Lucene search
K
GithubRecent

33225 matches found

Github Security Blog
Github Security Blog
added 2026/03/19 6:37 p.m.8 views

@keystone-6/core: `isFilterable` bypass via `cursor` parameter in findMany (CVE-2025-46720 incomplete fix)

Summary field.isFilterable access control can be bypassed in findMany queries by passing a cursor. This can be used to confirm the existence of records by protected field values. The fix for CVE-2025-46720 field-level isFilterable bypass for update and delete mutations added checks to the where...

4.3CVSS5.8AI score0.00257EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/19 6:31 p.m.5 views

Packetbeat does not properly validate an array index in multiple protocol parser components

Improper Validation of Array Index CWE-129 in multiple protocol parser components in Packetbeat can lead Denial of Service via Input Data Manipulation CAPEC-153. An attacker with the ability to send specially crafted, malformed network packets to a monitored network interface can trigger...

5.7CVSS5.8AI score0.00239EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/19 6:31 p.m.9 views

Metricbeat Allocates Memory with Excessive Size Value Leading to Denial of Service

Memory Allocation with Excessive Size Value CWE-789 in the Prometheus remotewrite HTTP handler in Metricbeat can lead Denial of Service via Excessive Allocation CAPEC-130...

5.7CVSS5.8AI score0.00179EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/19 6:31 p.m.10 views

PyMuPDF has a path traversal in _main_.py

A path traversal and arbitrary file write vulnerability exist in the embedded get function in 'main.py' in PyMuPDF version, 1.26.5...

8.2CVSS5.9AI score0.00354EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/19 6:21 p.m.6 views

Parse Server email verification resend page leaks user existence

Impact The Pages route and legacy PublicAPI route for resending email verification links return distinguishable responses depending on whether the provided username exists and has an unverified email. This allows an unauthenticated attacker to enumerate valid usernames by observing different...

6.3CVSS5.9AI score0.00322EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/19 6:10 p.m.10 views

skia-python vendors vulnerable libfreetype because of pinned cibuildwheel version

Impact The Linux wheels for skia-python vendor a vulnerable version of libfreetype that is affected by CVE-2025-27363 1. The root cause is a chain of unfortunate events: 1. skia-python builds wheels using pinned pypa/[email protected] 2 2. cibuildwheel 2.21.3 in turn pins manylinux container...

8.1CVSS6.7AI score0.26049EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/19 5:56 p.m.10 views

MinIO has JWT Algorithm Confusion in OIDC Authentication

Impact What kind of vulnerability is it? Who is impacted? A JWT algorithm confusion vulnerability in MinIO's OpenID Connect authentication allows an attacker who knows the OIDC ClientSecret to forge arbitrary identity tokens and obtain S3 credentials with any policy, including consoleAdmin. An...

9.8CVSS5.8AI score0.0041EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/19 5:55 p.m.5 views

Improper Authentication and Origin Validation Error in pyload-ng

Summary A Host Header Spoofing vulnerability in the @localcheck decorator allows unauthenticated external attackers to bypass local-only restrictions. This grants access to the Click'N'Load API endpoints, enabling attackers to remotely queue arbitrary downloads, leading to Server-Side Request...

6.5CVSS5.9AI score0.00183EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/19 5:54 p.m.12 views

bcrypt-ruby has an Integer Overflow that Causes Zero Key-Strengthening Iterations at Cost=31 on JRuby

Impact An integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. Impacted applications must be setting the cost to 31 to see this happen. The JRuby implementation of bcrypt-ruby BCrypt.java computes the key-strengthening round count as a...

7.5CVSS5.8AI score0.00228EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/19 5:49 p.m.11 views

SVG Injection via Unsanitized Options in @dicebear/core and @dicebear/initials

Summary SVG attribute values derived from user-supplied options backgroundColor, fontFamily, textColor were not XML-escaped before interpolation into SVG output. This could allow Cross-Site Scripting XSS when applications pass untrusted input to createAvatar and serve the resulting SVG inline or...

4.7CVSS5.8AI score0.00181EPSS
Exploits0References3Affected Software2
Github Security Blog
Github Security Blog
added 2026/03/19 5:47 p.m.4 views

Ella Core panics on malformed ULNASTransport Message without a Request Type

Summary Ella Core panics when processing malformed UL NAS Transport NAS messages without a Request Type. Impact An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. Fix Add a guar...

7.5CVSS5.8AI score0.00365EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/19 5:47 p.m.13 views

Ella Core panics on malformed NGAP Location Report

Summary Ella Core panics when processing a malformed NGAP LocationReport message with ue-presence-in-area-of-interest event type and omitting the optional UEPresenceInAreaOfInterestList IE. Impact An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service...

7.5CVSS5.8AI score0.00396EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/19 5:47 p.m.4 views

Ella Core panics on invalid PDU Session IDs in NGAP messages

Summary Ella Core panics when processing NGAP messages with invalid PDU Session IDs outside of 1-15. Impact An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. Fix Added PDU...

7.5CVSS5.8AI score0.00393EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/19 5:46 p.m.7 views

Intake has a Command Injection via shell() Expansion in Parameter Defaults

Summary The shell syntax within parameter default values appears to be automatically expanded during the catalog parsing process. If a catalog contains a parameter default such as shell, the command may be executed when the catalog source is accessed. This means that if a user loads a malicious...

8.8CVSS6AI score0.00428EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/19 5:46 p.m.11 views

Langflow has an Arbitrary File Write (RCE) via v2 API

Summary While reviewing the recent patch for CVE-2025-68478 External Control of File Name in v1.7.1, I discovered that the root architectural issue within LocalStorageService remains unresolved. Because the underlying storage layer lacks boundary containment checks, the system relies entirely on...

9.9CVSS6AI score0.01417EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/19 5:43 p.m.30 views

Prototype Pollution via parse() in NodeJS flatted

--- Summary The parse function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with the key "\proto\" returns Array.prototype via the...

9.8CVSS6AI score0.00808EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/19 5:43 p.m.7 views

Juju affected by Confused Deputy IDOR attack via Predictable user specified ID in Juju Secrets

Summary Predictable secret ID and lack of secret origin API enable confused deputy attacks on Juju workloads. Details A Juju application can create a secret and grant it to another integrated application grantee. When they do so, the secret owner has to communicate the secret id to the grantee. T...

6.6CVSS5.8AI score0.00269EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/19 5:43 p.m.7 views

Juju has unauthorized access to out-of-scope Kubernetes secrets

Summary Grantee is able to update secret content using the secret-set tool due to broad Kubernetes access policy. Implications are that it is possible, knowing a Kubernetes secret identifier e.g. name, to patch without affecting the secret, revealing the value, or, patching while affecting the...

8.8CVSS5.8AI score0.00303EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/19 5:32 p.m.7 views

Juju has unauthorized update of out-of-scope Vault secrets

An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within...

7.6CVSS5.8AI score0.00166EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/19 5:25 p.m.10 views

Denial of service via non-terminating SYLT frame parsing loop in tinytag

Summary tinytag 2.2.0 allows an attacker who can supply MP3 files for parsing to trigger a non-terminating loop while the library parses an ID3v2 SYLT synchronized lyrics frame. In server-side deployments that automatically parse attacker-supplied files, a single 498-byte MP3 can cause the parsin...

6.5CVSS5.8AI score0.0041EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/19 5:25 p.m.7 views

AVideo: IDOR - Any Admin Can Set Another User's Channel Password via setPassword.json.php

Summary The setPassword.json.php endpoint in the CustomizeUser plugin allows administrators to set a channel password for any user. Due to a logic error in how the submitted password value is processed, any password containing non-numeric characters is silently coerced to the integer zero before...

9.1CVSS5.8AI score0.00342EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/19 5:25 p.m.12 views

AVideo has an Open Redirect via Unvalidated redirectUri in userLogin.php

Summary WWBN/AVideo contains an open redirect vulnerability in the login flow where a user-supplied redirectUri parameter is reflected directly into a JavaScript document.location assignment without JavaScript-safe encoding. After a user completes the login popup flow, a timer callback executes t...

6.1CVSS5.7AI score0.0019EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/19 5:12 p.m.6 views

AVideo Affected by Stored XSS via Unescaped Video Title in CDN downloadButtons.php

Summary WWBN/AVideo contains a stored cross-site scripting vulnerability in the CDN plugin's download buttons component. The cleantitle field of a video record is interpolated directly into a JavaScript string literal without any escaping, allowing an attacker who can create or modify a video to...

8.2CVSS5.8AI score0.00216EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/19 5:12 p.m.6 views

AVideo Affected by SSRF in BulkEmbed Thumbnail Fetch Allows Reading Internal Network Resources

Summary The BulkEmbed plugin's save endpoint plugin/BulkEmbed/save.json.php fetches user-supplied thumbnail URLs via urlgetcontents without SSRF protection. Unlike all six other URL-fetching endpoints in AVideo that were hardened with isSSRFSafeURL, this code path was missed. An authenticated...

5CVSS5.9AI score0.00271EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/19 5:12 p.m.5 views

AVideo Affected by Arbitrary File Deletion via Path Traversal in CloneSite deleteDump Parameter

Summary The deleteDump parameter in plugin/CloneSite/cloneServer.json.php is passed directly to unlink without any path sanitization. An attacker with valid clone credentials can use path traversal sequences e.g., ../../ to delete arbitrary files on the server, including critical application file...

8.1CVSS6AI score0.00505EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/19 4:43 p.m.6 views

AVideo has an Authorization Bypass via Path Traversal in HLS Endpoint Allows Streaming Private/Paid Videos

Summary The HLS streaming endpoint view/hls.php is vulnerable to a path traversal attack that allows an unauthenticated attacker to stream any private or paid video on the platform. The videoDirectory GET parameter is used in two divergent code paths — one for authorization which truncates at the...

7.5CVSS5.8AI score0.00688EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/19 4:42 p.m.7 views

Cross-Site Tool Execution for HTTP Servers without Authorizatrion in github.com/modelcontextprotocol/go-sdk

The Go SDK's Streamable HTTP transport accepted browser-generated cross-site POST requests without validating the Origin header and without requiring Content-Type: application/json. In deployments without Authorization, especially stateless or sessionless configurations, this allows an arbitrary...

7.1CVSS5.8AI score0.00178EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/19 4:42 p.m.11 views

phpseclib's AES-CBC unpadding susceptible to padding oracle timing attack

Impact Those using AES in CBC mode may be susceptible to a padding oracle timing attack. Patches https://github.com/phpseclib/phpseclib/commit/ccc21aef71eb170e9bf819b167e67d1fd9e6e788 Workarounds Use AES in CTR, CFB or OFB modes References...

8.2CVSS5.7AI score0.00374EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/19 4:28 p.m.9 views

qui CORS Misconfiguration: Arbitrary Origins Trusted

Summary The application implements an HTML5 cross-origin resource sharing CORS policy that allows access from any domain. While the application is typically deployed within a trusted local network, successful exploitation of this weakness does not require any direct access to the instance by the...

9.6CVSS5.9AI score0.00257EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/19 4:27 p.m.9 views

step-ca has Unauthenticated Certificate Issuance via SCEP UpdateReq (MessageType=18)

Summary An attacker can force a Step CA SCEP provisioner to create certificates without completing certain protocol authorization checks. Details SCEP requests carry a message type. On receipt of a SCEP request, Step CA starts processing it by parsing its contents. Message types that were...

10CVSS6.4AI score0.00296EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/19 4:27 p.m.5 views

ormar Pydantic Validation Bypass via __pk_only__ and __excluded__ Kwargs Injection in Model Constructor

Summary A Pydantic validation bypass in ormar's model constructor allows any unauthenticated user to skip all field validation — type checks, constraints, @fieldvalidator/@modelvalidator decorators, choices enforcement, and required-field checks — by injecting "pkonly": true into a JSON request...

9.8CVSS6AI score0.01192EPSS
Exploits1References11Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/19 3:31 p.m.8 views

Duplicate Advisory: pgproto3: Negative field length panics in DataRow.Decode

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-jqcq-xjh3-6g23. This link is maintained to preserve external references. Original Description A flaw was found in pgproto3. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow...

5.7AI score0.00086EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/19 12:51 p.m.12 views

MCP Connect has unauthenticated remote OS command execution via /bridge endpoint

Summary When AUTHTOKEN and ACCESSTOKEN environment variables are not set which is the default out-of-the-box configuration the /bridge HTTP endpoint is completely unauthenticated. Any network-accessible caller can POST a request with an attacker-controlled serverPath and args payload, causing the...

6.7AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/19 12:50 p.m.5 views

Dasel has unbounded YAML alias expansion in dasel leads to CPU/memory denial of service

Summary dasel's YAML reader allows an attacker who can supply YAML for processing to trigger extreme CPU and memory consumption. The issue is in the library's own UnmarshalYAML implementation, which manually resolves alias nodes by recursively following yaml.Node.Alias pointers without any...

6.2CVSS5.9AI score0.00211EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/19 12:46 p.m.7 views

AVideo has Unauthenticated PGP Message Decryption via Public Endpoint

Summary The AVideo platform exposes a publicly accessible endpoint that performs server-side PGP decryption without requiring any form of authentication. Any anonymous user can submit a private key, ciphertext, and passphrase to the endpoint and receive the decrypted plaintext in the JSON respons...

5.9AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/19 12:45 p.m.6 views

Ruby JSON has a format string injection vulnerability

Impact A format string injection vulnerability than that lead to denial of service attacks or information disclosure, when the allowduplicatekey: false parsing option is used to parse user supplied documents. This option isn't the default, if you didn't opt-in to use it, you are not impacted...

9.1CVSS5.8AI score0.00838EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/19 12:45 p.m.9 views

AVideo has an OS Command Injection via Unescaped URL in LinkedIn Video Upload Shell Command

Summary The uploadVideoToLinkedIn method in the SocialMediaPublisher plugin constructs a shell command by directly interpolating an upload URL received from LinkedIn's API response, without sanitization via escapeshellarg. If an attacker can influence the LinkedIn API response via MITM, compromis...

7.5CVSS6.2AI score0.00323EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/19 12:44 p.m.5 views

Salvo Affected by Denial of Service via Unbounded Memory Allocation in Form Data Parsing

Summary Salvo's form data parsing implementations formdata method and Extractible macro do not enforce payload size limits before reading request bodies into memory. This allows attackers to cause Out-of-Memory OOM conditions by sending extremely large payloads, leading to service crashes and...

8.7CVSS5.7AI score0.00437EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/19 12:44 p.m.8 views

Salvo has a Path Traversal in salvo-proxy::encode_url_path allows API Gateway Bypass

Details A Path Traversal and Access Control Bypass vulnerability was discovered in the salvo-proxy component of the Salvo Rust framework v0.89.2. The vulnerability allows an unauthenticated external attacker to bypass proxy routing constraints and access unintended backend paths e.g., protected...

7.5CVSS5.8AI score0.00565EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/19 12:44 p.m.34 views

Improper handling of null Unicode character when parsing JSON in github.com/modelcontextprotocol/go-sdk

The Go SDK recently transitioned to the segmentio/encoding library for JSON parsing in version 1.3.1. While this change addressed both case-insensitivity and ASCII folding issues, the new parser implemented aggressive key matching that treated keys with null Unicode characters appended at the end...

5.8AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/19 12:43 p.m.5 views

AVideo has a Path Traversal in listFiles.json.php Enables Server Filesystem Enumeration

Summary The listFiles.json.php endpoint accepts a path POST parameter and passes it directly to glob without restricting the path to an allowed base directory. An authenticated uploader can traverse the entire server filesystem by supplying arbitrary absolute paths, enumerating .mp4 filenames and...

4.3CVSS6AI score0.00418EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/19 12:43 p.m.10 views

AVideo has SSRF in Scheduler Plugin via callbackURL Missing `isSSRFSafeURL()` Validation

Summary The Scheduler plugin's run function in plugin/Scheduler/Scheduler.php calls urlgetcontents with an admin-configurable callbackURL that is validated only by isValidURL URL format check. Unlike other AVideo endpoints that were recently patched for SSRF GHSA-9x67-f2v7-63rw,...

5.5CVSS6.1AI score0.00338EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/19 12:42 p.m.7 views

Juju affected by timing ownership claim attack on new external back-end secrets

A race condition in the secrets management subsystem of Juju versions 3.0.0 through 3.6.18 allows an authenticated unit agent to claim ownership of a newly initialized secret. Between generating a Juju Secret ID and creating the secret's first revision, an attacker authenticated as another unit...

5.3CVSS5.8AI score0.00233EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/19 12:42 p.m.10 views

NLTK has a Downloader Path Traversal Vulnerability (AFO) - Arbitrary File Overwrite

Vulnerability Description The NLTK downloader does not validate the subdir and id attributes when processing remote XML index files. Attackers can control a remote XML index server to provide malicious values containing path traversal sequences such as ../, which can lead to: 1. Arbitrary Directo...

8.1CVSS6AI score0.00487EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/19 12:42 p.m.11 views

Unauthenticated remote shutdown in nltk.app.wordnet_app

Summary nltk.app.wordnetapp allows unauthenticated remote shutdown of the local WordNet Browser HTTP server when it is started in its default mode. A simple GET /SHUTDOWN%20THE%20SERVER request causes the process to terminate immediately via os.exit0, resulting in a denial of service. Details The...

7.5CVSS5.9AI score0.00855EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/19 12:42 p.m.17 views

Claude Code has a Workspace Trust Dialog Bypass via Repo-Controlled Settings File

Claude Code resolved the permission mode from settings files, including the repo-controlled .claude/settings.json, before determining whether to display the workspace trust confirmation dialog. A malicious repository could set permissions.defaultMode to bypassPermissions in its committed...

8.8CVSS5.9AI score0.00337EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/19 3:30 a.m.16 views

Duplicate Advisory: OpenClaw's allow-always wrapper persistence could bypass future approvals and enable command execution

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6j27-pc5c-m8w8. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.22 contain an authorization bypass vulnerability in allow-always wrapper persistenc...

7.2CVSS6.5AI score0.00431EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/19 3:30 a.m.8 views

Duplicate Advisory: Synology Chat dmPolicy=allowlist failed open on empty allowedUserIds, allowing unauthorized agent dispatch

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-gw85-xp4q-5gp9. This link is maintained to preserve external references. Original Description OpenClaw versions 2026.2.22 and 2026.2.23 contain an authorization bypass vulnerability in the synology-chat channel...

9.8CVSS5.7AI score0.00321EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/19 3:30 a.m.8 views

Duplicate Advisory: allowlist exec-guard bypass via env -S

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-48wf-g7cp-gr3m. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.23 contain an allowlist bypass vulnerability in system.run guardrails that allows...

8.8CVSS5.8AI score0.00339EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/19 3:30 a.m.6 views

Duplicate Advisory: OpenClaw: stageSandboxMedia destination symlink traversal can overwrite files outside sandbox workspace

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-cfvj-7rx7-fc7c. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.3.2 contain a vulnerability in the stageSandboxMedia function in which it fails to...

7.1CVSS5.8AI score0.00134EPSS
Exploits0References5Affected Software1
Total number of security vulnerabilities33225