Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2026/06/07 12:43 a.m.15 views

CVE-2026-46398

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 25.0.0 and prior to version 26.0.0, the haxcmsrefreshtoken cookie is set without the Secure flag. This allows it to be transmitted over unencrypted HTTP, making it vulnerable to theft via packet sniffing on t...

8.8CVSS5.4AI score0.00183EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.8 views

HAXCMS 安全漏洞

HAXCMS is an open-source content management system developed by HAX The Web. Versions of HAXCMS from 25.0.0 to 26.0.0 contained security vulnerabilities. These vulnerabilities stemmed from the fact that the haxcmsrefreshtoken cookie did not have the Secure flag set. This allowed the token to be...

8.8CVSS5.3AI score0.00183EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/04/09 6:40 p.m.2 views

CVE-2026-34945

Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler contains a bug where a 64-bit table, part of the memory64 proposal of WebAssembly, incorrectly translated the table.size instruction. This bug could lead to disclosing data on the...

6.5CVSS5.5AI score0.00324EPSS
Exploits0
EUVD
EUVD
added 2026/03/10 6:31 p.m.3 views

EUVD-2026-10497

Specially crafted ZIP archives can escape the intended extraction directory during Node.js download and extraction in Vaadin 14.2.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.8, and 25.0.0 through 25.0.2. Vaadin’s build process can automatically download and extract Node.js if it...

2.3CVSS5.8AI score0.00342EPSS
Exploits0References7
EUVD
EUVD
added 2025/11/03 6:31 p.m.3 views

EUVD-2025-37490

IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an attacker to access unauthorized content or perform unauthorized actions using man in the middle techniques due to improper access controls...

4.8CVSS6.1AI score0.00233EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/03 3:15 p.m.10 views

CVE-2025-36092 IBM Business Automation Insights improper input validation

IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause a denial of service due to the improper validation of input length...

6.5CVSS0.00396EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/03 12:0 a.m.4 views

IBM Cloud Pak for Business Automation 安全漏洞

IBM Cloud Pak for Business Automation is a suite of modular, integrated software components for any type of hybrid cloud environment, designed to accelerate business growth and improve operational efficiency by automating technologies that enable digital transformation of business processes. A...

6.5CVSS7.1AI score0.00396EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2024/11/25 7:39 p.m.8 views

de.arbeitsagentur.opdt:keycloak-cassandra-model-tests (>=3.0.1-25.0 <=4.0.5-25.0), org.keycloak:keycloak-guides (>=25.0.0 <=26.0.5) +6 more potentially affected by CVE-2024-9666 via org.keycloak:keycloak-quarkus-server (>=25.0.0 <=26.0.5)

org.keycloak:keycloak-quarkus-server MAVEN version =25.0.0, =3.0.1-25.0, =25.0.0, =25.0.0, =25.0.0, =26.0.0, =25.0.0, =25.0.0, =26.0.0, =26.0.5 Source cves: CVE-2024-9666 Source advisory: OSV:GHSA-JGWC-JH89-RPGQ...

4.7CVSS5.8AI score0.00399EPSS
Exploits0
Rows per page
Query Builder