Lucene search
K

21 matches found

Snyk
Snyk
added 2026/04/15 2:9 a.m.4 views

Improper Validation of Specified Type of Input

Overview fastify is an overhead web framework, for Node.js. Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input via the schema.body.content when a space is prepended to the Content-Type header. An attacker can bypass input validation by sending...

8.7CVSS5.7AI score0.00408EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:19 p.m.3 views

CVE-2025-60012

Malicious configuration can lead to unauthorized file access in Apache Livy. This issue affects Apache Livy 0.7.0 and 0.8.0 when connecting to Apache Spark 3.1 or later. A request that includes a Spark configuration value supported from Apache Spark version 3.1 can lead to users gaining access to...

6.3CVSS5.9AI score0.00488EPSS
Exploits1References1
Snyk
Snyk
added 2026/02/24 1:52 a.m.3 views

Infinite loop

Overview Magick.NET-Q16-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

7.5CVSS6AI score0.00327EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/06 5:19 p.m.3 views

CVE-2026-1769 Stored XSS on Xerox CentreWare Web 7.0.6

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Xerox CentreWare on Windows allows Stored XSS.This issue affects CentreWare: through 7.0.6. Consider upgrading Xerox® CentreWare Web® to v7.2.2.25 via the software available on Xerox.com...

5.3CVSS5.4AI score0.00146EPSS
Exploits0References1
Snyk
Snyk
added 2025/12/16 12:43 a.m.3 views

Improper Verification of Cryptographic Signature

Overview altcha-lib is an A library for creating and verifying ALTCHA challenges for Node.js, Bun and Deno. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the HMAC computation. An attacker can bypass intended challenge expiration and reuse...

6.9CVSS6.8AI score0.00262EPSS
Exploits0References2
NVD
NVD
added 2025/09/11 6:15 p.m.6 views

CVE-2025-58065

Flask-AppBuilder is an application development framework. Prior to version 4.8.1, when Flask-AppBuilder is configured to use OAuth, LDAP, or other non-database authentication methods, the password reset endpoint remains registered and accessible, despite not being displayed in the user interface...

6.5CVSS0.00376EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/11/20 12:0 a.m.4 views

PT-2024-16605 · WordPress · Getwid

Name of the Vulnerable Software and Affected Versions: Getwid – Gutenberg Blocks plugin for WordPress versions up to, and including, 2.0.12 Description: The issue is related to Stored Cross-Site Scripting via the template-post-custom-field block due to insufficient input sanitization and output...

6.4CVSS8AI score0.00306EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2024/05/27 12:0 a.m.5 views

PT-2024-3950 · Logpoint · Logpoint Saml Authentication

Name of the Vulnerable Software and Affected Versions: Logpoint SAML Authentication versions prior to 6.0.3 Description: An issue in Logpoint SAML Authentication allows an attacker to place a crafted filename in the state field of a SAML SSO-URL response. This can lead to the deletion of the file...

9.4CVSS7.6AI score0.00422EPSS
Exploits0References5
OSV
OSV
added 2024/01/02 8:6 p.m.45 views

CVE-2023-51652 OWASP.AntiSamy mXSS when preserving comments

OWASP AntiSamy .NET is a library for performing cleansing of HTML coming from untrusted sources. Prior to version 1.2.0, there is a potential for a mutation cross-site scripting mXSS vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerabilit...

6.1CVSS6.3AI score0.00447EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/04/12 12:0 a.m.30 views

Fedora 37 : php-Smarty (2023-4b03f6cd8a)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-4b03f6cd8a advisory. 3.1.48 - 2023-03-28 Security - Fixed Cross site scripting vulnerability in Javascript escaping. This addresses CVE-2023-28447. Fixed - Output buffer...

7.1CVSS7.2AI score0.01025EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/12/28 12:0 a.m.2 views

PT-2022-28108 · Unknown · Usememos/Memos

Name of the Vulnerable Software and Affected Versions: usememos/memos versions prior to 0.9.1 Description: The issue is related to improper access control in the usememos/memos GitHub repository. Specifically, in versions prior to 0.9.1, users can edit and delete all other users' shortcuts...

8.2CVSS8.3AI score0.00571EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2022/10/10 12:0 a.m.3 views

PT-2022-28257 · Softwarex · Softwarex

Name of the Vulnerable Software and Affected Versions: SoftwareX versions prior to 2.2.1 Description: The issue is related to the default cookie name prefix, which was set to Host instead of Host-. This prefix is used for additional security to ensure the cookie came from the correct domain when ...

7.2AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/09/17 12:0 a.m.1 views

PT-2022-34576 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.9.326 Description: The issue is related to a use-after-free error in the linkwatch on disconnect. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions...

7.2AI score
Exploits0References1
Prion
Prion
added 2022/03/18 12:15 p.m.26 views

Memory corruption

Memory leak in icmp6 implementation in Linux Kernel 5.13+ allows a remote attacker to DoS a host by making it go out-of-memory via icmp6 packets of type 130 or 131. We recommend upgrading past commit 2d3916f3189172d5c69d33065c3c21119fe539fc...

7.8CVSS7.3AI score0.04919EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2021/04/13 12:0 a.m.4 views

PT-2021-23137 · Unknown +1 · Freeswitch +1

Name of the Vulnerable Software and Affected Versions: FreeSWITCH versions prior to v1.10.6 Description: The issue concerns the lack of authentication for SIP requests of the type SUBSCRIBE in FreeSWITCH. This allows attackers to subscribe to user agent event notifications without authentication,...

8.6CVSS6.3AI score0.0352EPSS
Exploits19References32
Prion
Prion
added 2018/12/19 2:29 p.m.17 views

Cross site scripting

The message-page.jsp error page used the value of the HTTP request header X-ProxyContextPath without sanitization, resulting in a reflected XSS attack. Mitigation: The fix to correctly parse and sanitize the request attribute value was applied on the Apache NiFi 1.8.0 release. Users running a pri...

4.3CVSS5.9AI score0.02758EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2018/10/09 10:29 p.m.29 views

Code injection

In Apache Tika 1.19 CVE-2018-11761, we added an entity expansion limit for XML parsing. However, Tika reuses SAXParsers and calls reset after each parse, which, for Xerces2 parsers, as per the documentation, removes the user-specified SecurityManager and thus removes entity expansion limits after...

5CVSS7.3AI score0.09635EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2017/05/26 9:29 p.m.17 views

Code injection

For versions of Apache Knox from 0.2.0 to 0.11.0 - an authenticated user may use a specially crafted URL to impersonate another user while accessing WebHDFS through Apache Knox. This may result in escalated privileges and unauthorized data access. While this activity is audit logged and can be...

4.9CVSS6.5AI score0.00752EPSS
Exploits0References3Affected Software1
Cloud Foundry
Cloud Foundry
added 2015/06/17 12:0 a.m.67 views

CVE-2015-1328 - overlayfs privilege escalation | Cloud Foundry

CVE-2015-1328 – overlayfs privilege escalation High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS with 3.16 kernel Description Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to...

7.8CVSS7.1AI score0.37679EPSS
Exploits22
OpenVAS
OpenVAS
added 2008/12/26 12:0 a.m.28 views

Opera Web Browser Multiple Vulnerabilities - Dec08 (Windows)

The host is installed with Opera web browser and is prone to multiple Vulnerabilities. OpenVAS Vulnerability Test $Id: secpodoperamultvulndec08win.nasl 6519 2017-07-04 14:08:14Z cfischer $ Opera Web Browser Multiple Vulnerabilities - Dec08 Windows Authors: Chandan S Copyright: Copyright c 2008...

9.3CVSS1.1AI score0.07508EPSS
Exploits0References5
Rows per page
Query Builder