Lucene search
K

522 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/03/02 8:12 p.m.9 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime environment (CVE-2025-13686, CVE-2025-13687, CVE-2025-13688)

Summary Runtime environment is used by DataStage on Cloud Pak for Data as part of upload file processing. Vulnerability Details CVEID:CVE-2025-13686 DESCRIPTION: DataStage on Cloud Pak for Data could allow an authenticated user to execute arbitrary commands with normal user privileges on the syst...

8.8CVSS6.2AI score0.00344EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/02/18 2:48 p.m.8 views

CLSA-2026-1771332544 grub2: Fix of CVE-2025-0689

CVE-2025-0689: don't load UDF module in the lockdown mode...

7.8CVSS6.9AI score0.00444EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/16 12:0 a.m.7 views

Thecus N4800Eco Nas Server Control Panel: Operating System Command Injection Vulnerability

The Thecus N4800Eco Nas Server Control Panel is a NAS control panel developed by Thecus Corporation. The Thecus N4800Eco Nas Server Control Panel has a vulnerability related to operating system command injection. This vulnerability stems from commands executed by user-defined endpoints, which may...

8.8CVSS6AI score0.01628EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.9 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001569)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001569 advisory. A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udffilewriteiter function for the malicious UDF...

5.5CVSS6.5AI score0.00497EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.7 views

MiracleLinux 3 : kernel-2.6.18-274.5.AXS3 (AXSA:2012-220:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-220:01 advisory. The kernel package contains the Linux kernel vmlinuz, the core of any Linux operating system. The kernel handles the basic functions of the operating...

7.4CVSS7.2AI score0.00852EPSS
Exploits4References7
RedhatCVE
RedhatCVE
added 2026/01/09 12:35 p.m.6 views

CVE-2023-49620

Before DolphinScheduler version 3.1.0, the login user could delete UDF function in the resource center unauthorized which almost used in sql task, with unauthorized access vulnerability IDOR, but after version 3.1.0 we fixed this issue. We mark this cve as moderate level because it still requires...

6.5CVSS6.9AI score0.01132EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:33 a.m.5 views

CVE-2024-39361

Mattermost versions 9.8.0, 9.7.x = 9.7.4, 9.6.x = 9.6.2 and 9.5.x = 9.5.5 fail to prevent users from specifying a RemoteId for their posts which allows an attacker to specify both a remoteId and the post ID, resulting in creating a post with a user-defined post ID. This can cause some broken...

5.4CVSS6.8AI score0.00277EPSS
Exploits0References1
Veracode
Veracode
added 2025/12/13 7:25 a.m.10 views

Privilege Escalation

awsadvancedpythonwrapper is vulnerable to Privilege Escalation. The vulnerability is due to improper execution context handling of user-defined functions, which allows an attacker to create crafted functions that execute with elevated privileges and gain unauthorized access...

8.6CVSS6AI score0.00438EPSS
Exploits0References15Affected Software2
SUSE CVE
SUSE CVE
added 2025/11/15 12:23 a.m.4 views

SUSE CVE-2025-59840

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 6.2.0, applications meeting 2 conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used. They...

8.1CVSS7.1AI score0.00383EPSS
Exploits0References3
OSV
OSV
added 2025/11/14 5:46 p.m.5 views

GHSA-MX7M-J9XF-62HW @apollo/composition has Improper Enforcement of Access Control on Interface Types and Fields

Summary A vulnerability in Apollo Federation's composition logic allowed some queries to Apollo Router to improperly bypass access controls on types/fields. Apollo Federation incorrectly allowed user-defined access control directives on interface types/fields, which could be bypassed by instead...

7.5CVSS6.5AI score0.00389EPSS
Exploits0References6
EUVD
EUVD
added 2025/11/13 10:32 p.m.7 views

EUVD-2025-175359

Vega Cross-Site Scripting XSS via expressions abusing toString calls in environments using the VEGADEBUG global variable...

8.1CVSS5.5AI score0.00383EPSS
Exploits0References6
Snyk
Snyk
added 2025/11/13 8:43 p.m.2 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:vega-expression is a WebJar for vega-expression. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the toString function in environments where the VEGADEBUG global variable is present. An attacker can execute arbitrary JavaScript code by...

8.1CVSS5.5AI score0.00383EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/13 8:43 p.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the toString function in environments where the VEGADEBUG global variable is present. An attacker can execute arbitrary JavaScript code by supplying crafted Vega JSON definitions that abuse expression...

8.1CVSS5.5AI score0.00383EPSS
Exploits0References2
NVD
NVD
added 2025/11/13 8:15 p.m.9 views

CVE-2025-59840

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 6.2.0, applications meeting 2 conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used. They...

8.1CVSS0.00383EPSS
Exploits0References1
OSV
OSV
added 2025/11/13 8:15 p.m.5 views

DEBIAN-CVE-2025-59840

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 6.2.0, applications meeting 2 conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used. They...

8.1CVSS6AI score0.00383EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2025/11/13 7:54 p.m.6 views

CVE-2025-59840

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 6.2.0, applications meeting 2 conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used. They...

8.1CVSS5.9AI score0.00383EPSS
Exploits0
Snyk
Snyk
added 2025/11/05 12:52 a.m.5 views

Prototype Pollution

Overview expr-eval-fork is a Mathematical expression evaluator fork with prototype pollution fix Affected versions of this package are vulnerable to Prototype Pollution via unrestricted member access IMEMBER and user-defined functions IFUNDEF in the expression evaluator. An attacker can execute...

9.8CVSS8.1AI score0.02285EPSS
Exploits0References3
OSV
OSV
added 2025/10/10 5:50 a.m.5 views

RLSA-2025:16086 Moderate: mysql security update

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. Security Fixes: mysql: mysqldump unspecified vulnerability CPU Apr 2025 CVE-2025-30722 mysql: Optimizer unspecified vulnerability CPU Apr 2025...

6.5CVSS7.1AI score0.00908EPSS
Exploits1References52
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2010-3716

Malware in sbrugna...

3.5CVSS6.4AI score0.00957EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-17924

Malware in sbrugna...

7.7CVSS8AI score0.00301EPSS
Exploits0References2
Rows per page
Query Builder