0086EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2023/02/15 3:56 a.m.3 views

SUSE CVE-2020-15210

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b a...

6.5CVSS6.4AI score0.00729EPSS
Exploits1References3
Snyk
Snyk
added 2022/04/22 9:13 a.m.4 views

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

Overview git-interface is an interface to work with a git repository in node.js Affected versions of this package are vulnerable to Improper Neutralization of Argument Delimiters in a Command 'Argument Injection'. The API may be abused if user input is able to provide a valid directory on disk an...

10CVSS7AI score0.03816EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2020/12/22 12:0 a.m.5 views

PT-2020-17015 · Multi-Ini · Multi-Ini

Name of the Vulnerable Software and Affected Versions: multi-ini versions prior to 2.1.2 Description: The issue allows an object's prototype to be polluted by specifying the constructor.proto object as part of an array, effectively bypassing a previous security measure. Recommendations: For...

8.1CVSS8.4AI score0.01517EPSS
Exploits1References7
Rows per page
Query Builder