Lucene search
K

9 matches found

EUVD
EUVD
added 2026/01/16 4:53 p.m.6 views

EUVD-2026-3124

Kafka Connect BigQuery Connector is an implementation of a sink connector from Apache Kafka to Google BigQuery. Prior to 2.11.0, there is an arbitrary file read in Google BigQuery Sink connector. Aiven's Google BigQuery Kafka Connect Sink connector requires Google Cloud credential configurations...

7.7CVSS6.5AI score0.00376EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/21 3:20 a.m.17 views

CVE-2025-13220 Ultimate Member <= 2.11.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode attributes in all versions up to, and including, 2.11.0 due to insufficient input...

6.4CVSS0.0021EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/05/22 5:24 p.m.5 views

CVE-2020-11007

In Shopizer before version 2.11.0, using API or Controller based versions negative quantity is not adequately validated hence creating incorrect shopping cart and order total. This vulnerability makes it possible to create a negative total in the shopping cart. This has been patched in version...

6.5CVSS6.3AI score0.00852EPSS
Exploits0References1
OSV
OSV
added 2025/02/12 2:15 p.m.5 views

CVE-2025-26372

A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to remove users from groups via crafted HTTP requests...

8.1CVSS5.8AI score0.0038EPSS
Exploits0References1
OSV
OSV
added 2025/02/12 2:15 p.m.6 views

CVE-2025-26368

A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to remove user groups via crafted HTTP requests...

8.1CVSS5.8AI score0.00487EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/12 12:0 a.m.4 views

Q-Free MAXTIME Suite 访问控制错误漏洞

Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. An access control error vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions, which stems from a lack of authentication for critical functions in maxprofile/setup/routes.lua. An...

7.5CVSS6.7AI score0.00517EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/04/30 10:33 a.m.1 views

freerdp: Out-Of-Bounds Read in nsc_rle_decompress_data

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the nscrledecompressdata function. The Out-Of-Bounds Read occurs because it processes context-Planes without checking if it contains da...

7.5CVSS5.7AI score0.01332EPSS
Exploits1References5
vulnersOsv
vulnersOsv
added 2024/03/12 9:30 p.m.12 views

io.github.embedded-middleware:embedded-pulsar-core (>=0.0.4 <=0.0.5), org.apache.pulsar:pulsar-broker-auth-athenz (>=2.11.0 <=2.11.3) +3 more potentially affected by CVE-2024-28098 via org.apache.pulsar:pulsar-broker (>=2.11.0 <=2.11.3)

org.apache.pulsar:pulsar-broker MAVEN version =2.11.0, =0.0.4, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.3 Source cves: CVE-2024-28098 Source advisory: OSV:GHSA-G627-R579-RW35...

6.4CVSS6.5AI score0.01701EPSS
Exploits0
CNNVD
CNNVD
added 2023/11/29 12:0 a.m.3 views

Jenkins MATLAB Plugin Security Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

8.8CVSS6.7AI score0.00396EPSS
Exploits0References2
Rows per page
Query Builder