Lucene search
K

20 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/05/17 9:24 p.m.12 views

Security Bulletin: Cargo in IBM Open SDK for Rust on AIX uses a vulnerable version of openssl (CVE-2026-41676, CVE-2026-41677, CVE-2026-41678, CVE-2026-41681)

Summary The cargo package manager in IBM Open SDK for Rust on AIX 1.90.0.1 and 1.92.0.1 uses versions 0.10.73 and 0.10.74 of the openssl crate, which provides Rust bindings for the OpenSSL library. Several security-related bugs, such as buffer overflows, were identified in these versions of the...

9.8CVSS6AI score0.00373EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/09 11:0 p.m.7 views

CVE-2026-8213 OSGeo gdal Grid File GDapi.c GDSDfldsrch heap-based overflow

A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit h...

5.3CVSS5.7AI score0.00258EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-40170

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2qlogparameterssettransportparams serializes peer transport parameters...

7.5CVSS6AI score0.00776EPSS
Exploits1References2
OSV
OSV
added 2026/04/09 8:16 p.m.1 views

DEBIAN-CVE-2026-34500

CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M14 through 11.0.20, from 10.1.22 through 10.1.53, from 9.0.92 through 9.0.116. Users are recommended to upgrade to...

6.5CVSS5.3AI score0.00469EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/03/28 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-27859

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A mail message containing excessive amount of RFC 2231 MIME parameters causes LMTP to use too much CPU. A suitably formatted mail message causes mail delivery...

5.3CVSS5.8AI score0.00374EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/30 5:20 p.m.13 views

Security Bulletin: Weaker than expected SQL injection protection may affect IBM Business Automation Workflow traditional - CVE-2025-5878

Summary IBM Business Automation Workflow embedded Navigator packages a vulnerable library of ESAPI. Vulnerability Details CVEID:CVE-2025-5878 DESCRIPTION: A vulnerability was found in ESAPI esapi-java-legacy and classified as problematic. This issue affects the interface Encoder.encodeForSQL of t...

7.5CVSS5AI score0.004EPSS
Exploits1Affected Software1
OSV
OSV
added 2026/01/08 12:39 a.m.5 views

CVE-2026-21877 n8n is vulnerable to Remote Code Execution via Arbitrary File Write

n8n is an open source workflow automation platform. In versions 0.121.2 and below, an authenticated attacker may be able to execute malicious code using the n8n service. This could result in full compromise and can impact both self-hosted and n8n Cloud instances. This issue is fixed in version...

9.9CVSS7.2AI score0.05258EPSS
Exploits1References4
CVE
CVE
added 2025/12/16 12:23 a.m.15 views

CVE-2025-67736

The CVE-2025-67736 entry concerns the FreePBX tts (Text to Speech) module. Affected versions are prior to 16.0.5 and 17.0.5. The vulnerability is an SQL injection exploitable by authenticated users with administrator access via the Administrator Control Panel (ACP). Successful exploitation can di...

8.6CVSS7.5AI score0.06233EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/11 1:30 p.m.7 views

Security Bulletin: Due to the use of Eclipse JGit, IBM webMethods Integration is affected by denial of service, and other security issues.

Summary Eclipse JGit is used by IBM webMethods Integration in repository function CVE-2025-4949 Vulnerability Details CVEID:CVE-2025-4949 DESCRIPTION: In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implemen...

6.8CVSS6.4AI score0.0104EPSS
Exploits1Affected Software1
Positive Technologies
Positive Technologies
added 2025/10/29 12:0 a.m.12 views

PT-2025-44295

Name of the Vulnerable Software and Affected Versions Jenkins Curseforge Publisher Plugin version 1.0 Description The Jenkins Curseforge Publisher Plugin version 1.0 stores API Keys unencrypted in config.xml files on the Jenkins controller. These files are accessible to users with Item/Extended...

4.3CVSS6.4AI score0.00158EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/01 3:20 p.m.9 views

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to an issue in Eclipse Jetty

Summary There is vulnerability in Eclipse Jetty used by Install Agent in IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-1948 DESCRIPTION: In Eclipse Jetty versions 12.0.0 t...

7.5CVSS6.5AI score0.00625EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2025/04/01 12:0 a.m.11 views

PT-2025-14432 · Wisdomlogix Solutions Pvt. · Fonts Manager | Custom Fonts

Name of the Vulnerable Software and Affected Versions: Wisdomlogix Solutions Pvt. Ltd. Fonts Manager | Custom Fonts versions 1.2 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for...

7.1CVSS7.1AI score0.00294EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/08/29 12:0 a.m.6 views

PT-2024-38666 · WordPress · Beaver Builder

Name of the Vulnerable Software and Affected Versions: Beaver Builder – WordPress Page Builder versions up to, and including, 2.8.3.5 Description: The issue is related to Stored Cross-Site Scripting via the type parameter due to insufficient input sanitization and output escaping. This allows...

6.4CVSS5.8AI score0.00377EPSS
Exploits0References13
OSV
OSV
added 2024/03/06 11:5 a.m.30 views

BIT-SOLR-2023-50292 Apache Solr: Solr Schema Designer blindly "trusts" all configsets, possibly leading to RCE by unauthenticated users

Incorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr. This issue affects Apache Solr: from 8.10.0 through 8.11.2, from 9.0.0 before 9.3.0. The Schema Designer was introduced to allow users to more easily configu...

7.5CVSS7.1AI score0.0305EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/12/17 1:15 p.m.5 views

CVE-2022-4588

A vulnerability, which was classified as problematic, was found in Boston Sleep slice up to 84.1.x. Affected is an unknown function of the component Layout Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 84.2.0 is able to...

6.1CVSS4AI score0.00511EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2022/11/20 1:31 p.m.4 views

Improper Input Validation

Overview cgi is a Support for the Common Gateway Interface protocol. Affected versions of this package are vulnerable to Improper Input Validation due to improper validation of CGI::Cookie content, which allows an attacker to inject invalid attributes in the Set-Cookie header and insert a newline...

8.8CVSS6.8AI score0.02287EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/09/16 12:0 a.m.4 views

PT-2022-23088

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier Description The issue occurs when tf.quantization.fake quant with min max vars per channel...

7.5CVSS7.1AI score0.00383EPSS
Exploits0References17
OSV
OSV
added 2022/05/25 12:15 p.m.2 views

DEBIAN-CVE-2022-30322

go-getter up to 1.5.11 and 2.0.2 allowed asymmetric resource exhaustion when go-getter processed malicious HTTP responses. Fixed in 1.6.1 and 2.1.0...

8.6CVSS6.8AI score0.01279EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2018/06/17 12:0 a.m.6 views

PT-2018-3897 · Oracle +1 · Mysql Server

Name of the Vulnerable Software and Affected Versions: Oracle MySQL Server versions 8.0.11 and prior Description: The issue is related to inadequate access control in the Server: Replication component of Oracle MySQL Server. This can be exploited by a remote attacker to cause a denial of service...

6.8CVSS5.4AI score0.02EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2004/07/09 12:0 a.m.36 views

Mozilla Browsers shell: URI Arbitrary Command Execution

The remote host is using Mozilla and/or Firefox, a web browser. The remote version of this software contains a weakness that could allow an attacker to execute arbitrary commands on the remote host. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid12642;...

10CVSS6AI score0.05262EPSS
Exploits0References4
Rows per page
Query Builder