Lucene search
K

9 matches found

OSV
OSV
added 2026/05/21 8:33 p.m.7 views

GHSA-CR22-WJX7-2W6M MCP Server Kubernetes: Tool Access Control Bypass via Presentation-Layer Filtering Without Execution-Layer Enforcement

Summary mcp-server-kubernetes exposes three environment variables ALLOWONLYREADONLYTOOLS, ALLOWONLYNONDESTRUCTIVETOOLS, ALLOWEDTOOLS documented as access controls for restricting which Kubernetes operations are available. These controls are enforced at the tool discovery layer tools/list but not ...

8.8CVSS6AI score0.00376EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Wireshark

An infinite loop in the BitTorrent DHT dissector in Wireshark versions 3.6.0, 3.4.0, and 3.4.10 allows for denial of service through packet injection or malicious capture files...

7.5CVSS7.1AI score0.03879EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/20 8:11 a.m.26 views

CVE-2026-33066 SiYuan has Stored XSS to RCE via Unsanitized Bazaar README Rendering

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the backend renderREADME function uses lute.New without calling SetSanitizetrue, allowing raw HTML embedded in Markdown to pass through unmodified. The frontend then assigns the rendered HTML to innerHTML without any...

5.3CVSS0.00584EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/31 12:30 p.m.4 views

EUVD-2025-37328

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in colabrio Ohio Extra ohio-extra allows DOM-Based XSS.This issue affects Ohio Extra: from n/a through = 3.6.0...

5.9AI score0.00151EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/04/15 12:0 a.m.7 views

Growatt Cloud Applications 安全漏洞

Growatt Cloud Applications is a monitoring platform from Growatt in China. An information disclosure vulnerability exists in Growatt Cloud Applications version 3.6.0 and prior versions, which can be exploited by an unauthenticated attacker to query API endpoints and obtain device details...

6.9CVSS6AI score0.00521EPSS
Exploits0References1
OSV
OSV
added 2024/01/03 8:15 a.m.12 views

UBUNTU-CVE-2024-0208

GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file...

7.8CVSS7AI score0.01823EPSS
Exploits1References3
OSV
OSV
added 2023/10/10 5:15 p.m.3 views

CVE-2020-27630

In Silicon Labs uC/TCP-IP 3.6.0, TCP ISNs are improperly random...

9.8CVSS5.8AI score0.01083EPSS
Exploits0References3
OSV
OSV
added 2022/04/19 9:15 p.m.3 views

CVE-2022-1329

The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the /core/app/modules/onboarding/module.php file that make it possible for attackers to modify site data in addition to uploading malicious files...

8.8CVSS7.5AI score0.92658EPSS
Exploits10References4
OSV
OSV
added 2018/08/30 4:29 p.m.4 views

CVE-2018-11719

Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow XXE...

4.9CVSS5.8AI score0.00822EPSS
Exploits0References1
Rows per page
Query Builder