Lucene search
+L
GithubRecent

33402 matches found

Github Security Blog
Github Security Blog
added 2025/10/14 9:30 p.m.13 views

Magento allows incorrect authorization

Magento versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not...

5.9CVSS6.6AI score0.00461EPSS
Exploits0References3Affected Software2
Github Security Blog
Github Security Blog
added 2025/10/14 9:30 p.m.10 views

Magento vulnerable to privilege escalation due to incorrect authorization

Magento versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to elevated privileges that...

6.5CVSS6.9AI score0.0036EPSS
Exploits0References3Affected Software2
Github Security Blog
Github Security Blog
added 2025/10/14 9:30 p.m.10 views

Magento vulnerable to stored Cross-Site Scripting (XSS)

Magento versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be...

8.1CVSS5.7AI score0.00564EPSS
Exploits0References3Affected Software2
Github Security Blog
Github Security Blog
added 2025/10/14 9:30 p.m.7 views

Magento provides incorrect authorization through a security feature bypass

Magento versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. A low-privileged attacker could leverage this vulnerability to bypass security measures and maintain unauthorized access. Exploitation of this...

8.1CVSS6.7AI score0.00502EPSS
Exploits0References3Affected Software2
Github Security Blog
Github Security Blog
added 2025/10/14 9:30 p.m.8 views

Magento vulnerable to stored Cross-Site Scripting (XSS)

Magento versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be...

4.8CVSS5.7AI score0.00252EPSS
Exploits0References3Affected Software2
Github Security Blog
Github Security Blog
added 2025/10/14 9:30 p.m.17 views

Flowise: Authenticated Command Execution and Sandbox Bypass via Puppeteer and Playwright Packages

Flowise v3.0.1 3.0.8 and all versions after with 'ALLOWBUILTINDEP' enabled contain an authenticated remote code execution vulnerability and node VM sandbox escape due to insecure use of integrated modules Puppeteer and Playwright within the nodevm execution environment. An authenticated attacker...

9.9CVSS8.2AI score0.06129EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/14 8:32 p.m.29 views

Microsoft Security Advisory CVE-2025-55315: .NET Security Feature Bypass Vulnerability

Microsoft Security Advisory CVE-2025-55315: .NET Security Feature Bypass Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 10.0 , ASP.NET Core 9.0 , ASP.NET Core 8.0, and ASP.NET Core 2.3. This advisory also...

9.9CVSS9.2AI score0.65838EPSS
Exploits5References5Affected Software13
Github Security Blog
Github Security Blog
added 2025/10/14 7:57 p.m.12 views

CometBFT's invalid BitArray handling can lead to network halt

Name: ASA-2025-003: Invalid BitArray handling can lead to network halt Criticality: High Considerable Impact; Possible Likelihood per ACMv1.2 Affected versions: = v0.38.18, = v0.37.15, and main development branches Affected users: Validators, Full nodes, Users Description A bug was discovered in...

7AI score
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/14 7:49 p.m.9 views

Mailgen has HTML Injection and XSS Filter Bypass in Plaintext Emails

Summary An HTML injection vulnerability in plaintext emails generated by Mailgen has been discovered. Your project is affected if you use the Mailgen.generatePlaintextemail method and pass in user-generated content. The issue was discovered and reported by Edoardo Ottavianelli @edoardottt. Detail...

6.3CVSS7.4AI score0.00395EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/14 7:36 p.m.13 views

Home Assistant has Stored XSS vulnerability in Energy dashboard from Energy Entity Name

Summary An authenticated party can add a malicious name to the Energy entity, allowing for Cross-Site Scripting attacks against anyone who can see the Energy dashboard, when they hover over any information point The blue bar in the picture below An alternative, and more impactful scenario, is tha...

9.3CVSS6.1AI score0.00512EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/14 6:43 p.m.16 views

Argo Workflow may expose artifact repository credentials

Summary An attacker who has permissions to read logs from pods in a namespace with Argo Workflow can read workflow-controller logs and get credentials to the artifact repository. Details An attacker, by reading the logs of the workflow controller pod, can access the artifact repository, and steal...

8.5CVSS6.8AI score0.00434EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/14 6:30 p.m.34 views

Playwright downloads and installs browsers without verifying the authenticity of the SSL certificate

Summary Use of curl with the -k or --insecure flag in installer scripts allows attackers to deliver arbitrary executables via Man-in-the-Middle MitM attacks. This can lead to full system compromise, as the downloaded files are installed as privileged applications. Details The following scripts in...

5.3CVSS7.8AI score0.0022EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/14 6:30 p.m.7 views

JDBC Driver for SQL Server has improper input validation issue

Improper input validation in JDBC Driver for SQL Server allows an unauthorized attacker to perform spoofing over a network...

8.1CVSS7.4AI score0.00685EPSS
Exploits0References12Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/14 6:30 p.m.11 views

Duplicate Advisory: Microsoft Security Advisory CVE-2025-55248: .NET Information Disclosure Vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-gwq6-fmvp-qp68. This link is maintained to preserve external references. Original Description Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose...

5.7CVSS6.6AI score0.00671EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/14 6:30 p.m.11 views

Duplicate Advisory: Microsoft Security Advisory CVE-2025-55247 | .NET Denial of Service Vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-w3q9-fxm7-j8fq. This link is maintained to preserve external references. Original Description Improper link resolution before file access 'link following' in .NET allows an authorized attacker to elevate...

7.3CVSS6.9AI score0.00556EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/14 6:0 p.m.8 views

Argo Workflow has a Zipslip Vulnerability

Vulnerability Description Vulnerability Overview 1. During the artifact extraction process, the unpack function extracts the compressed file to a temporary directory /etc.tmpdir and then attempts to move its contents to /etc using the rename system call, 2. However, since /etc is an already...

8.8CVSS7AI score0.00551EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/14 3:31 p.m.9 views

Apache Geode web-api is vulnerable to Cross-site Scripting

Malicious script injection 'Cross-site Scripting' vulnerability in Apache Geode web-api REST. This vulnerability allows an attacker that tricks a logged-in user into clicking a specially-crafted link to execute code on the returned page, which could lead to theft of the user's session information...

6.1CVSS7.5AI score0.00643EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/14 12:31 a.m.10 views

Liferay has Incorrect Permission Assignment for Critical Resource

Liferay Portal 7.3.0 through 7.4.3.119, and Liferay DXP 2023.Q3.1 through 2023.Q3.8, 2023.Q4.0 through 2023.Q4.5, 7.4 GA through update 92 and 7.3 GA though update 36 shows content to users who do not have permission to view it via the Menu Display Widget. This security flaw could result in...

6.5CVSS6.5AI score0.00251EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/13 10:11 p.m.12 views

LibreNMS is vulnerable to Reflected-XSS in `report_this` function

Summary Reflected-XSS in reportthis function in librenms/includes/functions.php Details Recently, it was discovered that the reportthis function had improper filtering htmlentities function was incorrectly used in a href environment, which caused the projectissues parameter to trigger an XSS...

6.9CVSS6.6AI score0.00231EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/13 9:31 p.m.9 views

Liferay Mentions Web is Vulnerable to Cross-site Scripting

Multiple stored cross-site scripting XSS vulnerabilities in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and older unsupported versions allow remote authenticated users t...

5.4CVSS5.7AI score0.00205EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/13 9:31 p.m.14 views

Liferay Commerce Order Content Web is Vulnerable to Authorization Bypass Through User-Controlled Key

Insecure Direct Object Reference IDOR vulnerability with shipment addresses in Liferay DXP 2023.Q4.1 through 2023.Q4.5 allows remote authenticated users to from one virtual instance to view the shipment addresses of different virtual instance via the...

5.3CVSS6.8AI score0.00254EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/13 9:31 p.m.10 views

Liferay is Vulnerable to Authorization Bypass Through User-Controlled Key

Insecure Direct Object Reference IDOR vulnerability in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows remote authenticated users in o...

5.3CVSS6.9AI score0.00248EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/13 9:31 p.m.11 views

Liferay Account Admin Web vulnerable to Authorization Bypass Through User-Controlled Key

Insecure Direct Object Reference IDOR vulnerability with account addresses in Liferay Portal 7.4.3.4 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote authenticated users to from one account to view addresses fr...

5.3CVSS6.8AI score0.00279EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/13 8:19 p.m.9 views

tracexec has `env` command argument injection via environment variables starting with dash in traced exec events

Impact For tracexec's command line reconstruction feature, when a traced process executes another process with a environment variable where the key starts with a dash, tracexec incorrectly shows its commandline where such environment variables could cause argument injection for the env command...

7.4AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/13 8:9 p.m.9 views

Omni vulnerable to information leak via API

Impact Omni might leak sensitive information via an API. Patches v1.1.5, v1.0.2 and v1.2.0 contain the patch. Workarounds None. References None...

8.6CVSS6.7AI score0.00291EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/13 7:59 p.m.9 views

Omni is Vulnerable to DoS via Empty Create/Update Resource Requests

Summary A nil pointer dereference vulnerability in the Omni Resource Service allows unauthenticated users to cause a server panic and denial of service by sending empty create/update resource requests through the API endpoints. Details The vulnerability exists in the isSensitiveSpec function whic...

7.5CVSS7.1AI score0.00542EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/13 6:31 p.m.24 views

MongoDB Rust Driver has certificate validation disabled when `tlsInsecure=False` appears in connection string

When tlsInsecure=False appears in a connection string, certificate validation is disabled. This vulnerability affects MongoDB Rust Driver versions prior to v3.2.5...

8CVSS6.8AI score0.00165EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/13 6:31 p.m.10 views

Liferay Publications vulnerable to Authorization Bypass Through User-Controlled Key

Insecure direct object reference IDOR vulnerability in Publications in Liferay Portal 7.3.1 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92, and 7.3 GA through update 36 allows remote authenticated attackers to view the edi...

4.8CVSS6.8AI score0.00264EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/13 6:31 p.m.7 views

llama-index has Insecure Temporary File

The llamaindex library version 0.12.33 sets the NLTK data directory to a subdirectory of the codebase by default, which is world-writable in multi-user environments. This configuration allows local users to overwrite, delete, or corrupt NLTK data files, leading to potential denial of service, dat...

7.8CVSS6.7AI score0.00171EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/13 6:31 p.m.11 views

Liferay Publications is vulnerable to Incorrect Authorization

Insecure direct object reference IDOR vulnerability in Publications in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote authenticated attackers to view publication comments via the...

5.4CVSS6.8AI score0.00225EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/13 5:43 p.m.9 views

CommandKit has incorrect command name exposure in context object for message command aliases

Impact A logic flaw exists in the message command handler of CommandKit that affects how the commandName property is exposed to both middleware functions and command execution contexts when handling command aliases. When a message command is invoked using an alias, the ctx.commandName value...

6.1CVSS7.1AI score0.00152EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/13 1:33 p.m.10 views

Ash Framework: Filter authorization misapplies impossible bypass/runtime policies

Summary When using filter authorization, two edge cases could cause the policy compiler/authorizer to generate a permissive filter: 1. Bypass policies whose condition can never pass at runtime were compiled as ORANDcondition, compiledpolicies, NOTcondition. If the condition could never be true at...

8.6CVSS6.7AI score0.00464EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/13 12:31 p.m.9 views

QGIS QWC2 Cross-Site Scripting vulnerability

Cross-Site Scripting vulnerability in attribute table in QGIS QWC2 2025.08.14 allows an authorized attacker to plant arbitrary JavaScript code in the page...

6.9CVSS6.5AI score0.00395EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/11 1:30 a.m.9 views

cel-rust May Panic During Parsing of Invalid CEL Expressions

Summary Parsing certain malformed CEL expressions can cause the parser to panic, terminating the process. When the crate is used to evaluate untrusted expressions e.g., user-supplied input over an API, an attacker can send crafted input to trigger a denial of service DoS. Remediation Upgrade to...

7.5CVSS7AI score0.00331EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/10 11:46 p.m.18 views

Happy DOM: VM Context Escape can lead to Remote Code Execution

Escape of VM Context gives access to process level functionality Summary Happy DOM v19 and lower contains a security vulnerability that puts the owner system at the risk of RCE Remote Code Execution attacks. A Node.js VM Context is not an isolated environment, and if the user runs untrusted...

7.2CVSS7.5AI score0.00613EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/10 11:45 p.m.8 views

Parallax is vulnerable to DoS via malicious p2p message

Impact A vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node. In order to carry out the attack, the attacker establishes a peer connections to the victim, and sends a malicious GetBlockHeadersRequest message...

7AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/10 11:41 p.m.10 views

Astro's `X-Forwarded-Host` is reflected without validation

Summary When running Astro in on-demand rendering mode using a adapter such as the node adapter it is possible to maliciously send an X-Forwarded-Host header that is reflected when using the recommended Astro.url property as there is no validation that the value is safe. Details Astro reflects th...

6.5CVSS7AI score0.0038EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/10 10:55 p.m.12 views

Flowise is vulnerable to arbitrary file exposure through its ReadFileTool

Summary The ReadFileTool in Flowise does not restrict file path access, allowing authenticated attackers to exploit this vulnerability to read arbitrary files from the file system, potentially leading to remote command execution. Details Flowise supports providing ReadFileTool for large models to...

9.9CVSS6.6AI score0.12115EPSS
Exploits1References6Affected Software2
Github Security Blog
Github Security Blog
added 2025/10/10 10:54 p.m.9 views

Authlib : JWE zip=DEF decompression bomb enables DoS

Summary Authlib’s JWE zip=DEF path performs unbounded DEFLATE decompression. A very small ciphertext can expand into tens or hundreds of megabytes on decrypt, allowing an attacker who can supply decryptable tokens to exhaust memory and CPU and cause denial of service. Details - Affected component...

6.5CVSS6.5AI score0.00418EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/10 10:53 p.m.11 views

Allstar Reviewbot has Authentication Bypass via Hard-coded Webhook Secret

A vulnerability in Allstar’s Reviewbot component caused inbound webhook requests to be validated against a hard-coded, shared secret: https://github.com/ossf/allstar/blob/294ae985cc2facd0918e8d820e4196021aa0b914/pkg/reviewbot/reviewbot.goL59 The value used for the secret token was compiled into t...

8.2CVSS7.2AI score0.00369EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/10 10:53 p.m.9 views

python-ldap is Vulnerable to Improper Encoding or Escaping of Output and Improper Null Termination

Summary ldap.dn.escapednchars escapes \x00 incorrectly by emitting a backslash followed by a literal NUL byte instead of the RFC-4514 hex form \00. Any application that uses this helper to construct DNs from untrusted input can be made to consistently fail before a request is sent to the LDAP...

6.9CVSS7.2AI score0.00427EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/10 10:51 p.m.9 views

python-ldap has sanitization bypass in ldap.filter.escape_filter_chars

Summary The sanitization method ldap.filter.escapefilterchars can be tricked to skip escaping of special characters when a crafted list or dict is supplied as the assertionvalue parameter, and the non-default escapemode=1 is configured. Details The method ldap.filter.escapefilterchars supports 3...

6.9CVSS7.2AI score0.00301EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/10 9:31 p.m.9 views

Liferay Portal is vulnerable to CSRF through publication comments

Cross-site request forgery CSRF vulnerability in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote attackers to add and edit publication comments...

5.1CVSS7.1AI score0.00175EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/10 9:31 p.m.8 views

Bagisto is vulnerable to XSS through Admin Panel's product creation path

An authenticated stored XSS vulnerability exists in the Bagisto 2.3.6 admin panel's product creation path, allowing an attacker to upload a crafted SVG file containing malicious JavaScript code. This vulnerability can be exploited by an authenticated admin user to execute arbitrary JavaScript in...

8.3CVSS6.6AI score0.00383EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/10 9:31 p.m.10 views

PowerJob OpenAPIController is missing authorization

A security vulnerability has been detected in PowerJob up to 5.1.2. This vulnerability affects unknown code of the file /openApi/runJob of the component OpenAPIController. Such manipulation leads to missing authorization. The attack can be launched remotely. The exploit has been disclosed publicl...

7.5CVSS5.5AI score0.00426EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/10 8:28 p.m.18 views

Sinatra is vulnerable to ReDoS through ETag header value generation

Summary There is a denial of service vulnerability in the If-Match and If-None-Match header parsing component of Sinatra, if the etag method is used when constructing the response and you are using Ruby = 3.2...

7.5CVSS6.9AI score0.00458EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/10 8:26 p.m.8 views

Authlib is vulnerable to Denial of Service via Oversized JOSE Segments

Summary Authlib’s JOSE implementation accepts unbounded JWS/JWT header and signature segments. A remote attacker can craft a token whose base64url‑encoded header or signature spans hundreds of megabytes. During verification, Authlib decodes and parses the full input before it is rejected, driving...

7.5CVSS7.2AI score0.00596EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/10 6:31 p.m.10 views

PowerJob has Missing Authorization in its /user/list file

A weakness has been identified in PowerJob up to 5.1.2. This affects the function list of the file /user/list. This manipulation causes missing authorization. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited...

6.9CVSS5.3AI score0.01013EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/10 5:33 p.m.4 views

Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing

Summary Rack::RequestPOST reads the entire request body into memory for Content-Type: application/x-www-form-urlencoded, calling rack.input.readnil without enforcing a length or cap. Large request bodies can therefore be buffered completely into process memory before parsing, leading to denial of...

7.5CVSS6.9AI score0.00605EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/10 5:31 p.m.10 views

Rack has a Possible Information Disclosure Vulnerability

Summary A possible information disclosure vulnerability existed in Rack::Sendfile when running behind a proxy that supports x-sendfile headers such as Nginx. Specially crafted headers could cause Rack::Sendfile to miscommunicate with the proxy and trigger unintended internal requests, potentially...

5.8CVSS6.4AI score0.00434EPSS
Exploits0References7Affected Software1
Total number of security vulnerabilities33402