Lucene search
K

108 matches found

RedHat Linux
RedHat Linux
added 2026/06/25 7:32 p.m.5 views

Critical: Red Hat Security Advisory: Red Hat AI Inference Server 3.3.5 (CUDA)

Red Hat AI Inference Server 3.3.5 CUDA is now available. Red Hat® AI Inference Server...

9.8CVSS6.7AI score0.03816EPSS
Exploits9References23
RedHat Linux
RedHat Linux
added 2026/06/25 7:30 p.m.7 views

Critical: Red Hat Security Advisory: Red Hat AI Inference Server 3.3.5 (ROCm)

Red Hat AI Inference Server 3.3.5 ROCm is now available. Red Hat® AI Inference Server...

9.8CVSS6.9AI score0.03816EPSS
Exploits9References25
RedHat Linux
RedHat Linux
added 2026/06/25 7:29 p.m.6 views

Critical: Red Hat Security Advisory: Red Hat AI Inference Server 3.3.5 (Spyre)

Red Hat AI Inference Server 3.3.5 Spyre is now available. Red Hat® AI Inference Server...

9.8CVSS6.7AI score0.03816EPSS
Exploits7References22
NVD
NVD
added 2026/06/17 1:19 p.m.4 views

CVE-2024-37210

Missing Authorization vulnerability in ali2woo AliNext allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AliNext: from n/a through 3.3.5...

6.5CVSS0.00269EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 12:11 p.m.13 views

CVE-2024-37210

CVE-2024-37210 concerns WordPress AliExpress Dropshipping with AliNext Lite plugin

6.5CVSS5.2AI score0.00269EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/25 2:15 p.m.23 views

CVE-2018-25370 Admidio 3.3.5 Cross-Site Request Forgery via roles_function.php

Admidio 3.3.5 contains a cross-site request forgery vulnerability that allows low-privilege users to increase their permissions by exploiting improper origin checking. Attackers can craft malicious HTML forms targeting rolesfunction.php with parameters like rolassignroles, rolapproveusers, and...

6.9CVSS0.00192EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/27 7:23 p.m.8 views

CVE-2026-41419

4ga Boards is a boards system for realtime project management. Prior to 3.3.5, a path traversal vulnerability allows an authenticated user with board import privileges to make the server ingest arbitrary host files as board attachments during BOARDS archive import. Once imported, the file can be...

7.6CVSS5.3AI score0.00306EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/24 6:50 p.m.6 views

CVE-2026-41419 4ga Boards: Import Path Traversal Leads to Arbitrary File Read

4ga Boards is a boards system for realtime project management. Prior to 3.3.5, a path traversal vulnerability allows an authenticated user with board import privileges to make the server ingest arbitrary host files as board attachments during BOARDS archive import. Once imported, the file can be...

7.6CVSS5.3AI score0.00306EPSS
Exploits0References1
CVE
CVE
added 2026/04/24 6:50 p.m.8 views

CVE-2026-41419

The CVE describes a path traversal vulnerability in 4ga Boards prior to version 3.3.5. An authenticated user with board import privileges can cause the server to ingest arbitrary host files as board attachments during a BOARDS archive import. Once imported, those files may be downloaded via the s...

7.6CVSS5.3AI score0.00306EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/24 6:49 p.m.28 views

CVE-2026-41418 4ga Boards: User Enumeration via Timing Side-Channel in Authentication Endpoint

4ga Boards is a boards system for realtime project management. Prior to 3.3.5, 4ga Boards is vulnerable to user enumeration via a timing side-channel in the login endpoint POST /api/access-tokens. When an invalid username/email is provided, the server responds immediately 17ms average. When a val...

5.3CVSS0.00197EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/24 6:49 p.m.9 views

CVE-2026-41418

4ga Boards is a boards system for realtime project management. Prior to 3.3.5, 4ga Boards is vulnerable to user enumeration via a timing side-channel in the login endpoint POST /api/access-tokens. When an invalid username/email is provided, the server responds immediately 17ms average. When a val...

5.3CVSS5.3AI score0.00197EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/04/14 4:17 a.m.2 views

CVE-2026-4059

The ShopLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the woolentorquickviewbutton shortcode's buttontext attribute in all versions up to, and including, 3.3.5. This is due to insufficient input sanitization and missing output escaping on user-supplied shortcode...

6.4CVSS0.00296EPSS
Exploits0References7
CVE
CVE
added 2026/04/14 3:37 a.m.10 views

CVE-2026-4059

CVE-2026-4059 (ShopLentor WordPress plugin) is a Stored Cross-Site Scripting vulnerability affecting all versions up to 3.3.5. The issue arises from insufficient input sanitization and missing output escaping on the woolentor_quickview_button shortcode’s button_text attribute, allowing authentica...

6.4CVSS5.9AI score0.00296EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/03/26 3:4 p.m.9 views

CVE-2026-25529

Postal is an open source SMTP server. Postal versions less than 3.3.5 had a HTML injection vulnerability that allowed unescaped data to be included in the admin interface. The primary way for unescaped data to be added is via the API's "send/raw" method. This could allow arbitrary HTML to be...

8.1CVSS5.9AI score0.00235EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/03/21 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-33151

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted...

8.7CVSS5.8AI score0.00514EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/12 4:35 p.m.3 views

CVE-2026-25529 Postal has HTML injection / XSS in message view

Postal is an open source SMTP server. Postal versions less than 3.3.5 had a HTML injection vulnerability that allowed unescaped data to be included in the admin interface. The primary way for unescaped data to be added is via the API's "send/raw" method. This could allow arbitrary HTML to be...

8.1CVSS5.8AI score0.00235EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/12 4:35 p.m.5 views

CVE-2026-25529

Postal is an open source SMTP server. Postal versions less than 3.3.5 had a HTML injection vulnerability that allowed unescaped data to be included in the admin interface. The primary way for unescaped data to be added is via the API's "send/raw" method. This could allow arbitrary HTML to be...

8.1CVSS5.8AI score0.00235EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/03/12 4:35 p.m.5 views

EUVD-2026-11603

Postal is an open source SMTP server. Postal versions less than 3.3.5 had a HTML injection vulnerability that allowed unescaped data to be included in the admin interface. The primary way for unescaped data to be added is via the API's "send/raw" method. This could allow arbitrary HTML to be...

8.1CVSS5.8AI score0.00235EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.3 views

PT-2026-25008

Postal is an open source SMTP server. Postal versions less than 3.3.5 had a HTML injection vulnerability that allowed unescaped data to be included in the admin interface. The primary way for unescaped data to be added is via the API's "send/raw" method. This could allow arbitrary HTML to be...

8.1CVSS5.8AI score0.00235EPSS
Exploits0References2
NVD
NVD
added 2026/02/20 4:22 p.m.9 views

CVE-2025-68837

Missing Authorization vulnerability in ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System elex-helpdesk-customer-support-ticket-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ELEX WordPress HelpDesk & Customer Ticketing System: from...

6.5CVSS0.00248EPSS
Exploits0References1
Rows per page
Query Builder