Lucene search
K

9 matches found

OSV
OSV
added 2026/04/29 8:33 p.m.14 views

GHSA-MPFM-FPGX-647Q CKAN has no certificate validation on STMP connection

Impact Configured SMTP server may be spoofed with any certificate e.g. self-signed, leaving credentials and all emails sent open to MITM attacks. Patches The vulnerability has been patched in CKAN 2.10.10 and CKAN 2.11.5...

8.7CVSS5.7AI score0.00194EPSS
Exploits0References5
CVE
CVE
added 2026/03/27 10:26 p.m.23 views

CVE-2026-4248

The CVE-2026-4248 entry concerns the Ultimate Member WordPress plugin with a vulnerability in versions up to 2.11.2. The issue arises because the '{usermeta:password_reset_link}' template tag is processed inside post content via the [um_loggedin] shortcode, generating a valid password reset token...

8CVSS5.9AI score0.00229EPSS
Exploits0References4
NVD
NVD
added 2026/02/24 5:29 p.m.7 views

CVE-2026-27571

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The WebSockets handling of NATS messages handles compressed messages via the WebSockets negotiated compression. Prior to versions 2.11.2 and 2.12.3, the implementation bound the memory size of a NATS...

7.5CVSS0.00478EPSS
Exploits0References4
NVD
NVD
added 2025/11/07 2:15 p.m.5 views

CVE-2025-34299

Monsta FTP versions 2.11 and earlier contain a vulnerability that allows unauthenticated arbitrary file uploads. This flaw enables attackers to execute arbitrary code by uploading a specially crafted file from a malicious SFTP server...

9.8CVSS0.72667EPSS
Exploits6References3
OSV
OSV
added 2025/02/12 2:15 p.m.8 views

CVE-2025-1101

A CWE-204 "Observable Response Discrepancy" in the login page in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enumerate valid usernames via crafted HTTP requests...

5.3CVSS5.8AI score0.0068EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/12 12:0 a.m.3 views

Q-Free MAXTIME Suite 安全漏洞

Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. A security vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions that stems from a missing authorization in maxprofile/users/routes.lua. An attacker could exploit the vulnerability t...

8.1CVSS6.3AI score0.00487EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/12 12:0 a.m.8 views

PT-2025-7160 · Q Free · Q-Free Maxtime

Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions 2.11.0 and earlier Description: The issue is related to missing authorization, allowing an authenticated attacker with low privileges to add users to groups via crafted HTTP requests. This is due to a problem in the...

8.8CVSS6.3AI score0.0053EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/12/27 12:0 a.m.5 views

PJSIP 缓冲区错误漏洞

PJSIP is a free and open source multimedia communications library written in C that implements standards-based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. A buffer error vulnerability exists in PJSIP 2.11.1 and earlier versions, which stems from the fact that if an incoming RTCP XR...

9.1CVSS8.3AI score0.03722EPSS
Exploits1References16
CNNVD
CNNVD
added 2021/11/11 12:0 a.m.5 views

Ec-cube 跨站请求伪造漏洞

EC-CUBE is an open source system for creating shopping websites. EC-CUBE versions 2.11.0 - 2.17.1 have a cross-site request forgery vulnerability in the administration interface. An attacker could exploit the vulnerability to remove administrators by tricking a user with administrative privileges...

6.5CVSS5.5AI score0.00533EPSS
Exploits1References5
Rows per page
Query Builder