Lucene search
K

24 matches found

Cvelist
Cvelist
added 2026/06/25 8:45 a.m.28 views

CVE-2026-56091 Apache Shiro: Authentication bypass in Guice-Web integration

When using Apache Shiro with the shiro-guice module in a web servlet context, a specially crafted HTTP request may cause an authentication bypass. This vulnerability is similar to https://vulners.com/cve/CVE-2020-1957 https://www.cve.org/CVERecord , except that it affects the shiro-guice module...

8.2CVSS0.00422EPSS
Exploits0References1
OSV
OSV
added 2026/05/20 11:48 a.m.10 views

BIT-GDAL-2026-8213 OSGeo gdal Grid File GDapi.c GDSDfldsrch heap-based overflow

A vulnerability has been found in OSGeo gdal up to 3.13.0. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has be...

5.5CVSS5.5AI score0.00258EPSS
Exploits1References9
UbuntuCve
UbuntuCve
added 2026/05/09 11:16 p.m.10 views

CVE-2026-8213

A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit h...

5.5CVSS5.8AI score0.00258EPSS
Exploits1References9
OSV
OSV
added 2026/05/03 9:56 a.m.10 views

OESA-2026-2151 libXpm security update

X.Org X11 libXpm runtime library Security Fixes: A vulnerability was found in X.org libXpm up to 3.5.4. It has been classified as problematic.CWE is classifying the issue as CWE-125. The product reads data past the end, or before the beginning, of the intended buffer.This is going to have an impa...

5.5CVSS5.5AI score0.00129EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/14 8:8 a.m.5 views

EUVD-2026-22227

Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX. tencent-cloud-cls log export uses plaintext HTTP This issue affects Apache APISIX: from 2.99.0 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which fixes the issue...

5.3CVSS5.8AI score0.00238EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/09 12:31 p.m.3 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure due to the exposure of sensitive data to unauthorized actors. An attacker can access sensitive data such as database credentials by exploiting this vulnerability. Workaround This vulnerability can be mitigated by...

7.5CVSS7.2AI score0.01201EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/23 12:0 a.m.7 views

PT-2026-22021

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.23.0 Description FreeRDP is a free implementation of the Remote Desktop Protocol. A previous fix for a heap-use-after-free issue was incomplete. The vulnerable code exists in the SDL2 implementation, where a pointer...

9.8CVSS5.4AI score0.00756EPSS
Exploits25References54
NVD
NVD
added 2026/02/19 4:27 p.m.6 views

CVE-2026-25738

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Versions prior to 3.3.10 are vulnerable to server-side request forgery. Indico makes outgoing requests to user-provides URLs in various places. This is mostly intentional and part of...

6.9CVSS0.00189EPSS
Exploits0References3
CVE
CVE
added 2026/02/09 10:33 a.m.30 views

CVE-2026-22922

CVE-2026-22922 affects Apache Airflow versions 3.1.0–3.1.6, where an authorization flaw could allow an authenticated user with custom permissions limited to task access to view task logs without task-log access. The issue has been fixed in Airflow 3.1.7 and later. Practical impact is limited to l...

6.5CVSS5.4AI score0.00382EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2025/12/13 4:16 p.m.5 views

CVE-2025-14607

A vulnerability was detected in OFFIS DCMTK up to 3.6.9. Affected by this issue is the function DcmByteString::makeDicomByteString of the file dcmdata/libsrc/dcbytstr.cc of the component dcmdata. The manipulation results in memory corruption. The attack can be launched remotely. Upgrading to...

6.5CVSS0.00233EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/09/16 12:0 a.m.5 views

PT-2025-38753

Name of the Vulnerable Software and Affected Versions versions prior to 3.2 Description A timing attack issue exists in the SCRAM Java implementation due to the use of Arrays.equals for comparing sensitive values like client proofs and server signatures. Arrays.equals performs a short-circuit...

8.7CVSS6.8AI score0.00835EPSS
Exploits0References33
OSV
OSV
added 2024/04/18 3:15 p.m.8 views

AZL-43372 CVE-2024-27306 affecting package python-aiohttp 3.6.2-3

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server e.g. nginx for serving static files. Users following th...

6.1CVSS6.7AI score0.00666EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/07/21 12:0 a.m.4 views

PT-2023-26182 · Opendds · Opendds

Name of the Vulnerable Software and Affected Versions: OpenDDS versions prior to 3.25 Description: OpenDDS is an open source C++ implementation of the Object Management Group OMG Data Distribution Service DDS. It crashes while parsing a malformed PID PROPERTY LIST in a DATA submessage during...

7.5CVSS7.5AI score0.00755EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2023/06/07 12:0 a.m.11 views

PT-2023-24680 · Zxcvbn-Ts · Zxcvbn-Ts

Name of the Vulnerable Software and Affected Versions: zxcvbn-ts versions prior to 3.0.2 Description: This issue affects users running on the NodeJS platform who are using the second argument of the zxcvbn function. It can result in unbounded resource consumption as the user inputs array is...

7.5CVSS7.4AI score0.00496EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/05/23 12:0 a.m.4 views

PT-2023-17043 · Unknown · Mobilmen Terminal

Name of the Vulnerable Software and Affected Versions: Mobilmen Terminal Software versions prior to 3 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...

9.8CVSS9.7AI score0.0062EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/03/02 12:0 a.m.11 views

PT-2023-20452

Name of the Vulnerable Software and Affected Versions Saleor versions prior to 3.1.48 Saleor versions prior to 3.7.59 Saleor versions prior to 3.8.0 Saleor versions prior to 3.9.27 Saleor versions prior to 3.10.14 Saleor versions prior to 3.11.12 Description Some internal Python exceptions are no...

5.3CVSS6.1AI score0.00751EPSS
Exploits0References16
SUSE CVE
SUSE CVE
added 2023/02/15 3:46 a.m.3 views

SUSE CVE-2021-21330

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In aiohttp before version 3.7.4 there is an open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website. It is caused by a bug in the...

8.2CVSS8.6AI score0.01905EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/01/24 12:0 a.m.3 views

PT-2023-12824

Name of the Vulnerable Software and Affected Versions simple-git versions prior to 3.16.0 Description The issue is related to Remote Code Execution RCE due to improper input sanitization in the clone, pull, push, and listRemote methods. This vulnerability exists because of an incomplete fix of a...

9.8CVSS7.4AI score0.02712EPSS
Exploits1References18
Positive Technologies
Positive Technologies
added 2022/12/25 12:0 a.m.4 views

PT-2022-8296 · Github · Hide Files On Github

Name of the Vulnerable Software and Affected Versions: Hide Files on GitHub versions up to 2.x Description: A problematic issue has been found in Hide Files on GitHub, affecting the function addEventListener of the file extension/options.js. This issue leads to cross-site scripting and can be...

6.1CVSS4.3AI score0.00516EPSS
Exploits0References9
OSV
OSV
added 2022/09/28 5:15 a.m.5 views

CVE-2022-3333

A vulnerability, which was classified as problematic, was found in Zephyr Project Manager up to 3.2.4. Affected is an unknown function of the file /v1/tasks/create/ of the component REST Call Handler. The manipulation of the argument onanimationstart leads to cross site scripting. It is possible ...

5.4CVSS3.9AI score0.00427EPSS
Exploits1References2
Rows per page
Query Builder