Lucene search
K

254 matches found

Snyk
Snyk
added 2026/06/29 2:23 p.m.9 views

Interpretation Conflict

Overview fast-uri is a Dependency-free RFC 3986 URI toolbox Affected versions of this package are vulnerable to Interpretation Conflict in its parse, normalize, and equal functions, which call the nonexistent URL.domainToASCII static method and silently swallow the resulting TypeError into...

8.7CVSS5.8AI score0.00274EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/26 2:53 p.m.38 views

CVE-2026-57628 WordPress WP All Import plugin <= 4.0.1 - SQL Injection vulnerability

Administrator SQL Injection in WP All Import = 4.0.1 versions...

7.6CVSS0.00279EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.23 views

PT-2026-52799

Administrator SQL Injection in WP All Import = 4.0.1 versions...

7.6CVSS5.8AI score0.00279EPSS
Exploits0References3
NVD
NVD
added 2026/05/27 8:16 p.m.19 views

CVE-2026-49009

Northern.tech Mender Server v4.1.0, v4.0.1 and below, and fixed in v4.1.1 and v4.0.2 allows Directory Traversal...

3.1CVSS0.0052EPSS
Exploits2References2
Cvelist
Cvelist
added 2026/05/27 12:0 a.m.43 views

CVE-2026-49009

Northern.tech Mender Server v4.1.0, v4.0.1 and below, and fixed in v4.1.1 and v4.0.2 allows Directory Traversal...

0.0052EPSS
Exploits2References2
OSV
OSV
added 2026/05/25 2:0 p.m.15 views

EEF-CVE-2026-47071 SOCKS5 TLS upgrade ignores caller timeout in hackney

Summary Uncontrolled Resource Consumption vulnerability in benoitc hackney allows Flooding. The SOCKS5 transport in src/hackney\socks5.erl correctly applies the caller-supplied timeout to the SOCKS5 negotiation phase, but then upgrades the connection to TLS using the two-argument form...

8.2CVSS6AI score0.00703EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.30 views

PT-2026-43068

Name of the Vulnerable Software and Affected Versions hackney versions 0.10.0 through 4.0.0 Description Uncontrolled Resource Consumption in the SOCKS5 transport within src/hackney socks5.erl allows flooding. While the caller-supplied timeout is applied during the SOCKS5 negotiation phase, the...

8.2CVSS5.8AI score0.00703EPSS
Exploits1References9
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Python-Django

In Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1, directory traversal is allowed if the filenames are passed to it directly...

5.3CVSS6.6AI score0.02388EPSS
Exploits0References2
OSV
OSV
added 2026/05/12 7:51 p.m.2 views

CVE-2026-44217 sse-channel: SSE Injection via unsanitized event fields

sse-channel is an SSE-implementation which can be used to any node.js http request/response stream. Prior to 4.0.1, implementations that allow user-provided values to be passed to event, retry or id fields are susceptible to event spoofing, where an attacker could inject arbitrary messages into t...

8.7CVSS6AI score0.00478EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2026/05/07 12:6 a.m.8 views

be.appify.prefab:prefab-sns-sqs (>=0.4.0 <=0.7.1), be.appify.prefab:prefab-test (>=0.4.0 <=0.7.1) +72 more potentially affected by CVE-2026-44308 via io.awspring.cloud:spring-cloud-aws-autoconfigure (>=3.0.0-M1 <=4.0.1)

io.awspring.cloud:spring-cloud-aws-autoconfigure MAVEN version =3.0.0-M1, =0.4.0, =0.4.0, =3.2.1, =1.0.0, =1.0.3, =1.0.0, =1.0.0, =1.0.0, =4.0.0-rc.39, =4.0.0-rc.39, =4.0.0-rc.39, =5.0.2, =5.1.1 and more Source cves: CVE-2026-44308 Source advisory: SNYK:JAVA-IOAWSPRINGCLOUD-16799817...

6.3CVSS5.4AI score0.00179EPSS
Exploits0
OSV
OSV
added 2026/04/01 9:25 a.m.7 views

CLEANSTART-2026-TX96881 Security fixes for CVE-2024-6763, CVE-2026-1225, ghsa-25qh-j22f-pwp8, ghsa-72hv-8253-57qq, ghsa-qh8g-58pp-2wxh, ghsa-qqpg-mvqg-649v applied in versions: 4.0.1-r2

Multiple security vulnerabilities affect the cassandra-reaper-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

5.3CVSS6.7AI score0.00986EPSS
Exploits1References9
CVE
CVE
added 2026/03/31 2:41 p.m.12 views

CVE-2026-4799

In Search Guard FLX up to version 4.0.1, a vulnerability allows open redirection via specially crafted requests to route users to an untrusted URL. This is documented across CVE listings (CVE-2026-4799). The available sources describe the issue but do not provide exploit code or detailed remediat...

4.3CVSS5.8AI score0.00176EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/31 2:41 p.m.3 views

CVE-2026-4799

In Search Guard FLX up to version 4.0.1, it is possible to use specially crafted requests to redirect the user to an untrusted URL...

4.3CVSS5.8AI score0.00176EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.7 views

PT-2026-29273

In Search Guard FLX up to version 4.0.1, it is possible to use specially crafted requests to redirect the user to an untrusted URL...

4.3CVSS5.8AI score0.00176EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/14 9:1 a.m.33 views

CVE-2025-54920 Apache Spark: Spark History Server Code Execution Vulnerability

This issue affects Apache Spark: before 3.5.7 and 4.0.1. Users are recommended to upgrade to version 3.5.7 or 4.0.1 and above, which fixes the issue. Summary Apache Spark 3.5.4 and earlier versions contain a code execution vulnerability in the Spark History Web UI due to overly permissive Jackson...

0.05341EPSS
Exploits1References4
EUVD
EUVD
added 2026/03/05 6:30 a.m.9 views

EUVD-2026-9646

Deserialization of Untrusted Data vulnerability in SeventhQueen Sweet Date sweetdate allows Object Injection.This issue affects Sweet Date: from n/a through 4.0.1...

5.9AI score0.00375EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/02/27 6:31 a.m.8 views

ai.starlake:starlake-api_2.13 (>=1.5.8 <=1.5.15), be.ugent.idlab.knows:dataio (>=2.0.0 <=2.2.0) +190 more potentially affected by CVE-2026-3293 via net.snowflake:snowflake-jdbc (>=3.0.0 <=4.0.1)

net.snowflake:snowflake-jdbc MAVEN version =3.0.0, =1.5.8, =2.0.0, =1.0, =1.14, =1.1, =1.1.0, =2.55.0, =1.0.5, =1.1.0, =1.1.0, =1.1.0, =0.2.0, =1.1.0, =0.3.0, =0.4.4 and more Source cves: CVE-2026-3293 Source advisory: OSV:GHSA-GX6C-PV62-9MCF...

5.5CVSS5.8AI score0.00209EPSS
Exploits1
NVD
NVD
added 2026/02/20 4:22 p.m.8 views

CVE-2025-67979

Improper Control of Generation of Code 'Code Injection' vulnerability in WesternDeal WPForms Google Sheet Connector gsheetconnector-wpforms allows Code Injection.This issue affects WPForms Google Sheet Connector: from n/a through = 4.0.1...

9.9CVSS0.0037EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/20 3:46 p.m.4 views

CVE-2025-67979 WordPress WPForms Google Sheet Connector plugin <= 4.0.1 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in WesternDeal WPForms Google Sheet Connector gsheetconnector-wpforms allows Code Injection.This issue affects WPForms Google Sheet Connector: from n/a through = 4.0.1...

9.9CVSS6AI score0.0037EPSS
Exploits0References1
CVE
CVE
added 2026/02/20 3:46 p.m.18 views

CVE-2025-67979

CVE-2025-67979 affects the WordPress plugin WPForms Google Sheet Connector (gsheetconnector-wpforms) up to version 4.0.1. The vulnerability is described as an improper control of generation of code (Code Injection) that enables remote code execution (RCE). Public sources in the connected data ide...

9.9CVSS5.5AI score0.0037EPSS
Exploits0References1
Rows per page
Query Builder