Lucene search
K

16 matches found

OSV
OSV
added 2026/03/19 5:32 p.m.8 views

GHSA-89X7-5M5M-MCMM Juju has unauthorized update of out-of-scope Vault secrets

An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within...

7.6CVSS5.8AI score0.00166EPSS
Exploits0References4
NVD
NVD
added 2026/03/18 1:16 p.m.10 views

CVE-2026-32692

An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within...

7.6CVSS0.00166EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/03/18 1:16 p.m.4 views

CVE-2026-32692

An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within...

7.6CVSS6.4AI score0.00166EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/18 12:35 p.m.3 views

CVE-2026-32692 Unauthorized update of out-of-scope Vault secrets

An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within...

7.6CVSS5.8AI score0.00166EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.7 views

Juju 安全漏洞

Juju is a canonical Juju open-source application orchestration engine. Versions of Juju from 3.1.6 to 3.6.18 have security vulnerabilities. These vulnerabilities stem from an authorization bypass in the Vault key backend implementation, which may allow authenticated unit agents to execute...

7.6CVSS6.5AI score0.00166EPSS
Exploits0References1
CNVD
CNVD
added 2026/03/02 12:0 a.m.4 views

Adobe Substance 3D Stager suffers from an out-of-bounds write vulnerability

Substance 3D Stager is the United States of America Ordoby Adobe company launched a dedicated to the 3D scene set, lighting settings and high-quality rendering of professional software. An out-of-bounds write vulnerability exists in Adobe Substance 3D Stager 3.1.6 and earlier versions, which can ...

7.8CVSS6AI score0.00176EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/10 6:16 p.m.3 views

CVE-2026-21343 Substance3D - Stager | Out-of-bounds Read (CWE-125)

Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current...

7.8CVSS5.8AI score0.00159EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/10 6:16 p.m.4 views

CVE-2026-21341 Substance3D - Stager | Out-of-bounds Write (CWE-787)

Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.3AI score0.00139EPSS
Exploits0References1
CVE
CVE
added 2026/02/10 6:16 p.m.12 views

CVE-2026-21342

Adobe Substance3D Stager

7.8CVSS6.3AI score0.00176EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/10 6:16 p.m.8 views

CVE-2026-21345

Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current...

7.8CVSS5.8AI score0.00157EPSS
Exploits0References2
CVE
CVE
added 2025/11/04 4:27 a.m.18 views

CVE-2025-12393

CVE-2025-12393 affects the WordPress plugin Free Quotation up to version 3.1.6. It is a Stored Cross-Site Scripting (XSS) vulnerability caused by insufficient input sanitization and output escaping in admin settings. Exploitation requires authentication at administrator level or higher, and affec...

4.4CVSS4.7AI score0.00173EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/10/30 1:29 p.m.7 views

WordPress Advanced Database Cleaner plugin <= 3.1.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Bao - BlueRock in WordPress Plugin Advanced Database Cleaner versions = 3.1.6...

4.3CVSS6.7AI score0.00118EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2025/10/25 6:49 a.m.14 views

CVE-2025-11497 Advanced Database Cleaner <= 3.1.6 - Cross-Site Request Forgery to Settings Manipulation

The Advanced Database Cleaner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.6. This is due to missing or incorrect nonce validation on the aDBcprepareelementstoclean function. This makes it possible for unauthenticated attackers to alte...

4.3CVSS0.00208EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/11/16 12:0 a.m.10 views

PT-2024-35237 · Unknown · Clarisse K. Writer Helper

Name of the Vulnerable Software and Affected Versions: Clarisse K. Writer Helper versions 3.1.6 and earlier Description: The issue allows users to upload dangerous files, potentially enabling web server compromise by uploading a web shell. This can be exploited by attackers to gain unauthorized...

9.9CVSS9.7AI score0.00478EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2022/04/28 12:1 p.m.4 views

CVE-2022-29410

Authenticated SQL Injection SQLi vulnerability in Mufeng's Hermit 音乐播放器 plugin = 3.1.6 on WordPress allows attackers with Subscriber or higher user roles to execute SQLi attack via...

8.8CVSS8.6AI score0.00862EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2022/03/29 12:0 a.m.8 views

PT-2022-2029

Name of the Vulnerable Software and Affected Versions Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions Description The issue is related to a remote code execution vulnerability in Spring Cloud Function when using routing functionality. It is possible for a user to provid...

9.8CVSS9.8AI score0.99939EPSS
Exploits36References65
Rows per page
Query Builder