Lucene search
K

14 matches found

CNNVD
CNNVD
added 2026/04/14 12:0 a.m.7 views

October 安全漏洞

October is an open-source content management system CMS and online platform developed by October. Versions prior to October 3.7.13, as well as those before 4.1.4, contained security vulnerabilities. These vulnerabilities stemmed from a sandbox bypass in the Twig security mode function, which coul...

6.8CVSS5.8AI score0.00395EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2026/04/09 9:2 p.m.7 views

CVE-2026-35206

Helm is a package manager for Charts for Kubernetes. In Helm versions =3.20.1 and =4.1.3, a specially crafted Chart will cause helm pull --untar chart URL | repo/chartname to write the Chart's contents to the immediate output directory as defaulted to the current working directory; or as given by...

4.8CVSS5.9AI score0.00199EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.4 views

PT-2026-31732

Name of the Vulnerable Software and Affected Versions Helm versions 3.20.1 and earlier, and versions 4.1.3 and earlier Description Helm, a package manager for Kubernetes Charts, is affected by an issue where a specially crafted Chart can cause the helm pull --untar command to write chart contents...

9.1CVSS5.8AI score0.00338EPSS
Exploits0References148
Debian CVE
Debian CVE
added 2026/04/06 4:22 p.m.5 views

CVE-2026-34986

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption JWE object will panic if t...

7.5CVSS6.2AI score0.00651EPSS
Exploits0
CVE
CVE
added 2026/04/06 4:22 p.m.510 views

CVE-2026-34986

CVE-2026-34986 affects the Go JOSE library. Prior to versions 4.1.4 and 3.0.5, decrypting a JWE object can cause a panic when the alg field indicates a key-wrapping algorithm (any ending with KW, except A128GCMKW/A192GCMKW/A256GCMKW) and encrypted_key is empty. The panic occurs in cipher.KeyUnwra...

7.5CVSS6AI score0.00651EPSS
Exploits0References115Affected Software1
vulnersOsv
vulnersOsv
added 2025/11/11 5:50 a.m.10 views

dhrav1 (=1.1.2), irma-dodol78-riris (=3.3.4) +2 more potentially affected by unknown CVE via dhrafortea (>=1.1.2 <=4.1.4)

dhrafortea NPM version =1.1.2, =4.1.4 is affected by a known vulnerability. The following packages have a transitive dependency on dhrafortea and may be impacted: - dhrav1 =1.1.2 - irma-dodol78-riris =3.3.4 - joko-tek48-riris =4.3.2 - kurnia-sambel16-riris =2.3.1 Source cves: unknown CVE Source...

5.8AI score
Exploits0
OSV
OSV
added 2025/10/14 8:15 p.m.6 views

CVE-2025-61801

Dimension versions 4.1.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.3AI score0.0021EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/14 7:34 p.m.7 views

CVE-2025-61800 Dimension | Integer Overflow or Wraparound (CWE-190)

Dimension versions 4.1.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS0.00201EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/02/29 12:0 a.m.17 views

Flask-AppBuilder Cross-Site Scripting Vulnerability

Flask-AppBuilder is a simple and fast application development framework. A security vulnerability exists in Flask-AppBuilder versions prior to 4.1.4 through 4.2.1, which stems from a cross-site scripting XSS vulnerability in the OAuth login page...

6.1CVSS5.8AI score0.00567EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/11/02 12:0 a.m.5 views

Fortinet FortiSIEM Windows Agent安全漏洞

Fortinet FortiSIEM Windows Agent is an agent program for collecting logs and other behaviors from Windows servers from Fortinet, Inc. A security vulnerability exists in Fortinet FortiSIEM Windows Agent versions 4.1.4 and below, which can be exploited by an attacker to execute privileged code or...

7.8CVSS5.9AI score0.00208EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/11/02 12:0 a.m.4 views

Fortinet FortiSIEM Windows Agent 安全漏洞

Fortinet FortiSIEM Windows Agent is an agent program for collecting logs and other behaviors from Windows servers from Fortinet, Inc. A security vulnerability exists in Fortinet FortiSIEM Windows Agent versions 4.1.4 and earlier, which can be exploited by an attacker to obtain compromised agent...

5.5CVSS5.6AI score0.00212EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2020/12/08 9:42 p.m.7 views

@here/cli (>=1.5.0 <=1.6.1), @node-amazon/mws (>=0.0.2 <=0.0.3) +10 more potentially affected by CVE-2020-26256 via @fast-csv/parse (>=4.1.4 <=4.3.3)

@fast-csv/parse NPM version =4.1.4, =1.5.0, =0.0.2, =2.1.0, =1.0.0, =1.2.127, =1.2.135, =1.2.111, =6.42.0, =4.1.4, =0.0.1, =0.0.6 Source cves: CVE-2020-26256 Source advisory: OSV:GHSA-8CV5-P934-3HWP...

6.5CVSS6.5AI score0.01531EPSS
Exploits1
CNVD
CNVD
added 2018/11/02 12:0 a.m.3 views

GlusterFS Denial of Service Vulnerability

Red Hat Gluster is an open source distributed file system from Red Hat Red Hat. The system is mainly for media streaming, data analysis and other data- and bandwidth-intensive tasks to create large-scale distributed storage solutions. A denial of service vulnerability exists in Red Hat Gluster...

6.5CVSS7.2AI score0.02172EPSS
Exploits0References1
OSV
OSV
added 2018/11/01 2:29 p.m.1 views

UBUNTU-CVE-2018-14660

A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GFMETALOCKKEY xattr. A remote, authenticated attacker could use this flaw to create multiple locks for single inode by using setxattr repetitively resulting in memory exhaustion of glusterfs serv...

6.5CVSS6.9AI score0.02515EPSS
Exploits0References5
Rows per page
Query Builder