Lucene search
K

14 matches found

Debian
Debian
added 2026/06/23 6:23 p.m.5 views

[SECURITY] [DSA 6363-1] python-urllib3 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6363-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 23, 2026 https://www.debian.org/security/faq -...

8.2CVSS5.7AI score0.00527EPSS
Exploits0
Snyk
Snyk
added 2026/04/10 3:36 p.m.4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via improper authorization checks in the CanDoAPIRoute process. An attacker can delete project backgrounds by using an API token with only the projects.background permission, bypassing intended access controls fo...

5.4CVSS5.8AI score0.00222EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 3:35 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the import process. An attacker can exhaust server storage and potentially cause service disruption by uploading compressed zip files containing files that exceed the configur...

7.1CVSS5.8AI score0.00338EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/30 9:17 a.m.8 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to HTTP Request Smuggling vulnerability due to gunicorn

Summary gunicorn is used by IBM watsonx Orchestrate Developer Edition as part of image: wxo-rag-tool Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM watsonx Orchestrate Developer...

5.9AI score
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/22 2:57 p.m.3 views

CVE-2025-64097

NervesHub is a web service that allows users to manage over-the-air OTA firmware updates of devices in the field. A vulnerability present starting in version 1.0.0 and prior to version 2.3.0 allowed attackers to brute-force user API tokens due to the predictable format of previously issued tokens...

9.5CVSS5.5AI score0.00422EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/01/20 7:45 p.m.2 views

Arbitrary Code Injection

Overview binary-parser is a Blazing-fast binary parser builder Affected versions of this package are vulnerable to Arbitrary Code Injection via malicious field names. An attacker can execute arbitrary JavaScript code by supplying untrusted values in the field names or encoding parameters, which a...

9.8CVSS6.2AI score0.00505EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/16 5:45 p.m.3 views

Deserialization of Untrusted Data

Overview isaaclab is an Isaac Lab Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the deserialization process. An attacker can achieve arbitrary code execution by providing specially crafted data to be deserialized. Details Serialization is a process of...

9.8CVSS7.7AI score0.0054EPSS
Exploits0References2
Snyk
Snyk
added 2025/07/25 4:42 p.m.3 views

Arbitrary File Upload

Overview hybridauth/hybridauth is a PHP Social Authentication Library Affected versions of this package are vulnerable to Arbitrary File Upload via install.php, which remains accessible post-installation. An attacker can execute arbitrary PHP code on the server by injecting malicious input into t...

9.8CVSS7.7AI score0.01601EPSS
Exploits0References2
Snyk
Snyk
added 2025/03/12 6:32 p.m.3 views

Insertion of Sensitive Information into Externally-Accessible File or Directory

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Externally-Accessible File or Directory due to the inclusion of sensitive credentials in provenance events. An attacker with read access to the provenance events can gain unauthorized access to...

6.9CVSS6.8AI score0.01135EPSS
Exploits0References2
OSV
OSV
added 2023/11/30 12:15 p.m.6 views

CVE-2023-49733

Improper Restriction of XML External Entity Reference vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue...

9.8CVSS5.8AI score0.01292EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/11/30 12:0 a.m.3 views

PT-2023-31312 · Apache · Apache Cocoon

Name of the Vulnerable Software and Affected Versions: Apache Cocoon versions 2.2.0 through 2.2.x before 2.3.0 Apache Cocoon version 2.2.0 Description: The issue is related to an Improper Restriction of XML External Entity Reference, which allows users to inject malicious code into XML documents...

9.8CVSS9.6AI score0.01292EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2023/11/16 12:0 a.m.4 views

PT-2023-30474 · WordPress · So Wp Pinyin Slugs

Name of the Vulnerable Software and Affected Versions: SO WP Pinyin Slugs plugin versions prior to 2.3.0 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. Recommendations: For SO WP Pinyin Slugs plugin version...

5.9CVSS5.3AI score0.00394EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2021/04/15 12:0 a.m.5 views

PT-2021-18209 · Sydent · Sydent

Name of the Vulnerable Software and Affected Versions: Sydent versions 2.2.0 and prior Description: The issue is related to missing input validation of some parameters on the endpoints used to confirm third-party identifiers, which could cause excessive use of disk space and memory leading to...

5.3CVSS4.4AI score0.00927EPSS
Exploits0References10
NCSC
NCSC
added 2020/03/20 12:0 a.m.3 views

Vulnerability fixed in Ruby JSON gem

A vulnerability has been fixed in the JSON gem that is provided by default included in the Ruby installation. The vulnerability allows a malicious party to perform attacks that can lead to the following categories of damage: Manipulation of data. Remote code execution User rights Ruby has release...

7.5CVSS7.7AI score0.13911EPSS
Exploits0
Rows per page
Query Builder