Lucene search
K

32 matches found

CVE
CVE
added 2026/06/21 5:45 a.m.27 views

CVE-2026-12781

CVE-2026-12781 affects EaseUS Partition Master up to 14.5. The flaw is in the kernel driver epmntdrv.sys, in an unknown function, enabling local, low-privilege access to escalate due to improper access control. Exploitation is publicly available and has been demonstrated as a local-facing vulnera...

8.5CVSS6.5AI score0.00112EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.13 views

GitLab 13.7 < 18.9.7 / 18.10 < 18.10.6 / 18.11 < 18.11.3 (CVE-2026-3160)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Unintended Proxy or Intermediary 'Confused Deputy' in GitLab CVE-2026-3160 Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

5.8CVSS5.8AI score0.00224EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/04/09 8:16 p.m.4 views

CVE-2026-32990

Improper Input Validation vulnerability in Apache Tomcat due to an incomplete fix of CVE-2025-66614. This issue affects Apache Tomcat: from 11.0.15 through 11.0.19, from 10.1.50 through 10.1.52, from 9.0.113 through 9.0.115. Users are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116,...

5.3CVSS5.8AI score0.00307EPSS
Exploits0References2
OSV
OSV
added 2026/03/05 1:2 a.m.5 views

GHSA-V2X6-WWFW-R2RQ Agentgateway is missing parameter sanitization in MCP to OpenAPI conversion

Summary When converting MCP tools/call request to OpenAPI request, input path, query, and header values are not sanitized. Details When using the MCP to OpenAPI feature, the proxy lacks proper sanitization of input parameters in the MCP call, allowing: Injection of additional path or query...

4.9CVSS6AI score0.00144EPSS
Exploits0References4
Snyk
Snyk
added 2026/02/24 1:35 a.m.4 views

Integer Overflow or Wraparound

Overview Magick.NET-Q16-HDRI-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

7.5CVSS6AI score0.00275EPSS
Exploits0References2
NVD
NVD
added 2026/01/08 1:15 a.m.8 views

CVE-2026-21877

n8n is an open source workflow automation platform. In versions 0.121.2 and below, an authenticated attacker may be able to execute malicious code using the n8n service. This could result in full compromise and can impact both self-hosted and n8n Cloud instances. This issue is fixed in version...

9.9CVSS0.05258EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/29 7:26 a.m.6 views

Security Bulletin: Vulnerability in AIOHTTP affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in AIOHTTP has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabili...

7.5CVSS7.7AI score0.00297EPSS
Exploits0Affected Software2
Atlassian
Atlassian
added 2025/11/14 6:28 a.m.14 views

DoS (Denial of Service) Third-Party Dependency in Bitbucket Data Center and Server - CVE-2021-33587

This High severity vulnerability known as CVE-2021-33587 was introduced in 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6, 8.19.7, 8.19.8, 8.19.9, 8.19.10, 8.19.11, 8.19.12, 8.19.13, 8.19.14, 8.19.15 of Bitbucket Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CV...

7.5CVSS6.8AI score0.02267EPSS
Exploits0
Cvelist
Cvelist
added 2025/10/10 10:23 p.m.9 views

CVE-2025-62159 External Secrets Operator's BeyondTrust Provider has Insecure Secret Retrieval

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. A vulnerability was discovered in the BeyondTrust provider implementation for External Secrets Operator versions 0.10.1 through 0.19.2. The provider previously...

8.7CVSS0.00285EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/22 1:18 p.m.7 views

Security Bulletin: Vulnerability in tar-fs package affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in tar-fs has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabilit...

7.5CVSS6.4AI score0.02186EPSS
Exploits2Affected Software2
Cvelist
Cvelist
added 2025/08/21 12:1 a.m.30 views

CVE-2025-27215

An Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi Connect Display Cast devices to make unsupported changes to the system. Affected Products: UniFi Connect Display Cast Version 1.10.3 and earlier UniFi Connect Display Cast Pro Version 1.0.89 and...

0.00238EPSS
Exploits0References1
Microsoft KB
Microsoft KB
added 2025/08/12 7:0 a.m.40 views

August 12, 2025—KB5063875 (OS Builds 22621.5768 and 22631.5768)

August 12, 2025—KB5063875 OS Builds 22621.5768 and 22631.5768 Windows Secure Boot certificate expirationImportant: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. Microsoft has been updating these certificates on consumer and non-managed business...

9.8CVSS6.8AI score0.36074EPSS
Exploits5
PyPA
PyPA
added 2024/11/15 9:15 a.m.9 views

PYSEC-2024-182

Apache Airflow versions before 2.10.3 contain a vulnerability that could expose sensitive configuration variables in task logs. This vulnerability allows DAG authors to unintentionally or intentionally log sensitive configuration variables. Unauthorized users could access these logs, potentially...

7.5CVSS6.8AI score0.01295EPSS
Exploits0References3Affected Software1
PyPA
PyPA
added 2024/08/05 8:15 a.m.11 views

PYSEC-2024-265

Insufficient Session Expiration vulnerability in Apache Airflow Providers FAB.This issue affects Apache Airflow Providers FAB: 1.2.1 when used with Apache Airflow 2.9.3 and FAB 1.2.0 for all Airflow versions. The FAB provider prevented the user from logging out. FAB provider 1.2.1 only affected...

9.8CVSS5.8AI score0.00921EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/08/05 8:15 a.m.13 views

PYSEC-2024-265

Insufficient Session Expiration vulnerability in Apache Airflow Providers FAB. This issue affects Apache Airflow Providers FAB: 1.2.1 when used with Apache Airflow 2.9.3 and FAB 1.2.0 for all Airflow versions. The FAB provider prevented the user from logging out. FAB provider 1.2.1 only affected...

9.8CVSS5.8AI score0.00921EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/04/12 12:0 a.m.10 views

PT-2024-3155 · WordPress · Forminator

Name of the Vulnerable Software and Affected Versions: Forminator versions prior to 1.29.3 Description: The issue is related to a SQL injection vulnerability due to a lack of protection measures for the SQL query structure. This vulnerability can be exploited by a remote attacker to modify...

9CVSS7.1AI score0.30361EPSS
Exploits0References14
0day.today
0day.today
added 2023/07/28 12:0 a.m.208 views

RosarioSIS 10.8.4 - CSV Injection Vulnerability

Exploit Title: RosarioSIS 10.8.4 - CSV Injection Exploit Author: Ranjeet Jaiswal Vendor Homepage: https://www.rosariosis.org/ Software Link: https://gitlab.com/francoisjacquet/rosariosis/-/archive/v10.8.4/rosariosis-v10.8.4.zip Affected Version: 10.8.4 Category: WebApps Tested on: Windows 10 1...

5.4CVSS5.5AI score0.02166EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2023/06/12 12:0 a.m.6 views

PT-2023-25118 · Jetbrains · Youtrack

Name of the Vulnerable Software and Affected Versions: JetBrains YouTrack versions prior to 2023.1.10518 Description: The issue concerns a stored XSS in the Markdown-rendering engine. Recommendations: For versions prior to 2023.1.10518, update to version 2023.1.10518 or later to resolve the issue...

5.4CVSS5.2AI score0.00971EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/10/19 12:15 p.m.11 views

CVE-2022-39260

Git is an open source, scalable, distributed revision control system. git shell is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the...

8.8CVSS8AI score0.02938EPSS
Exploits0References12Affected Software1
Positive Technologies
Positive Technologies
added 2022/08/01 12:0 a.m.6 views

PT-2022-20594 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse affected versions not specified Description: Discourse is an open source discussion platform. In affected versions, an email activation route can be abused to send mass spam emails. A fix has been included in the latest stable, beta...

7.5CVSS7.4AI score0.00571EPSS
Exploits0References8
Rows per page
Query Builder