Lucene search
K

21 matches found

Cvelist
Cvelist
added 2026/04/24 4:48 p.m.27 views

CVE-2026-40897 Math.js: Unsafe object property setter in mathjs

Math.js is an extensive math library for JavaScript and Node.js. From 13.1.1 to before 15.2.0, a vulnerability allowed executing arbitrary JavaScript via the expression parser of mathjs. You can be affected when you have an application where users can evaluate arbitrary expressions using the math...

8.8CVSS0.00551EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/02/25 7:42 a.m.10 views

WordPress Responsive Posts Carousel Pro plugin <= 15.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Responsive Posts Carousel Pro versions = 15.1...

7.5CVSS5.9AI score0.00312EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2023-0838

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab affecting versions starting from 15.1 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. A maintainer could...

5.5CVSS5AI score0.00731EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2022-2498

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in pipeline subscriptions in GitLab EE affecting all versions from 12.8 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 triggered new...

7.5CVSS7.3AI score0.0071EPSS
Exploits0References2
OSV
OSV
added 2024/02/21 11:30 p.m.21 views

CVE-2024-0410 Improper Enforcement of Behavioral Workflow in GitLab

An authorization bypass vulnerability was discovered in GitLab affecting versions 15.1 prior to 16.7.6, 16.8 prior to 16.8.3, and 16.9 prior to 16.9.1. A developer could bypass CODEOWNERS approvals by creating a merge conflict...

7.7CVSS7.4AI score0.00455EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2024/02/21 11:30 p.m.30 views

CVE-2024-0410

Removed by vendor...

7.7CVSS7.1AI score0.00455EPSS
Exploits0
Prion
Prion
added 2023/06/20 8:15 p.m.18 views

Design/Logic Flaw

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute any wiki content with the right of the TipsPanel author by creating a tip UI extension. This has been patched in XWiki 15.1-rc-1 and 14.10.5...

6.5CVSS8.7AI score0.6312EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2023/04/05 9:15 p.m.30 views

CVE-2023-0838

An issue has been discovered in GitLab affecting versions starting from 15.1 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. A maintainer could modify a webhook URL to leak masked webhook secrets by adding a new parameter to the url. This addresses an incomplete fix for CVE-2022-4342...

5.5CVSS4.3AI score0.00731EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/04/01 12:0 a.m.6 views

NVIDIA GPU Display Driver for Windows 缓冲区错误漏洞

NVIDIA GPU Display Driver for Windows is a driver software from NVIDIA Corporation that is used for interactive support of graphics card display modules in Windows systems. A security vulnerability exists in NVIDIA GPU Display Driver, which originates from the presence of an out-of-bounds write a...

7.8CVSS7.6AI score0.00197EPSS
Exploits0References2
OSV
OSV
added 2022/08/04 6:15 p.m.5 views

CVE-2022-33947

In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, a vulnerability exists in undisclosed pages of the BIG-IP DNS Traffic Management User Interface TMUI that allows an authenticated attacker with at least operator role privileges to...

6.5CVSS5.8AI score0.00626EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/07/01 12:0 a.m.7 views

PT-2022-15342 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 14.4 through 14.10.4 GitLab CE/EE versions 15.0 through 15.0.3 GitLab CE/EE versions 15.1 through 15.1.0 Description: A Stored Cross-Site Scripting issue in the project settings page allows an attacker to execute arbitra...

8.1CVSS5.7AI score0.5624EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2022/07/01 12:0 a.m.17 views

PT-2022-14235 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 10.7 through 14.10.5 GitLab EE versions 15.0 through 15.0.4 GitLab EE versions 15.1 through 15.1.1 Description: The issue concerns incorrect authorization in GitLab EE, allowing an attacker with a valid Deploy Key or Deploy...

6.5CVSS4.5AI score0.0061EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2022/01/25 8:15 p.m.9 views

CVE-2022-23012

On BIG-IP versions 15.1.x before 15.1.4.1 and 14.1.x before 14.1.4.5, when the HTTP/2 profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not...

7.5CVSS5.8AI score0.0092EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/01/25 8:15 p.m.4 views

CVE-2022-23016

On versions 16.1.x before 16.1.2 and 15.1.x before 15.1.4.1, when BIG-IP SSL Forward Proxy with TLS 1.3 is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS a...

7.5CVSS5.8AI score0.0092EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/01/19 12:0 a.m.35 views

F5 Networks BIG-IP : BIG-IP APM portal access vulnerability (K93526903)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.4.1 / 16.1.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K93526903 advisory. - On versions 16.1.x before 16.1.2 and 15.1.x before 15.1.4.1, when BIG-IP APM portal access is configured ...

6.8CVSS6.6AI score0.0082EPSS
Exploits0References2
Prion
Prion
added 2021/04/13 7:15 p.m.12 views

Cross site scripting

SAP Manufacturing Execution System Rules, versions - 15.1, 15.2, 15.3, 15.4, allows an authorized attacker to embed malicious code into HTTP parameter and send it to the server because SAP Manufacturing Execution System Rules tab does not sufficiently encode some parameters, resulting in Stored...

3.5CVSS5.4AI score0.00585EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2021/04/13 12:0 a.m.7 views

SAP Manufacturing Execution 跨站脚本漏洞

SAP Manufacturing Execution SAP ME is a powerful, scalable, enterprise-class manufacturing business solution that enables global manufacturers to manage and monitor manufacturing and shop floor operations. It provides a multi-faceted set of capabilities that integrate business systems with shop...

6.4CVSS5.3AI score0.00585EPSS
Exploits0References4
Prion
Prion
added 2020/08/26 3:15 p.m.21 views

Directory traversal

In BIG-IP versions 15.1.0-15.1.0.4 and 15.0.0-15.0.1.3 the Certificate Administrator user role and higher privileged roles can perform arbitrary file reads outside of the web root directory...

4CVSS6.7AI score0.00533EPSS
Exploits0References1Affected Software13
OSV
OSV
added 2018/07/10 9:29 p.m.5 views

CVE-2018-3688

Unquoted service paths in Intel Quartus Prime Programmer and Tools in versions 15.1 - 18.0 allow a local attacker to potentially execute arbitrary code...

7.8CVSS6AI score0.00353EPSS
Exploits4References1
OSV
OSV
added 2017/08/08 3:29 p.m.5 views

CVE-2017-10131

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite subcomponent: Web Access. Supported versions that are affected are 8.3, 8.4, 15.1, 15.2, 16.1 and 16.2. Easily exploitable vulnerability allows low privileged attacker with netwo...

6.5CVSS5.8AI score0.01026EPSS
Exploits0References3
Rows per page
Query Builder