Lucene search
K

73 matches found

CBLMariner
CBLMariner
added 2026/05/30 12:34 a.m.7 views

CVE-2026-27136 affecting package gh for versions less than 2.62.0-16

CVE-2026-27136 affecting package gh for versions less than 2.62.0-16. A patched version of the package is available...

6.1CVSS5.8AI score0.00178EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Redis

Redis is an open-source, in-memory database that persists data on disk. A integer overflow bug that affects all versions of Redis can be exploited to corrupt the heap and potentially be used to leak arbitrary contents of the heap or trigger remote code execution. The vulnerability involves changi...

7.5CVSS7AI score0.03839EPSS
Exploits0References2
NVD
NVD
added 2026/05/19 11:16 p.m.22 views

CVE-2026-6095

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Orejime allows Cross-Site Scripting XSS. This issue affects Orejime: from 0.0.0 before 2.0.16...

6.1CVSS0.00196EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/19 10:26 p.m.12 views

CVE-2026-6095

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Orejime allows Cross-Site Scripting XSS. This issue affects Orejime: from 0.0.0 before 2.0.16...

5.8AI score0.00196EPSS
Exploits0References2
OSV
OSV
added 2026/04/01 9:46 a.m.13 views

CLEANSTART-2026-VX40916 Security fixes for CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, ghsa-9h8m-3fm2-qjrq applied in versions: 0.16.0-r0

Multiple security vulnerabilities affect the kserve package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS7AI score0.01945EPSS
Exploits2References22
EUVD
EUVD
added 2026/03/12 6:10 p.m.7 views

EUVD-2026-11642

Shopware is an open commerce platform. /api/info/config route exposes information about active security fixes. This vulnerability is fixed in 2.0.16, 3.0.12, and 4.0.7...

5.3CVSS5.8AI score0.00201EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.9 views

PT-2026-25031

Shopware is an open commerce platform. /api/ info/config route exposes information about active security fixes. This vulnerability is fixed in 2.0.16, 3.0.12, and 4.0.7...

5.3CVSS5.8AI score0.00201EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.9 views

Frigate 安全漏洞

Frigate is a complete native NVR designed by Blake Blackshear for home assistants with AI object detection capabilities. Versions of Frigate prior to 0.16.4 contained a security vulnerability. This vulnerability stemmed from uncleaned user input in video stream configurations, which could lead to...

9.1CVSS5.8AI score0.02874EPSS
Exploits8References3
OSV
OSV
added 2026/02/03 6:30 p.m.4 views

GHSA-73F3-RQQF-2J54 Apache Syncope: Console XXE on Keymaster parameters

Improper Restriction of XML External Entity Reference vulnerability in Apache Syncope Console. An administrator with adequate entitlements to create or edit Keymaster parameters via Console can construct malicious XML text to launch an XXE attack, thereby causing sensitive data leakage occurs. Th...

4.9CVSS5.8AI score0.00827EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.5 views

PT-2026-6483

Reflected XSS in Apache Syncope's Enduser Login page. An attacker that tricks a legitimate user into clicking a malicious link and logging in to Syncope Enduser could steal that user's credentials. This issue affects Apache Syncope: from 3.0 through 3.0.15, from 4.0 through 4.0.3. Users are...

6.8CVSS5.3AI score0.00362EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/26 12:0 a.m.4 views

PT-2026-4832

Name of the Vulnerable Software and Affected Versions Shaarli versions prior to 0.16.0 Description Shaarli is a personal bookmarking service susceptible to a cross-site scripting XSS issue. A malicious tag beginning with a double quote " can prematurely terminate the tag on the start page, enabli...

5.3CVSS6AI score0.00147EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2026/01/24 2:2 a.m.4 views

CVE-2026-24422 phpMyFAQ: Public API endpoints expose emails and invisible questions

phpMyFAQ is an open source FAQ web application. In versions 4.0.16 and below, multiple public API endpoints improperly expose sensitive user information due to insufficient access controls. The OpenQuestionController::list endpoint calls Question::getAll with showAll=true by default, returning...

5.3CVSS5.8AI score0.00375EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/01/24 12:0 a.m.6 views

phpMyFAQ Access Control Vulnerability

phpMyFAQ is a multilingual, database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ 4.0.16 and earlier contained an access control vulnerability caused by insufficient permission checks. This vulnerability could allow unauthorized users to download FAQ attachments...

6.5CVSS5.8AI score0.0042EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/01/17 12:47 a.m.11 views

SUSE CVE-2022-21589

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 5.7.39 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromi...

4.3CVSS4.6AI score0.00911EPSS
Exploits0References2
CVE
CVE
added 2025/12/29 3:18 p.m.11 views

CVE-2025-68951

CVE-2025-68951 affects phpMyFAQ. Versions 4.0.14 and 4.0.15 contain a stored XSS vulnerability where an attacker’s HTML entities in a display_name are decoded server-side and rendered unescaped in the admin user list (Twig |raw), enabling script execution in an administrator’s context. A patch ex...

6.1CVSS5.6AI score0.0023EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2025/08/25 2:15 p.m.5 views

CVE-2025-26467

Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on...

8.8CVSS0.00469EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/08/25 2:6 p.m.4 views

CVE-2025-26467

Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on...

8.8CVSS5.5AI score0.00964EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/21 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2024-21111

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 7.0.16. Easily...

7.8CVSS7.2AI score0.0178EPSS
Exploits3References2
SUSE CVE
SUSE CVE
added 2025/07/16 11:22 p.m.4 views

SUSE CVE-2025-40913

Net::Dropbear versions through 0.16 for Perl contains a dependency that may be susceptible to an integer overflow. Net::Dropbear embeds a version of the libtommath library that is susceptible to an integer overflow associated with CVE-2023-36328...

6.5CVSS6.9AI score0.00275EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 1:44 a.m.7 views

CVE-2023-5904

Cross-site Scripting XSS - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16...

5.4CVSS6AI score0.00449EPSS
Exploits1References1
Rows per page
Query Builder