Lucene search
K

20 matches found

OSV
OSV
added 2026/04/14 4:34 p.m.4 views

OPENSUSE-SU-2026:20579-1 Security update for gosec

This update for gosec fixes the following issues: Changes in gosec: - Update to version 2.25.0: choredeps: bump google.golang.org/grpc from 1.75.0 to 1.79.3 1617 fix: allow barry action to access secrets on fork PRs 1616 fix: reduce G117 false positives for custom marshalers and transformed value...

8.7CVSS5.9AI score0.00396EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.9 views

IPFire 跨站脚本漏洞

IPFire is an open-source Linux distribution developed by the IPFire organization. It is primarily used as a router and firewall. Version 127 of IPFire 2.21 contains a cross-site scripting vulnerability. This vulnerability stems from insufficient input validation of the MAXDISKUSAGE or...

6.1CVSS5.6AI score0.00242EPSS
Exploits1References4
NVD
NVD
added 2026/02/09 8:15 p.m.6 views

CVE-2026-25478

Litestar is an Asynchronous Server Gateway Interface ASGI framework. Prior to 2.20.0, CORSConfig.allowedoriginsregex is constructed using a regex built from configured allowlist values and used with fullmatch for validation. Because metacharacters are not escaped, a malicious origin can match...

7.4CVSS0.00383EPSS
Exploits1References4
CVE
CVE
added 2026/02/09 6:48 p.m.16 views

CVE-2026-25479

Litestar is an ASGI framework. Prior to 2.20.0, litestar.middleware.allowed_hosts compiles allowlist entries into regex patterns in a way that lets regex metacharacters retain special meaning (e.g., . matches any character). This can enable a bypass where a host that matches the regex is not the ...

6.5CVSS5.5AI score0.00316EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2026/02/09 12:0 a.m.10 views

Litestar 安全漏洞

Litestar is a powerful, flexible, yet stubbornly opinionated ASGI framework developed by Litestar itself. Versions of Litestar prior to 2.20.0 contained security vulnerabilities, which stemmed from improper compilation of allowlist entries, potentially allowing bypasses of hostname verification...

6.5CVSS5.8AI score0.00316EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/01/25 12:0 a.m.7 views

PT-2026-4654

Magic Mouse 2 Utilities 2.20 contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path to inject malicious executables and gain elevated system privileges by placing a malicious file in the service path...

8.5CVSS5.8AI score0.00119EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2023-29571

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via gcsweep at src/mjsgc.c. This vulnerability can lead to a Denial of Service DoS...

5.5CVSS6.1AI score0.00288EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/22 6:55 p.m.3 views

CVE-2021-46549

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via parsecvaltype at src/mjsffi.c. This vulnerability can lead to a Denial of Service DoS...

5.5CVSS7.3AI score0.00614EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 6:54 p.m.7 views

CVE-2021-37453

Cross Site Scripting XSS exists in NCH Axon PBX v2.22 and earlier via the extension name stored...

5.4CVSS6.1AI score0.00589EPSS
Exploits1References1
OSV
OSV
added 2025/04/25 3:8 p.m.7 views

CVE-2024-56156 Halo Vulnerable to Stored XSS and RCE via File Upload Bypass

Halo is an open source website building tool. Prior to version 2.20.13, a vulnerability in Halo allows attackers to bypass file type validation controls. This bypass enables the upload of malicious files including executables and HTML files, which can lead to stored cross-site scripting attacks a...

6.9CVSS7.2AI score0.00638EPSS
Exploits1References5
Patchstack
Patchstack
added 2025/04/01 7:50 a.m.13 views

WordPress Bulk NoIndex & NoFollow Toolkit plugin <= 2.16 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Dimas Maulana in WordPress Plugin Bulk NoIndex & NoFollow Toolkit versions = 2.16...

7.1CVSS6.9AI score0.00294EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2025/03/20 10:9 a.m.32 views

CVE-2024-9900 Cross-Site Scripting (XSS) in mudler/localai

mudler/localai version v2.21.1 contains a Cross-Site Scripting XSS vulnerability in its search functionality. The vulnerability arises due to improper sanitization of user input, allowing the injection and execution of arbitrary JavaScript code. This can lead to the execution of malicious scripts...

5.4CVSS0.00491EPSS
Exploits1References2
Fedora
Fedora
added 2025/03/08 1:36 a.m.18 views

[SECURITY] Fedora 40 Update: python-spotipy-2.25.1-1.fc40

A light weight Python library for the Spotify Web API...

9.8CVSS7AI score0.00589EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2024/05/21 12:0 a.m.4 views

PT-2024-26472 · Cesanta · Mjs

Name of the Vulnerable Software and Affected Versions: Cesanta mjs version 2.20.0 Description: An issue in Cesanta mjs allows a remote attacker to cause a denial of service via the mjs do gc function in the mjs.c file. Recommendations: For Cesanta mjs version 2.20.0, consider disabling the mjs do...

7.5CVSS7.3AI score0.00602EPSS
Exploits1References6
CNNVD
CNNVD
added 2024/01/02 12:0 a.m.5 views

Cesanta MJS 安全漏洞

Cesanta MJS is an embedded JavaScript engine for C/C++ from Cesanta Ireland. A denial of service vulnerability exists in Cesanta MJS version 2.20.0, which is caused by a flaw in the mjs+0x4ec508 component. An attacker could exploit this vulnerability to cause a denial of service...

7.5CVSS6.5AI score0.00758EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/11/27 12:0 a.m.4 views

WordPress plugin 10Web Booster security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability in the WordPress...

9.1CVSS6.7AI score0.02811EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/07/18 5:15 p.m.2 views

CVE-2022-2117

The GiveWP plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to, and including, 2.20.2 via the /donor-wall REST-API endpoint which provides unauthenticated users with donor information even when the donor wall is not enabled. This functionality has been...

5.3CVSS5.8AI score0.00907EPSS
Exploits0References4
OSV
OSV
added 2022/04/15 2:15 p.m.8 views

CVE-2022-28041

stbimage.h v2.27 was discovered to contain an integer overflow via the function stbijpegdecodeblockprogdc. This vulnerability allows attackers to cause a Denial of Service DoS via unspecified vectors...

6.5CVSS6.7AI score
Exploits0References13
CNNVD
CNNVD
added 2022/01/27 12:0 a.m.4 views

Cesanta MJS 安全漏洞

Cesanta MJS is an embedded JavaScript engine for C/C++ from Cesanta Ireland. It is designed for microcontrollers with limited resources. The main design goals are a small footprint and simple C/C++ interoperability. A security vulnerability exists in Cesanta MJS v2.20.0 that could lead to a Denia...

5.5CVSS5.8AI score0.00614EPSS
Exploits1References2
OSV
OSV
added 2020/07/21 9:37 p.m.9 views

SUSE-SU-2020:1992-1 Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: - Update to version 2.28.3 bsc1173998: + Enable kinetic scrolling with async scrolling. + Fix web process hangs on large GitHub pages. + Bubblewrap sandbox should not attempt to bind empty paths. + Fix threading issues in the media player. +...

10CVSS8.6AI score0.77246EPSS
Exploits5References10
Rows per page
Query Builder