Lucene search
K

6 matches found

Github Security Blog
Github Security Blog
added 2025/11/13 10:22 p.m.5 views

AWS Advanced NodeJS Wrapper: Privilege Escalation in Aurora PostgreSQL instance

Description of Vulnerability: An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rdssuperuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service RDS...

6.9AI score
Exploits0References4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/22 11:2 a.m.17 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in multer-1.4.5-lts.2.tgz

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in multer-1.4.5-lts.2.tgz Vulnerability Details CVEID:CVE-2025-47935 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. Versions prior to 2.0.0 are vulnerable to a resource...

7.5CVSS8.2AI score0.00697EPSS
Exploits0Affected Software1
Snyk
Snyk
added 2025/09/22 7:45 p.m.5 views

Arbitrary Argument Injection

Overview @conventional-changelog/git-client is a Simple git client for conventional changelog packages. Affected versions of this package are vulnerable to Arbitrary Argument Injection via the getTags API which allows specifying extra parameters passed to the git log command. An attacker can...

5.7CVSS7.1AI score0.00202EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2017-20162

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This issue affects the function parse of the file index.js. The...

5.3CVSS4.8AI score0.00981EPSS
Exploits1References2
Snyk
Snyk
added 2025/07/21 6:32 p.m.2 views

Improper Neutralization

Overview Affected versions of this package are vulnerable to Improper Neutralization via the handling of SMTP message input. An attacker can inject arbitrary SMTP commands by supplying specially crafted input containing carriage return and line feed characters. Remediation Upgrade...

7.5CVSS7.1AI score0.00756EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/08 12:0 a.m.2 views

PT-2024-20587 · Icinga +1 · Icinga Director +3

Name of the Vulnerable Software and Affected Versions: Icinga Director versions 1.x Icinga Director versions 1.8 through 1.11 Description: Icinga Director is a tool designed to make Icinga 2 configuration handling easy. Not any of Icinga Director's configuration forms used to manipulate the...

8.3CVSS8.2AI score0.00398EPSS
Exploits1References19
Rows per page
Query Builder