Lucene search
K

29 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Tiff

A null source pointer passed as an argument to the memcopy function within TIFFFetchStripThing in tifdirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to a Denial of Service attack through a crafted TIFF file. For users who compile libtiff from source code, this fix is available in the...

5.5CVSS6.3AI score0.0125EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/02 3:6 p.m.17 views

CVE-2026-33746 Convoy: JWT Signature Verification Bypass Allows Authentication as Arbitrary Users

Convoy is a KVM server management panel for hosting businesses. From version 3.9.0-beta to before version 4.5.1, the JWTService::decode method did not verify the cryptographic signature of JWT tokens. While the method configured a symmetric HMAC-SHA256 signer via lcobucci/jwt, it only validated...

9.8CVSS0.003EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/03/07 9:30 a.m.10 views

ai.platon.gora:gora-core (=1.0.0), ai.platon.gora:gora-mongodb (=1.0.0) +1308 more potentially affected by CVE-2026-24308 via org.apache.zookeeper:zookeeper (>=3.9.0 <=3.9.4)

org.apache.zookeeper:zookeeper MAVEN version =3.9.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =0.0.1-jdk1.8-RELEASES, =0.0.1-jdk1.8-RELEASES, =0.0.1-jdk1.8-RELEASES, =1.1.1, =1.1.1, =1.1.1, =1.1.1, =1.1.2 and more Source cves: CVE-2026-24308 Source advisory: SNYK:JAVA-ORGAPACHEZOOKEEPER-15443353...

7.5CVSS7.1AI score0.01146EPSS
Exploits0
OpenVAS
OpenVAS
added 2026/01/07 12:0 a.m.3 views

Joomla! XSS Vulnerability (20260102)

Joomla! is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:joomla:joomla";...

8.4CVSS4.7AI score0.00175EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/24 6:35 a.m.5 views

WordPress SALESmanago plugin <= 3.9.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin SALESmanago versions = 3.9.0...

8.8CVSS6.7AI score0.00219EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2025/12/24 12:0 a.m.2 views

WordPress plugin SALESmanago 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

5.3CVSS6.5AI score0.00219EPSS
Exploits0References1
OSV
OSV
added 2025/11/13 5:49 p.m.6 views

CVE-2025-64706 Typebot IDOR Vulnerability: Unauthorized API Token Deletion and Exposure

Typebot is an open-source chatbot builder. In version 3.9.0 up to but excluding version 3.13.0, an Insecure Direct Object Reference IDOR vulnerability exists in the API token management endpoint. An authenticated attacker can delete any user's API token and retrieve its value by simply knowing th...

5CVSS6.7AI score0.00208EPSS
Exploits1References3
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2025/09/29 12:0 a.m.13 views

[20260102] - Core - XSS vectors in the pagebreak and pagenavigation plugins

Lack of output escaping leads to a XSS vector in the pagebreak and pagenavigation plugins...

8.4CVSS5.8AI score0.00175EPSS
Exploits0Affected Software1
vulnersOsv
vulnersOsv
added 2025/09/24 12:30 p.m.7 views

au.csiro.pathling:encoders (>=7.2.0 <=9.7.1), au.csiro.pathling:fhir-server (=7.2.0) +1174 more potentially affected by CVE-2025-58457 via org.apache.zookeeper:zookeeper (>=3.9.0 <=3.9.3)

org.apache.zookeeper:zookeeper MAVEN version =3.9.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =0.0.1-jdk1.8-RELEASES, =0.0.1-jdk1.8-RELEASES, =0.0.1-jdk1.8-RELEASES, =1.1.1, =1.1.1, =1.1.1, =1.1.1, =1.1.1, =2.1.1, =2.2.4 and more Source cves: CVE-2025-58457 Source advisory: OSV:GHSA-2HMJ-97JW-28JH...

4.3CVSS5.7AI score0.00294EPSS
Exploits0
CNNVD
CNNVD
added 2025/09/24 12:0 a.m.2 views

Apache ZooKeeper 安全漏洞

Apache Zookeeper is a software project of the Apache USA Foundation that provides open source distributed configuration services, synchronization services, and named registries for large-scale distributed computing. A security vulnerability exists in Apache ZooKeeper versions 3.9.0 through prior ...

4.3CVSS6.6AI score0.00294EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/30 6:17 p.m.2 views

CVE-2025-54486

A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch 35a819fa. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This...

9.8CVSS7.8AI score0.00636EPSS
Exploits1References1
Talos
Talos
added 2025/08/25 12:0 a.m.5 views

The Biosig Project libbiosig MFER default NS mismatch heap-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2025-2237 The Biosig Project libbiosig MFER default NS mismatch heap-based buffer overflow vulnerability August 25, 2025 CVE Number CVE-2025-53511 SUMMARY A heap-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project...

9.8CVSS6.9AI score0.00689EPSS
Exploits1
Talos
Talos
added 2025/08/25 12:0 a.m.6 views

The Biosig Project libbiosig GDF parsing integer overflow to heap-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2025-2233 The Biosig Project libbiosig GDF parsing integer overflow to heap-based buffer overflow vulnerability August 25, 2025 CVE Number CVE-2025-52581 SUMMARY An integer overflow vulnerability exists in the GDF parsing functionality of The Biosig Project...

9.8CVSS7.1AI score0.00634EPSS
Exploits1
Patchstack
Patchstack
added 2025/07/28 9:0 p.m.4 views

WordPress MinimogWP theme <= 3.9.0 - Unauthenticated Price Manipulation vulnerability

Unauthenticated Price Manipulation vulnerability discovered by Valatty in WordPress Theme MinimogWP versions = 3.9.0...

7.5CVSS7AI score0.00338EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/04/01 2:51 p.m.42 views

CVE-2025-31806

CVE-2025-31806 affects Webling (WordPress plugin Webling). It is a Stored XSS due to improper neutralization of input during web page generation, impacting Webling versions up to 3.9.0. Exploitation requires authentication (Administrator). Wordfence notes the vulnerability and indicates a patch i...

5.9CVSS7.2AI score0.00323EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2024/04/04 3:30 p.m.4 views

com.github.t1:wunderbar.demo.product (=3.3), com.mobiera.libs:aircast-api-jakarta (=1.3) +600 more potentially affected by CVE-2024-2700 via io.quarkus:quarkus-core (>=3.9.0.CR1 <=3.9.1)

io.quarkus:quarkus-core MAVEN version =3.9.0.CR1, =0.3.0, =0.2.3, =0.3.4, =0.9.3, =0.9.9, =3.3.0, =3.3.0.CR2 and more Source cves: CVE-2024-2700 Source advisory: OSV:GHSA-F8H5-V2VG-46RR...

7CVSS7AI score0.00286EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/03/27 12:0 a.m.2 views

PT-2024-23292 · Decalog · Decalog

Name of the Vulnerable Software and Affected Versions: DecaLog versions prior to 3.9.0 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential exploitation by injecting malicious SQL...

7.6CVSS8AI score0.00612EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2024/03/15 12:30 p.m.7 views

cn.aradin:aradin-cluster-zookeeper-starter (>=1.1.1 <=1.1.2), cn.aradin:aradin-lucene-solr-starter (>=1.1.1 <=1.1.2) +522 more potentially affected by CVE-2024-23944 via org.apache.zookeeper:zookeeper (>=3.9.0 <=3.9.1)

org.apache.zookeeper:zookeeper MAVEN version =3.9.0, =1.1.1, =1.1.1, =1.1.1, =1.1.1, =1.1.1, =2.1.1, =15.1-RELEASE, =15.0-RELEASE, =2.03-RELEASE, =3.3.0.4.0.6, =3.3.0.4.0.5, =2.10.6.9, =2.10.6.9, =2.10.6.9, =2.10.6.9, =2.10.6.10 and more Source cves: CVE-2024-23944 Source advisory:...

5.3CVSS6.7AI score0.00246EPSS
Exploits0
CNNVD
CNNVD
added 2023/11/29 12:0 a.m.4 views

aiohttp Injection Vulnerability

aiohttp is an open source asynchronous HTTP client/server framework for asyncio and Python. An injection vulnerability exists in aiohttp versions prior to 3.9.0, which stems from incorrect validation that allows an attacker to modify an HTTP request e.g., by inserting a new header, or even create...

5.3CVSS7.2AI score0.0094EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2023/08/28 10:15 p.m.2 views

CVE-2023-40826

An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the zippluginPath parameter...

7.5CVSS7.5AI score0.01141EPSS
Exploits1References2
Rows per page
Query Builder