Lucene search
K

94 matches found

CVE
CVE
added yesterday8 views

CVE-2026-45320

DataEase (open source data visualization/analysis tool) is affected by an SQL injection in dashboard variables. Prior to version 2.10.23, dashboard SQL variables (e.g., ${deptId}) are processed by SqlparserUtils.transFilter(), whose final branch returns raw user input for non-in and non-between o...

8.7CVSS6.1AI score0.00062EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/07 8:39 p.m.31 views

CVE-2026-50529 DataEase: Link Token Leakage Prior to Share Password/Ticket Validation

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the /de2api/share/proxyInfo share interface generates and returns X-DE-LINK-TOKEN before validating the share password or ticket, allowing unauthenticated attackers who know a protected share UUID to obtain a valid...

8.7CVSS0.00285EPSS
Exploits0References3
OSV
OSV
added 2026/07/07 10:17 a.m.4 views

PYSEC-2026-1029 TensorFlow vulnerable to floating point exception in `Conv2D`

Impact If Conv2D is given empty input and the filter and padding sizes are valid, the output is all-zeros. This causes division-by-zero floating point exceptions that can be used to trigger a denial of service attack. python import tensorflow as tf import numpy as np with tf.device"CPU": also can...

5.9CVSS7AI score0.00396EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/22 7:37 a.m.10 views

EUVD-2026-38218

Authorization handling for component configuration verification requests in Apache NiFi 1.15.0 through 2.9.0 allows clients with read access to submit proposed configuration properties. The proposed properties override current configuration, enabling users with read access to invoke predefined...

2.3CVSS5.8AI score0.00327EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 7:36 a.m.8 views

CVE-2026-44913

Improper escaping of database table names in the CaptureChangeMySQL Processor included with Apache NiFi 1.2.0 through 2.9.0 allows for injecting SQL commands using crafted naming. Manual quoted boundaries added in Apache NiFi 1.8.0 narrowed the scope of potential injection options, but did not...

5.2CVSS5.9AI score0.00385EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/09 12:24 p.m.12 views

CVE-2026-7486 SQLi in Netcad's E-İmar

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Netcad Software Inc. E-İmar allows SQL Injection. This issue affects E-İmar: from 2.10.1.0 before 3.0.2...

9.8CVSS5.6AI score0.00275EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/08 5:43 p.m.15 views

Important: Red Hat Security Advisory: multicluster engine for Kubernetes v2.10.3 security update

The multicluster engine for Kubernetes 2.10 General Availability release images, which add new features and enhancements, bug fixes, and updated container images. The multicluster engine for Kubernetes v2.10 images The multicluster engine for Kubernetes provides the foundational components that a...

10CVSS6.4AI score0.00808EPSS
Exploits7References9
ATTACKERKB
ATTACKERKB
added 2026/06/02 3:29 p.m.13 views

CVE-2026-44367

Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, a vulnerability exists in the user registration and login mechanisms due to inconsistent handling of username case sensitivity, leading to a targeted Denial of Service DoS and complete account...

2.7CVSS5.7AI score0.00236EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.9 views

Joomla Component Ek Rishta SQL注入漏洞

The Joomla Component Ek Rishta is a Joomla-based dating and networking website component developed by the Ek Rishta team. Version 2.10 of the Ek Rishta component contains an SQL injection vulnerability. This vulnerability arises from the injection of malicious code through the username parameter,...

8.8CVSS6.2AI score0.00358EPSS
Exploits0References4
OSV
OSV
added 2026/05/18 1:54 p.m.16 views

CLEANSTART-2026-AP92343 Security fixes for CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32285, CVE-2026-32287, CVE-2026-32289, CVE-2026-33186, CVE-2026-33810, CVE-2026-34986, ghsa-65xw-vw82-r86x, ghsa-6g7g-w4f8-9c9x, ghsa-78h2-9frx-2jm8, ghsa-p77j-4mvh-x3m3 applied in versions: 2.10.3-r0

Multiple security vulnerabilities affect the tempo-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

9.1CVSS6.7AI score0.0075EPSS
Exploits3References25
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.13 views

Joomla! extension EkRishta SQL注入漏洞

The Joomla! extension EkRishta is an open-source community extension designed to provide Joomla websites with functions for matchmaking and marriage-related services. Version 2.10 of the Joomla! extension EkRishta contains a SQL injection vulnerability. This vulnerability stems from persistent...

8.8CVSS5.8AI score0.00317EPSS
Exploits0References1
OSV
OSV
added 2026/05/04 9:30 p.m.11 views

GHSA-V4GP-HF5J-4566 IKUS Rdiffweb allows an attacker with any valid or stolen access token to act as other users

IKUS Rdiffweb version 2.10.5 and below have an improper authorization flaw that allows an attacker with any valid or stolen access token to act as other users. The API does not enforce binding between the authenticated subject and the targeted user/tenant, so crafted requests can read or modify...

8.1CVSS5.8AI score0.00245EPSS
Exploits0References3
NVD
NVD
added 2026/05/04 7:16 p.m.23 views

CVE-2026-38751

OpenSTAManager version 2.10 and earlier contains an arbitrary file upload vulnerability in the module update functionality modules/aggiornamenti/uploadmodules.php...

7.2CVSS0.00372EPSS
Exploits5References2
Vulnrichment
Vulnrichment
added 2026/05/04 5:6 p.m.16 views

CVE-2026-42052 beets is Vulnerable to XSS

Beets is the media library management system. Prior to version 2.10.0, the bundled web UI uses Underscore template interpolation mode for untrusted metadata fields. In this runtime, is raw insertion and HTML escaping is only performed by . Rendered output is then inserted with .html..., allowing...

6CVSS5.7AI score0.003EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/04 12:0 a.m.9 views

CVE-2026-38751

OpenSTAManager version 2.10 and earlier contains an arbitrary file upload vulnerability in the module update functionality modules/aggiornamenti/uploadmodules.php...

5.9AI score0.00372EPSS
Exploits5References2
Vulnrichment
Vulnrichment
added 2026/05/04 12:0 a.m.5 views

CVE-2025-67796

IKUS Rdiffweb before 2.10.5 has an improper authorization flaw that allows an attacker with any valid or stolen access token to act as other users. The API does not enforce binding between the authenticated subject and the targeted user/tenant, so crafted requests can read or modify other users...

5.8AI score0.00245EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/02 5:29 a.m.3 views

CVE-2026-5110

The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output escaping in the SingleProduct field when used inside a Repeater field. When SingleProduct fields are...

7.2CVSS6AI score0.00247EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/02 3:31 p.m.8 views

EUVD-2026-18204

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mark O’Donnell MSTW League Manager allows DOM-Based XSS.This issue affects MSTW League Manager: from n/a through 2.10...

6.5CVSS5.9AI score0.00133EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/04/02 12:55 p.m.6 views

WordPress MSTW League Manager plugin <= 2.10 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Conor Sullivan in WordPress Plugin MSTW League Manager versions = 2.10...

6.5CVSS5.9AI score0.00133EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/03/23 11:58 p.m.12 views

EUVD-2026-14666

WPGraphQL provides a GraphQL API for WordPress sites. Prior to version 2.10.0, an authorization flaw in updateComment allows an authenticated low-privileged user including a custom role with zero capabilities to change moderation status of their own comment for example to APPROVE without the...

4.3CVSS5.8AI score0.00177EPSS
Exploits0References2
Rows per page
Query Builder