Lucene search
K

9 matches found

Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.22 views

PT-2026-29684

A vulnerability was found in priyankark a11y-mcp up to 1.0.5. This vulnerability affects the function A11yServer of the file src/index.js. The manipulation results in server-side request forgery. The attack must be initiated from a local position. The exploit has been made public and could be use...

5.3CVSS5.6AI score0.0013EPSS
Exploits0References7
EUVD
EUVD
added 2026/03/16 3:30 p.m.5 views

EUVD-2026-12222

A vulnerability has been found in Radare2 5.9.9. This issue affects the function walkexportstrie of the file libr/bin/format/mach0/mach0.c of the component Mach-O File Parser. Such manipulation leads to resource consumption. The attack can only be performed from a local environment. The exploit h...

4.8CVSS5.2AI score0.00115EPSS
Exploits0References8
OSV
OSV
added 2026/03/09 11:16 a.m.4 views

CVE-2025-69219

A user with access to the DB could craft a database entry that would result in executing code on Triggerer - which gives anyone who have access to DB the same permissions as Dag Author. Since direct DB access is not usual and recommended for Airflow, the likelihood of it making any damage is low...

8.8CVSS5.9AI score
Exploits0References3
Snyk
Snyk
added 2026/02/24 3:28 p.m.7 views

Incorrect Authorization

Overview apache-superset is a modern, enterprise-ready business intelligence web application. Affected versions of this package are vulnerable to Incorrect Authorization during the dataset creation process. An attacker can gain unauthorized access to restricted data by overwriting the SQL query o...

7.1CVSS6AI score0.00436EPSS
Exploits0References2
Snyk
Snyk
added 2025/04/10 1:49 p.m.3 views

Information Exposure

Overview org.webjars.npm:vite is a Native-ESM powered web dev build tool Affected versions of this package are vulnerable to Information Exposure due to the handling of req.url which may contain unexpected characters such as . An attacker can access and retrieve the contents of arbitrary files by...

6.5CVSS6.9AI score0.01736EPSS
Exploits2References2
OSV
OSV
added 2025/03/31 9:15 p.m.2 views

DEBIAN-CVE-2025-3015

A vulnerability classified as critical has been found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::ASEImporter::BuildUniqueRepresentation of the file code/AssetLib/ASE/ASELoader.cpp of the component ASE File Handler. The manipulation of the argument mIndices leads ...

8.8CVSS5.8AI score0.00474EPSS
Exploits1References1
OSV
OSV
added 2025/03/31 9:15 p.m.7 views

UBUNTU-CVE-2025-3016

A vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function Assimp::MDLImporter::ParseTextureColorData of the file code/AssetLib/MDL/MDLMaterialLoader.cpp of the component MDL File Handler. The manipulation of the argument...

6.5CVSS4.9AI score0.00581EPSS
Exploits1References8
Snyk
Snyk
added 2023/04/11 10:2 p.m.4 views

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE by allowing an attacker to load a runtime DLL from an unexpected location. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-x86 to version 6.0.16, 7.0.5 or higher. References - Advisory - GitHub Commit -...

7.8CVSS7.5AI score0.01531EPSS
Exploits0References2
Snyk
Snyk
added 2022/10/18 9:46 p.m.4 views

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE where a stack buffer overrun occurs in .NET Double Parse routine. Remediation Upgrade Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-x64 to version 6.0.3 or higher. References - Dotnet Announcement - Dotnet...

8.8CVSS7.6AI score0.01556EPSS
Exploits0References2
Rows per page
Query Builder