Lucene search
+L

24 matches found

vulnersOsv
vulnersOsv
added 2026/05/18 9:0 p.m.7 views

@agentscope-ai/chat (>=1.1.43 <=1.1.68-beta.1780902884191), @ant-design/charts (>=2.2.2 <=2.6.7) +72 more potentially affected by unknown CVE via @antv/g-svg (>=2.0.0 <=2.1.1)

@antv/g-svg NPM version =2.0.0, =1.1.43, =2.2.2, =2.0.0, =1.0.0, =1.1.0, =2.0.0, =2.0.0, =0.1.6, =0.1.0, =0.1.0, =1.2.0, =2.0.28, =0.0.18, =0.0.23 and more Source cves: unknown CVE Source advisory: SNYK:JS-ANTVGSVG-16755118...

5.7AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/18 9:0 p.m.7 views

1byte-react-design (>=1.7.1 <=1.14.0), @aaf-comp/graph-widget (>=1.0.0 <=1.0.3) +246 more potentially affected by unknown CVE via @antv/g-plugin-dragndrop (>=2.0.0 <=2.1.1)

@antv/g-plugin-dragndrop NPM version =2.0.0, =1.7.1, =1.0.0, =1.1.43, =5.0.48, =1.0.1, =2.0.0, =2.0.0, =1.0.0, =2.0.0, =3.0.3, =3.0.0, =0.5.6, =1.0.0, =1.0.0, =1.0.0, =1.1.1 and more Source cves: unknown CVE Source advisory: SNYK:JS-ANTVGPLUGINDRAGNDROP-16754940...

5.7AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/18 9:0 p.m.15 views

@antv/g-mobile-canvas (>=1.0.0 <=1.1.1), @antv/g-mobile-svg (>=1.0.0 <=1.1.1) +1 more potentially affected by unknown CVE via @antv/g-plugin-gesture (>=2.0.0 <=2.1.1)

@antv/g-plugin-gesture NPM version =2.0.0, =1.0.0, =1.0.0, =1.0.0, =1.1.1 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVGPLUGINGESTURE-16754438...

5.5AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/04/07 6:13 p.m.4 views

CVE-2026-39324 Rack::Session::Cookie secrets: decrypt failure fallback enables secretless session forgery and Marshal deserialization

Rack::Session is a session management implementation for Rack. From 2.0.0 to before 2.1.2, Rack::Session::Cookie incorrectly handles decryption failures when configured with secrets:. If cookie decryption fails, the implementation falls back to a default decoder instead of rejecting the cookie...

9.3CVSS5.9AI score0.0027EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/03/21 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-32711

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pydicom is a pure Python package for working with DICOM files. Versions 2.0.0-rc.1 through 3.0.1 are vulnerable to Path Traversal through a maliciously crafted...

7.8CVSS5.9AI score0.00279EPSS
Exploits1References3
Patchstack
Patchstack
added 2025/12/15 11:0 p.m.9 views

WordPress CC Child Pages plugin <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'child_pages' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'childpages' Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin CC Child Pages versions = 2.0.0...

6.4CVSS5.6AI score0.00157EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/09/27 12:51 a.m.27 views

CVE-2025-59932

Summary: CVE-2025-59932 affects Flag Forge (FlagForgeCTF). From versions 2.0.0 up to before 2.3.1, the /api/resources endpoint allowed POST and DELETE requests without proper authentication or authorization, enabling unauthorized users to create, modify, or delete resources. The issue has been fi...

8.6CVSS6.5AI score0.00346EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/09/05 1:29 p.m.5 views

WordPress Comment Form WP – Customize Default Comment Form plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Bao - BlueRock in WordPress Plugin Comment Form WP Customize Default Comment Form versions = 2.0.1...

5.9CVSS5.9AI score0.0021EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2025/03/28 12:0 a.m.5 views

WordPress plugin Flatty 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

5.9CVSS8AI score0.00214EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/12/16 12:0 a.m.6 views

WordPress plugin Wr Age Verification SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

9.3CVSS9.3AI score0.00729EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/12/09 12:0 a.m.4 views

WordPress plugin JS Job Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.5CVSS8.7AI score0.0049EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2024/10/18 4:6 a.m.6 views

@alfresco/adf-testing (=6.0.0-A.2-8258), @aller/svelte-components (>=1.5.1 <=1.5.17) +205 more potentially affected by CVE-2024-21536 via http-proxy-middleware (>=2.0.0 <=2.0.6)

http-proxy-middleware NPM version =2.0.0, =1.5.1, =2.0.0, =17.0.0, =9.3.0, =2.3.1, =1.92.0, =1.0.1, =1.0.10, =1015.132.0, =0.0.1, =1.2.0, =0.1.0, =0.1.5 and more Source cves: CVE-2024-21536 Source advisory: SNYK:JS-HTTPPROXYMIDDLEWARE-8229906...

7.5CVSS7.1AI score0.01017EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2024/10/10 12:0 a.m.10 views

PT-2024-39845 · Zowe · Zowe

Name of the Vulnerable Software and Affected Versions: Zowe versions 1.0.0 through 1.28.8 Zowe versions 2.0.0 through 2.18.0 Description: The health endpoint is public, allowing everybody to see a list of all services, which is potentially valuable information for attackers. Recommendations: For...

9CVSS7AI score0.00231EPSS
Exploits0References11
vulnersOsv
vulnersOsv
added 2023/07/17 12:30 p.m.13 views

be.personify.iam:personify-api (>=1.5.0.RELEASE <=1.5.1.RELEASE), be.personify.iam:personify-frontend (=1.5.1.RELEASE) +51 more potentially affected by CVE-2023-34036 via org.springframework.hateoas:spring-hateoas (>=2.0.0 <=2.0.4)

org.springframework.hateoas:spring-hateoas MAVEN version =2.0.0, =1.5.0.RELEASE, =1.5.0.RELEASE, =0.2.6, =1.6.9, =1.0, =1.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =2.0.0, =2.0.4 - com.wizzdi:FlexiCore =7.0.0 and more Source cves: CVE-2023-34036 Source advisory: OSV:GHSA-7M5C-FGWF-MWPH...

5.3CVSS6AI score0.00475EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2023/04/24 3:30 p.m.7 views

@accordproject/concerto-vocabulary (>=1.2.2-20211215122352 <=3.7.1-20230510093225), @adobe/create-franklin-service (>=3.0.0 <=3.0.20) +338 more potentially affected by CVE-2023-2251 via yaml (>=2.0.0-5 <=2.2.1)

yaml NPM version =2.0.0-5, =1.2.2-20211215122352, =3.0.0, =2.1.42, =1.1.5, =14.6.15, =1.11.39, =9.0.0, =2.0.0, =2.0.0, =0.0.1-AHG-001, =0.0.1-AHG-001, =0.0.2, =1.1.2, =1.1.2, =1.1.4 and more Source cves: CVE-2023-2251 Source advisory: OSV:GHSA-F9XV-Q969-PQX4...

7.5CVSS7.1AI score0.01093EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2022/05/17 12:0 a.m.5 views

be.ugent.idlab.knows:dataio (>=1.2.0 <=1.3.0), be.zvz:KotlinInside (>=1.14.1 <=1.14.2) +326 more potentially affected by CVE-2022-30126 via org.apache.tika:tika-core (>=2.0.0 <=2.3.0)

org.apache.tika:tika-core MAVEN version =2.0.0, =1.2.0, =1.14.1, =2.10.0, =2.10.0, =2.10.0, =2.10.0, =1.9.14, =1.9.14, =21.2.0, =2.2, =2.2, =2.2, =2.2, =2.2, =2.2, =2.4 and more Source cves: CVE-2022-30126 Source advisory: OSV:GHSA-RPJM-422R-95MH...

5.5CVSS6.3AI score0.02524EPSS
Exploits0
CNNVD
CNNVD
added 2022/04/13 12:0 a.m.5 views

Wordpress plugin Yooslider Yoo Slider 跨站请求伪造漏洞

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in Wordpress plugin Yooslider Yoo Slider 2.0.0 and earlier, which can be exploited by attackers ...

4.3CVSS5.1AI score0.00407EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/01/05 3:15 p.m.7 views

CVE-2022-22108

In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account employee type user, can view the absences of all users in the system including administrators. This type of user is not authorized to view this kind of...

4.3CVSS5.8AI score0.0068EPSS
Exploits0References3Affected Software2
vulnersOsv
vulnersOsv
added 2021/12/14 6:1 p.m.11 views

hu.blackbelt.osgi.filestore:features (>=1.2.1 <=1.3.0), hu.blackbelt.osgi.filestore:kar (>=1.2.1 <=1.3.0) +40 more potentially affected by CVE-2021-44228 +1 more via org.ops4j.pax.logging:pax-logging-log4j2 (>=2.0.0 <=2.0.11)

org.ops4j.pax.logging:pax-logging-log4j2 MAVEN version =2.0.0, =1.2.1, =1.2.1, =1.0.12, =1.0.12, =2.14.2, =2.19.0, =3.12.0, =3.12.0, =3.14.0 - org.apache.cxf.karaf:apache-cxf =3.5.0 - org.apache.karaf.examples:karaf-docker-example-dynamic-dist =4.3.3 - org.apache.karaf.features:enterprise =4.3.3 ...

10CVSS7AI score0.99999EPSS
Exploits357
OSV
OSV
added 2020/05/29 8:15 p.m.2 views

UBUNTU-CVE-2020-11086

In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlmreadntlmv2clientchallenge that reads up to 28 bytes out-of-bound to an internal structure. This has been fixed in 2.1.0...

5.4CVSS6.7AI score0.01425EPSS
Exploits0References3
Rows per page
Query Builder