Lucene search
+L

77 matches found

OSV
OSV
added 2026/01/08 8:53 p.m.18 views

CVE-2026-22588 Spree API has Authenticated Insecure Direct Object Reference (IDOR) via Order Modification

Spree is an open source e-commerce solution built with Ruby on Rails. Prior to versions 4.10.2, 5.0.7, 5.1.9, and 5.2.5, an Authenticated Insecure Direct Object Reference IDOR vulnerability was identified that allows an authenticated user to retrieve other users’ address information by modifying ...

6.5CVSS6.1AI score0.00371EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2025/12/30 9:7 p.m.11 views

URI Credential Leakage Bypass over CVE-2025-27221

Impact In affected URI version, a bypass exists for the fix to CVE-2025-27221 that can expose user credentials. When using the + operator to combine URIs, sensitive information like passwords from the original URI can be leaked, violating RFC3986 and making applications vulnerable to credential...

7.5CVSS6.6AI score0.0051EPSS
Exploits0References11Affected Software1
NVD
NVD
added 2025/11/25 7:15 p.m.8 views

CVE-2025-65960

Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, before 5.3.42, and before 5.6.5, back end users with precise control over the contents of template closures can execute arbitrary PHP functions that do not have required parameters. This issue has been patched in versions 4.13.57...

6.6CVSS0.00159EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/11/06 3:12 p.m.6 views

containerd affected by a local privilege escalation via wide permissions on CRI directory

Impact An overly broad default permission vulnerability was found in containerd. - /var/lib/containerd was created with the permission bits 0o711, while it should be created with 0o700 - Allowed local users on the host to potentially access the metadata store and the content store -...

7.8CVSS6.5AI score0.00159EPSS
Exploits1References5Affected Software2
Github Security Blog
Github Security Blog
added 2025/10/29 9:49 p.m.11 views

CKAN vulnerable to fixed session IDs

Impact Session ids could be fixed by an attacker if the site is configured with server-side session storage CKAN uses cookie-based session storage by default. The attacker would need to either set a cookie on the victim's browser or steal the victim's currently valid session. Session identifiers...

6.1CVSS6.6AI score0.00269EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.12 views

EUVD-2021-12056

Malware in sbrugna...

6.5CVSS6.4AI score0.00407EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2022-7392

Malicious code in bioql PyPI...

5.3CVSS4.9AI score0.00769EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.20 views

EUVD-2022-41782

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.01063EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.15 views

EUVD-2025-17621

Malicious code in bioql PyPI...

8.8CVSS8.4AI score0.04839EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/08/25 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2019-5463

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authorization issue was discovered in the GitLab CE/EE CI badge images endpoint which could result in disclosure of the build status. This vulnerability was...

5.3CVSS5.7AI score0.01911EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2025/06/04 11:50 p.m.28 views

Umbraco Vulnerable to By-Pass of Configured Allowed Extensions for File Uploads

Impact Via a manipulated API request it's possible to upload a file that doesn't adhere with the configured allowable file extensions. Patches Patched in 15.4.2 and 16.0.0. Workarounds None available...

6.5CVSS6.8AI score0.00159EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/05/23 2:0 p.m.4 views

OESA-2025-1553 erlang security update

Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson. Security Fixes: Erlang/OTP is a set of libraries for the Erlang...

3.7CVSS6.8AI score0.0046EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 10:42 a.m.14 views

CVE-2024-52797

Opencast is free and open source software for automated video capture and distribution. First noticed in Opencast 13 and 14, Opencast's Elasticsearch integration may generate syntactically invalid Elasticsearch queries in relation to previously acceptable search queries. From Opencast version 11....

7.5CVSS6.8AI score0.00884EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:42 a.m.8 views

CVE-2023-48297

Discourse is a platform for community discussion. The message serializer uses the full list of expanded chat mentions @all and @here which can lead to a very long array of users. This issue was patched in versions 3.1.4 and beta 3.2.0.beta5...

8.6CVSS6.7AI score0.00515EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 7:45 p.m.10 views

CVE-2021-32652

Nextcloud Mail is a mail app for the Nextcloud platform. A missing permission check in Nextcloud Mail before 1.4.3 and 1.8.2 allows another authenticated users to access mail metadata of other users. Versions 1.4.3 and 1.8.2 contain patches for this vulnerability; no workarounds other than the...

8.8CVSS6.5AI score0.01107EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:35 p.m.12 views

CVE-2021-29137

A remote URL redirection vulnerability was discovered in Aruba AirWave Management Platform versions prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability...

6.1CVSS7AI score0.00751EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:25 p.m.10 views

CVE-2021-25153

A remote SQL injection vulnerability was discovered in Aruba AirWave Management Platform versions prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability...

8.1CVSS8AI score0.01088EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:34 p.m.9 views

CVE-2021-32744

Collabora Online is a collaborative online office suite. In versions prior to 4.2.17-1 and version 6.4.9-5, unauthenticated attackers are able to gain access to files which are currently opened by other users in the Collabora Online editor. For successful exploitation the attacker is required to...

9.8CVSS7.2AI score0.01053EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:13 p.m.9 views

CVE-2020-24635

A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aru...

9CVSS7.6AI score0.02722EPSS
Exploits0
NVD
NVD
added 2025/05/01 6:15 p.m.39 views

CVE-2025-46565

Vite is a frontend tooling framework for javascript. Prior to versions 6.3.4, 6.2.7, 6.1.6, 5.4.19, and 4.5.14, the contents of files in the project root that are denied by a file matching pattern can be returned to the browser. Only apps explicitly exposing the Vite dev server to the network usi...

6CVSS0.01077EPSS
Exploits1References2
Rows per page
Query Builder