Lucene search
K

31 matches found

Snyk
Snyk
added 2026/06/16 8:59 p.m.9 views

Improper Restriction of Names for Files and Other Resources

Overview yt-dlp is an A youtube-dl fork with additional features and patches Affected versions of this package are vulnerable to Improper Restriction of Names for Files and Other Resources via insufficient sanitization of file extensions during the file download. An attacker can cause arbitrary...

9.6CVSS6.4AI score0.00555EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/09 9:13 a.m.10 views

CVE-2022-31062

Impact A plugin public script can be used to read content of system files. Patches Upgrade to version 1.0.2. Workarounds b/deploy/index.php file can be deleted if deploy feature is not used...

5.3CVSS6.7AI score0.05627EPSS
Exploits3References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-37272

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.03301EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-0007

Malicious code in bioql PyPI...

8.1CVSS7.9AI score0.01332EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-0012

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.01555EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/08/04 12:0 a.m.7 views

Amazon Linux 2023 : tomcat10, tomcat10-admin-webapps, tomcat10-el-5.0-api (ALAS2023-2025-1093)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1093 advisory. For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits. This issue affects Apache Tomcat: fro...

7.5CVSS8AI score0.0196EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/06/23 12:0 a.m.11 views

Amazon Linux 2023 : tomcat10, tomcat10-admin-webapps, tomcat10-el-5.0-api (ALAS2023-2025-1031)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1031 advisory. Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the...

7.3CVSS8.3AI score0.02736EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/05/29 7:6 p.m.15 views

CVE-2025-46701 Apache Tomcat: Security constraint bypass for CGI scripts

Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6, from 10.1.0-M1...

7.7AI score0.02736EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/05/29 12:0 a.m.23 views

Apache Tomcat 10.1.0.M1 < 10.1.41

The version of Tomcat installed on the remote host is prior to 10.1.41. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat10.1.41security-10 advisory. - Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constrain...

7.3CVSS8.3AI score0.02736EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/23 8:13 a.m.10 views

CVE-2024-9807

A vulnerability was found in Craig Rodway Classroombookings 2.8.7 and classified as problematic. This issue affects some unknown processing of the file /sessions of the component Session Page. The manipulation of the argument Name leads to cross site scripting. The attack may be initiated remotel...

5.1CVSS6.1AI score0.00428EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:6 a.m.6 views

CVE-2024-45627

In Apache Linkis 1.7.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will allow the attacker to read arbitrary files from the Linkis server. Therefore, the parameters in the Mysql JDBC URL should be...

5.9CVSS6.6AI score0.00318EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 1:2 a.m.14 views

CVE-2022-31131

Nextcloud mail is a Mail app for the Nextcloud home server product. Versions of Nextcloud mail prior to 1.12.2 were found to be missing user account ownership checks when performing tasks related to mail attachments. Attachments may have been exposed to incorrect system users. It is recommended...

5.4CVSS6.5AI score0.00723EPSS
Exploits1References1
NVD
NVD
added 2025/05/22 1:15 p.m.17 views

CVE-2025-3940

Improper Use of Validation Framework vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise...

9.8CVSS0.003EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2025/05/07 12:0 a.m.130 views

CVE-2025-27533

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ. During unmarshalling of OpenWire commands the size value of buffers was not properly validated which could lead to excessive memory allocation and be exploited to cause a denial of service DoS by depleting process memor...

7.5CVSS6.9AI score0.08453EPSS
In wildExploits2References2
Tenable Nessus
Tenable Nessus
added 2025/05/01 12:0 a.m.17 views

Debian dla-4149 : nagvis - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4149 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4149-1 [email protected]...

9.1CVSS6.8AI score0.04135EPSS
Exploits8References16
OSV
OSV
added 2025/04/22 7:7 a.m.3 views

CVE-2025-26413 Apache Kvrocks: The server was crashed by the negative offset

Improper Input Validation vulnerability in Apache Kvrocks. The SETRANGE command didn't check if the offset input is a positive integer and use it as an index of a string. So it will cause the server to crash due to its index is out of range. This issue affects Apache Kvrocks: through 2.11.1. User...

7.5CVSS5.9AI score0.0065EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/04/09 2:42 p.m.35 views

CVE-2025-27391 Apache ActiveMQ Artemis: Passwords leaking from broker properties in the debug log

Insertion of Sensitive Information into Log File vulnerability in Apache ActiveMQ Artemis. All the values of the broker properties are logged when the org.apache.activemq.artemis.core.config.impl.ConfigurationImpl logger has the debug level enabled. This issue affects Apache ActiveMQ Artemis: fro...

6.8CVSS0.00384EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/14 9:0 a.m.11 views

CVE-2025-2177

A vulnerability classified as critical was found in libzvbi up to 0.2.43. This vulnerability affects the function vbisearchnew of the file src/search.c. The manipulation of the argument patlen leads to integer overflow. The attack can be initiated remotely. The exploit has been disclosed to the...

7.5CVSS6.8AI score0.00562EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/03/10 12:0 a.m.89 views

Apache Tomcat 9.0.0.M1 < 9.0.99

The version of Tomcat installed on the remote host is prior to 9.0.99. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat9.0.99security-9 advisory. - Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/o...

10CVSS9AI score0.99945EPSS
Exploits47References3
Cvelist
Cvelist
added 2025/03/06 11:21 a.m.17 views

CVE-2024-56196 Apache Traffic Server: ACL is not fully compatible with older versions

Improper Access Control vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 10.0.0 through 10.0.3. Users are recommended to upgrade to version 10.0.4, which fixes the issue...

0.00729EPSS
Exploits0References1
Rows per page
Query Builder