Lucene search
K

20 matches found

OSV
OSV
added 2026/06/08 2:16 p.m.4 views

CLEANSTART-2026-VD47610 Security fixes for CVE-2025-15558, CVE-2025-61729, CVE-2026-25680, CVE-2026-25681, CVE-2026-25934, CVE-2026-26958, CVE-2026-27136, CVE-2026-27145, CVE-2026-33186, CVE-2026-33811, CVE-2026-33814, CVE-2026-33815, CVE-2026-33816, CVE-2026-34986, CVE-2026-35469, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39821, CVE-2026-39823, CVE-2026-39824, CVE-2026-39825, CVE-2026-39826, CVE-2026-39827, CVE-2026-39828, CVE-2026-39829, CVE-2026-39830, CVE-2026-39831, CVE-2026-39832, CVE-2026-39833, CVE-2026-39834, CVE-2026-39835, CVE-2026-39836, CVE-2026-39882, CVE-2026-39883, CVE-2026-42499, CVE-2026-42501, CVE-2026-42502, CVE-2026-42504, CVE-2026-42506, CVE-2026-42507, CVE-2026-42508, CVE-2026-44740, CVE-2026-44973, CVE-2026-45022, CVE-2026-45570, CVE-2026-45571, CVE-2026-46595, CVE-2026-46597, CVE-2026-46598, ghsa-2464-8j7c-4cjm, ghsa-2x5j-vhc8-9cwm, ghsa-37cx-329c-33x3, ghsa-389r-gv7p-r3rp, ghsa-3xc5-wrhm-f963, ghsa-78h2-9frx-2jm8, ghsa-crhj-59gh-8x96, ghsa-fv92-fjc5-jj9h, ghsa-fw7p-63qq-7hpr, ghsa-hfvc-g4fc-pqhx, ghsa-j88v-2chj-qfwx, ghsa-m3xc-h892-ggx6, ghsa-m7cr-m3pv-hgrp, ghsa-p436-gjf2-799p, ghsa-qw64-3x98-g7q2, ghsa-w5pp-99ch-qj29, ghsa-w8rr-5gcm-pp58 applied in versions: 3.6.16-r0, 3.7.4-r0, 3.7.9-r0, 4.0.1-r0, 4.0.2-r0, 4.0.3-r0, 4.0.4-r0, 4.0.4-r1, 4.0.5-r0

Multiple security vulnerabilities affect the argo-workflows package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS5.9AI score0.01557EPSS
Exploits4References118
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

YAFNET 跨站脚本漏洞

YAFNET is an ASP.NET open-source forum solution developed by YAFNET’s individual developers. Versions of YAFNET prior to 4.0.5 and 3.2.12 contained a cross-site scripting vulnerability. This vulnerability stemmed from insufficient HTML cleaning or output encoding during postings and replies, whic...

7.3CVSS5.7AI score0.00199EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/09 12:0 a.m.12 views

Argo Workflows 安全漏洞

Argo Workflows is an open-source container-native workflow engine for Kubernetes, part of the Argo project. Versions prior to Argo Workflows 3.7.14 and 4.0.5 contained security vulnerabilities. These vulnerabilities stemmed from the Webhook Interceptor, which loaded the entire request body into...

8.2CVSS5.8AI score0.00607EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2026/04/28 12:31 a.m.8 views

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +5085 more potentially affected by CVE-2026-40976 via org.springframework.boot:spring-boot (>=4.0.0 <=4.0.5)

org.springframework.boot:spring-boot MAVEN version =4.0.0, =0.1.0, =0.1.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.7.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0-beta-2 and more Source cves: CVE-2026-40976 Source advisory: OSV:GHSA-8V8J-3HXP-93WR...

9.1CVSS5.7AI score0.00489EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/04/23 6:12 p.m.6 views

CVE-2026-40886 Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows controller

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 3.6.5 to 4.0.4, an unchecked array index in the pod informer's podGCFromPod function causes a controller-wide panic when a workflow pod carries a malformed...

7.7CVSS5.2AI score0.00377EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/10 12:10 p.m.3 views

CVE-2026-5774 Juju API Server Denial of Service and Authentication Replay via Unsynchronized Token Map

Improper synchronization of the userTokens map in the API server in Canonical Juju 4.0.5, 3.6.20, and 2.9.56 may allow an authenticated user to possibly cause a denial of service on the server or possibly reuse a single-use discharge token...

6CVSS5.8AI score0.00243EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/04/08 8:30 a.m.27 views

CVE-2026-39704 WordPress Precious Metals Automated Product Pricing – Pro plugin <= 4.0.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in nfusionsolutions Precious Metals Automated Product Pricing – Pro precious-metals-automated-product-pricing-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Precious Metals Automated Product Pricing – Pro: from n/...

5.3CVSS0.0016EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/01/17 12:51 a.m.8 views

SUSE CVE-2017-18897

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. It mishandles a deny action for a redirection...

6.1CVSS7AI score0.00685EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/01/08 10:39 p.m.8 views

WordPress IndieWeb plugin <= 4.0.5 - Authenticated (Author+) Stored Cross-Site Scripting via 'Telephone' Parameter vulnerability

Authenticated Author+ Stored Cross-Site Scripting via 'Telephone' Parameter vulnerability discovered by Tharadol Suksamran in WordPress Plugin IndieWeb versions = 4.0.5...

6.4CVSS5.7AI score0.00205EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/31 3:7 p.m.7 views

CVE-2025-62141 WordPress Wawp plugin <= 4.0.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in 101gen Wawp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wawp: from n/a through 4.0.5...

5.3CVSS6.6AI score0.00191EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/31 3:7 p.m.6 views

EUVD-2025-206041

Missing Authorization vulnerability in 101gen Wawp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wawp: from n/a through 4.0.5...

5.3CVSS6.5AI score0.00191EPSS
Exploits0References2
OSV
OSV
added 2024/11/19 6:15 p.m.2 views

CVE-2022-47424

Cross-Site Request Forgery CSRF vulnerability in Repute InfoSystems ARMember, Repute InfoSystems ARMember Premium allows Cross-Site Request Forgery.This issue affects ARMember: from n/a through 4.0.5; ARMember Premium: from n/a before 6.7.1...

8.8CVSS5.8AI score0.00185EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/19 12:0 a.m.5 views

PT-2024-11755 · Repute Infosystems · Armember +1

Name of the Vulnerable Software and Affected Versions: Repute InfoSystems ARMember versions 4.0.5 and earlier Repute InfoSystems ARMember Premium versions prior to 6.7.1 Description: A Cross-Site Request Forgery CSRF issue affects the software, allowing unauthorized actions. This is a type of...

5.4CVSS8.7AI score0.00185EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2023/05/23 7:55 p.m.6 views

0.edsql (>=1.0.49 <=1.0.50), 10secondsofcode-custom (=1.0.0) +1915 more potentially affected by CVE-2023-32695 via socket.io-parser (>=4.0.5 <=4.2.2)

socket.io-parser NPM version =4.0.5, =1.0.49, =1.0.0, =0.0.28, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =1.0.1, =0.8.2, =1.0.0, =0.1.13, =0.0.4, =0.0.9 and more Source cves: CVE-2023-32695 Source advisory: OSV:GHSA-CQMJ-92XF-R6R9...

7.5CVSS7.1AI score0.01059EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2022/06/23 5:15 p.m.3 views

CVE-2022-31361

Docebo Community Edition v4.0.5 and below was discovered to contain a SQL injection vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

9.8CVSS7.4AI score0.01329EPSS
Exploits1References3
OSV
OSV
added 2022/03/10 5:48 p.m.3 views

UBUNTU-CVE-2022-26846

SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code...

8.8CVSS7.5AI score0.02879EPSS
Exploits0References5
CNVD
CNVD
added 2020/11/16 12:0 a.m.2 views

Spree Authorization Bypass Vulnerability

Spree is a personal developer of an open source mall developed using Ruby on Rails. A security vulnerability exists in Spree versions 3.7 through 3.7.13, 4.0.5, and 4.1.12, which stems from an authorization bypass vulnerability. An attacker can exploit the vulnerability to query the API v2 order...

7.7CVSS6.8AI score0.01111EPSS
Exploits1References1
CNVD
CNVD
added 2017/08/28 12:0 a.m.2 views

BaserCMS Code Execution Vulnerability

baserCMS is an enterprise-level content management system CMS. A code execution vulnerability exists in baserCMS versions 3.0.14 and earlier and 4.0.5 and earlier. An attacker can exploit this vulnerability to execute arbitrary PHP code on the server...

8.8CVSS9AI score0.01467EPSS
Exploits0References1
PyPA
PyPA
added 2015/09/21 7:59 p.m.6 views

PYSEC-2015-26

Cross-site scripting XSS vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via a folder name. NOTE: this was originally reported as a cross-site reque...

4.3CVSS6AI score0.02768EPSS
Exploits1References10Affected Software1
Positive Technologies
Positive Technologies
added 2014/05/07 12:0 a.m.5 views

PT-2014-3491 · Ruby +1 · Ruby On Rails +1

Name of the Vulnerable Software and Affected Versions: Ruby on Rails versions prior to 3.2.18 Ruby on Rails versions 4.0.x prior to 4.0.5 Ruby on Rails versions 4.1.x prior to 4.1.1 Description: The issue allows remote attackers to read arbitrary files via a crafted request, due to a directory...

7.5CVSS7.6AI score0.53703EPSS
Exploits2References43
Rows per page
Query Builder