Lucene search
K
GithubRecent

33254 matches found

Github Security Blog
Github Security Blog
added 2026/05/18 5:44 p.m.19 views

Budibase: Row Action Trigger Bypasses View Row Filter Security Boundary Allowing Action on Out-of-Scope Rows

Summary The row action trigger endpoint POST /api/tables/:sourceId/actions/:actionId/trigger fails to validate that the user-supplied rowId is within the scope of the view's row filters. A user with access to a filtered view can trigger row actions on any row in the underlying table, including ro...

5.4CVSS5.9AI score0.00146EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 5:42 p.m.30 views

Budibase: Builder-to-Admin Privilege Escalation via onboardUsers Endpoint Without SMTP Configuration

Summary The POST /api/global/users/onboard endpoint is protected by workspaceBuilderOrAdmin middleware, allowing any user with builder permissions to access it. When SMTP email is not configured the default for self-hosted Budibase instances, this endpoint bypasses the admin-restricted invite flo...

8.8CVSS6AI score0.00261EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 5:41 p.m.16 views

n8n-MCP: Multi-tenant MCP requests fall back to process-level n8n credentials when tenant headers are absent or incomplete

Summary When ENABLEMULTITENANT=true, the HTTP transport documents that the target n8n instance is selected per-request from x-n8n-url / x-n8n-key headers. Requests that omitted those headers — or supplied only one of them — silently fell back to the process-level N8NAPIURL / N8NAPIKEY credentials...

8.1CVSS6.6AI score0.00235EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 5:40 p.m.20 views

multiparty vulnerable to ReDoS via filename parsing

Impact [email protected] and lower versions are vulnerable to denial of service via regular expression backtracking in the Content-Disposition filename parameter parser. A multipart upload with a long header value containing !filename="1 repeated can cause regex matching to take seconds, blocking...

7.5CVSS5.8AI score0.00335EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 5:35 p.m.35 views

multiparty vulnerable to Denial of Service via Uncaught Exception in filename* parameter parsing

Impact [email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a Content-Disposition: filename=utf-8'' header containing a malformed percent-encoding e.g., %FF, %GG, the parser invokes decodeURI on the value...

7.5CVSS5.8AI score0.00279EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 5:35 p.m.15 views

multiparty: Denial of Service via Prototype Pollution leads to Uncaught Exception

Impact [email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a field name that collides with an inherited Object.prototype property e.g., proto, constructor, toString, the parser invokes .push on the inherited...

7.5CVSS5.8AI score0.00473EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 5:34 p.m.18 views

Sulu: Used API Keys may be available via Admin API

Impact The users endpoint controller exposes a project's apiKey field to the logged-in user, provided they have permission for that endpoint. This only has impact if a project itself uses that specific field, Sulu itself does nothing with it and has no authentication per apiKey in its core. Patch...

5.8AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 5:27 p.m.18 views

Sulu: Weak Cryptographical usage for API Key generation and Reset Tokens

Impact The password reset tokenand API key generation uses a weak cryptographical hash algorithm. Patches Fixed in 2.6.23 and 3.0.6 version. Workarounds Patch the related User.php and ResettingController.php file in the SecurityBundle...

6.9CVSS5.8AI score0.00193EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 5:24 p.m.48 views

ruby-jwt: Empty-key HMAC bypass; cross-language sibling of CVE-2026-44351

JWT.decodetoken, '', true, algorithm: 'HS256' accepts an attacker-forged token. OpenSSL::HMAC.digest'SHA256', '', payload returns a valid digest under an empty key, and no raise InvalidKeyError if key.empty? precondition exists in the HMAC algorithm. JWT.decodetoken, "", true, algorithm: 'HS256' ...

9.1CVSS5.7AI score0.00236EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 5:23 p.m.15 views

Formie: Pre-authenticated server-side template injection in Hidden fields

Impact - Unauthenticated users could submit crafted values into Hidden fields with Default value → Custom that were evaluated as Twig during submission handling, which could lead to serious compromise of the Craft site depending on template/sandbox behavior. - Sites with public Formie forms that...

9.8CVSS5.7AI score0.00475EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 5:20 p.m.18 views

TinyIce: Missing authentication on WebRTC ingest endpoint allows unauthorized stream injection

Title Missing authentication on WebRTC ingest endpoint allows unauthenticated stream injection in TinyIce Ecosystem / Package - Ecosystem: Go or "Other" — TinyIce is shipped as a Go binary, not a Go module published to a registry - Package name: github.com/DatanoiseTV/tinyice Affected versions =...

8.2CVSS5.9AI score0.00357EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 5:7 p.m.13 views

@tmlmobilidade/utils has prototype pollution in its setValueAtPath

Impact Prototype pollution vulnerability in @tmlmobilidade/utils for setValueAtPath. Patches A fix is available in versions 20260509.0340.15 and up...

5.8AI score0.00055EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 5:0 p.m.20 views

LibreNMS: Cross-Site Scripting in ShowConfigController

Summary A Stored Cross-Site Scripting XSS vulnerability exists in the ShowConfig page of devices affected by the RANCID Integration settings. The application fails to properly sanitise the rancidrepourl configuration value. When a user navigates to a device's configuration page, this unsanitised...

4.8CVSS6.2AI score0.00225EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 5:0 p.m.13 views

dynoxide: DNS rebinding and cross-origin CSRF via MCP HTTP transport

Summary dynoxide's MCP HTTP transport was vulnerable to DNS rebinding via its transitive rmcp dependency, plus a related cross-origin CSRF gap. A malicious web page could make the user's browser send requests to a local dynoxide mcp --http or dynoxide serve --mcp server with a non-loopback Host...

8.8CVSS5.8AI score0.00213EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/18 4:43 p.m.13 views

parse-nested-form-data has Prototype Pollution via `__proto__` in FormData field names

Summary parseFormData walks bracket and dot-notation FormData field names into nested objects without filtering reserved property keys. A single FormData field whose name begins with proto, or contains .proto. mid-path, causes the parser to traverse onto Object.prototype and assign properties...

8.2CVSS5.9AI score0.00315EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 4:42 p.m.19 views

async-http-client: Cookie header not stripped on cross-origin redirect

Summary async-http-client leaks Cookie headers to cross-origin redirect targets. When following a redirect across a security boundary different origin, or HTTPS→HTTP downgrade, the propagatedHeaders method in Redirect30xInterceptor.java strips Authorization and Proxy-Authorization headers but doe...

7.4CVSS5.8AI score0.00322EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 4:41 p.m.21 views

Dozzle: Pre-auth SSRF with response-body reflection via POST /api/notifications/test-webhook (default no-auth deploy)

Summary In a default dozzle deploy the documented quickstart, no DOZZLEAUTHPROVIDER set, POST /api/notifications/test-webhook is reachable without authentication and forwards an attacker-controlled URL into a WebhookDispatcher that: - Sends an HTTP POST to the supplied URL with attacker-controlle...

8.6CVSS5.8AI score0.01491EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 4:37 p.m.24 views

shopper/framework: Race condition on Discount.usage_limit allows silent over-redemption

Impact CreateOrderFromCartAction::execute previously created the Order row before checking and incrementing the discount's totaluse counter. Under concurrent checkout pressure Black Friday, flash sale, viral coupon, the global usagelimit was silently exceeded: orders were committed with the...

5.9CVSS5.8AI score0.00239EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 4:34 p.m.24 views

shopper/framework: Authorization bypass in multiple Livewire admin components

Impact Multiple Livewire components in the admin panel allowed an authenticated low-privilege user to mutate data without the required permission: - Order detail Filament actions cancel, mark paid, mark complete, capture payment, archive, start processing were callable with readorders only and di...

8.1CVSS5.8AI score0.00258EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 4:33 p.m.16 views

iskorotkov/avro: CPU Exhaustion in Decoder

CPU Exhaustion in Avro Decoder via Unbounded Block-Count Iteration Summary The Avro array and map decoders looped over an attacker-controlled block-count value without checking the underlying reader's error state inside the loop body. Reader.ReadBlockHeader returns the count as a Go int, which is...

8.7CVSS7.2AI score0.00378EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 4:23 p.m.16 views

CI4MS: Stored XSS in Pages Module Content via Broken html_purify Validation Rule

Summary The Pages backend module registers the htmlpurify validation rule on language-keyed page content but persists the raw, un-purified POST value into the database. The public renderer for pages Home::index → app/Views/templates/default/pages.php emits $pageInfo-content without esc, yielding...

6.1AI score0.00062EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 4:22 p.m.20 views

iskorotkov/avro: Integer Overflow in Decoder

Integer Overflow in Avro Decoder Summary Several Avro decoder paths read attacker-controlled 64-bit values from the wire format and either narrowed them to platform-sized int before bounds-checking, or summed them with overflow-prone signed-int arithmetic. On 32-bit targets GOARCH=386, arm, mips,...

8.7CVSS7.2AI score0.00397EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 4:22 p.m.25 views

brace-expansion: Large numeric range defeats documented `max` DoS protection

The max option was being applied too late: When expanding a single large numeric range like 1..10000000, the sequence generation loop generates all 10 million intermediate elements before the max limit is applied With max=10, the output is correctly limited to 10 items, but the process still...

7.5CVSS5.8AI score0.00278EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 4:21 p.m.16 views

CI4MS Fileeditor allows deletion and rename of critical application files due to missing extension allowlist on destructive operations

Summary The Fileeditor module enforces an extension allowlist 'css','js','html','txt','json','sql','md' on content-write operations saveFile, createFile, but two destructive endpoints — deleteFileOrFolder and renameFile — never validate the extension of the source path. A backend user with...

6AI score0.00037EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 3:39 p.m.16 views

CI4MS: Stored XSS in Blog Content via Broken `html_purify` Validation Rule

Summary The custom htmlpurify validation rule used to sanitize blog post bodies relies on by-reference mutation ?string &$str, but CodeIgniter 4's validator passes a local copy of the value, so the sanitized text is silently discarded. The Blog controller writes $lanData'content' directly into...

5.7AI score0.00029EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 3:38 p.m.16 views

Microsoft DirectX12: .spritefont multiply overflow only in 32-bit builds

Impact The spritefont reader can be induced to perform a 32-bit overflow multiply that could in theory result in a RCE. This impacts the use of the DirectX Tool Kit SpriteFont class file loading ctor if given untrusted data files. Note this only applies to x86/ARM builds of the library. ARM64 and...

5.8AI score
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/18 3:38 p.m.27 views

Microsoft DirectX: .spritefont multiply overflow only in 32-bit builds

Impact The spritefont reader can be induced to perform a 32-bit overflow multiply that could in theory result in a RCE. This impacts the use of the DirectX Tool Kit SpriteFont class file loading ctor if given untrusted data files. Note this only applies to x86/ARM builds of the library. ARM64 and...

5.8AI score
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/18 3:37 p.m.21 views

eduMFA Passkeys: missing expiration flag may allow replay attacks and reuse of old challenges

Impact In eduMFA = 2.9.1 by adding validity information to the userless challenges. Workarounds No known workarounds besides disabling userless login altogether...

5.8AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 3:36 p.m.27 views

eduMFA: Incorrect InnoDB snapshot isolation possibly allows token reusage

Impact For deployments using MySQL or MariaDB = 11.6.2 the default is ON, which is not affected - Same rules applies for Galera with underlying MariaDB Patches Fixed in version 2.9.1 by locking rows prior to write with SELECT FOR UPDATE. Workarounds Set innodbsnapshotisolation to ON default in...

5.8AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 3:35 p.m.15 views

eduMFA: Unauthenticated Failcounter Increment on Resolver Tokens via /validate/check

Impact If the resolver parameter is passed, but the user does not exist, all failcounters of tokens in that resolver will be increased. Patches This, along with other issues, was fixed in eduMFA v2.9.1. Workarounds Limiting access to /validate/check to client applications i.e. Shibboleth/FreeRADI...

5.7AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 3:32 p.m.27 views

Statamic CMS: Server-Side Request Forgery via Glide

Impact The Glide image proxy's URL validation could be bypassed using an IP representation that wasn't normalized before the public-IP check. An unauthenticated user could cause the server to make HTTP requests to internal addresses — including loopback, private network, and cloud metadata...

5.4CVSS5.8AI score0.00151EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 3:31 p.m.73 views

ImageMagick: Heap Buffer Over-Read in IPTC encoder

When writing an IPTC output file a malicious input file could cause an out of bounds read of a single byte...

5.1CVSS5.8AI score0.0012EPSS
Exploits0References3Affected Software18
Github Security Blog
Github Security Blog
added 2026/05/18 2:51 p.m.21 views

Faraday has a possible incomplete fix for GHSA-33mh-2634-fwr2: protocol-relative URI objects still bypass host scoping

Summary Faraday::Connectionbuildexclusiveurl still allows protocol-relative host override when the request target is provided as a URI object instead of a String. This bypasses the February 2026 fix for GHSA-33mh-2634-fwr2 and can redirect a request built from a fixed-base Faraday::Connection to ...

6.5CVSS6AI score0.00272EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 2:20 p.m.18 views

Neotoma: Unauthenticated Inspector/API access via reverse-proxy loopback auth bypass

Neotoma versions starting at v0.6.0 can treat public reverse-proxied requests as local when the app receives them over a loopback socket and no Bearer token is present. In affected deployments, the REST auth middleware can resolve unauthenticated requests as the local development user, making the...

6.9CVSS5.8AI score0.00249EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 2:19 p.m.18 views

Arcane Backend: Unauthenticated reflected XSS via SVG color parameter enables admin account takeover

Summary The unauthenticated GET /api/app-images/logo endpoint reflects a user-supplied color query parameter into the body of an SVG document via strings.ReplaceAll with no escaping. The substitution lands inside a element of the embedded logo.svg, allowing an attacker to close the style block an...

8.2CVSS6AI score0.00185EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 1:59 p.m.23 views

Arcane Backend: OS Command Injection in Volume Browser ListDirectory via path query parameter

Summary GET /environments/id/volumes/volumeName/browse accepts a path query parameter that is passed to a shell command sh -c "find … | while …" inside an Arcane helper container. The path sanitiser blocks ../ traversal but does not strip Bourne-shell metacharacters such as $ or backticks, and...

6.3CVSS6.2AI score0.0021EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 1:44 p.m.16 views

Arcane Backend: Missing admin authorization on git repository endpoints allows non-admin users to exfiltrate stored Git credentials and tamper with GitOps configs

Summary Arcane's huma-based REST API exposes nine endpoints under /api/customize/git-repositories and /api/git-repositories/sync for managing GitOps source repositories and their stored credentials. Eight of those endpoints list, create, get, update, delete, test, listBranches, browseFiles never...

9.9CVSS5.8AI score0.00387EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 1:43 p.m.17 views

Sveltia CMS: Stored XSS in entry summary rendering via entity-decoded HTML

Impact A stored cross-site scripting XSS vulnerability affected entry summary rendering in Sveltia CMS. Entry summaries that allowed limited Markdown were parsed, sanitized, and then HTML entities were decoded. This order allowed specially crafted entity-encoded HTML, such as encoded tags or even...

5.8AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 1:40 p.m.12 views

Caddy: Unsafe Unicode Handling in FastCGI splitPos Allows Execution of Non-PHP Files

Summary The FastCGI transport's splitPos in modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go misuses golang.org/x/text/search with search.IgnoreCase when the request path contains a non-ASCII byte. Two distinct flaws in that fallback let an attacker mislead Caddy's FastCGI splitting into treatin...

9.8CVSS6.5AI score0.0058EPSS
Exploits2References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 1:31 p.m.48 views

webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins

Impact When webpack-dev-server is running on a non-HTTPS origin the default, cross-origin requests from malicious websites can load the dev server's JavaScript bundles via tags. The fix introduced in v5.2.1 CVE-2025-30359 relied on Sec-Fetch-Mode and Sec-Fetch-Site request headers to block these...

6.5CVSS6.5AI score0.00427EPSS
Exploits2References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 1:30 p.m.19 views

AVideo CVE-2026-43881 incomplete fix - `objects/mention.json.php:17` is an unauthenticated user enumeration sibling that survives `d9cdc7024`

CVE-2026-43881 fix d9cdc7024 patched users.json.php only. The same anti-pattern survives at master HEAD in: objects/mention.json.php:17 $ignoreAdmin = true; objects/mention.json.php:18 $users = User::getAllUsers$ignoreAdmin, 'name', 'email', 'user', 'channelName', 'a'; No User::loginCheck, no adm...

5.3CVSS5.8AI score0.0027EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 1:29 p.m.18 views

Spring AI MCP Security: Unvalidated URL Fetching (SSRF)

Summary The mcp-security framework fails to implement the mandatory SSRF mitigations outlined in the Model Context Protocol MCP security specifications. Specifically, it processes untrusted URLs for OAuth-related discovery and metadata without verifying if the targets are malicious or internal to...

7.2CVSS5.8AI score0.00198EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 1:28 p.m.15 views

form-data-objectizer: Prototype pollution in form-data-objectizer via bracket-notation form keys

Summary form-data-objectizer walks bracket-notation form keys e.g. namesub into nested objects without filtering proto, constructor, or prototype. A single HTTP form field whose name starts with proto... causes the library to mutate Object.prototype, which is a prototype pollution primitive of th...

8.2CVSS5.8AI score0.00282EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 1:27 p.m.26 views

Graphite Has a Pickle Deserialization Vulnerability

Impact Type of vulnerability: Insecure Deserialization via Python's pickle module. Who is impacted: Users of Graphite graph database engine versions before 0.2 who load database files from untrusted or third-party sources. An attacker could craft a malicious database file that executes arbitrary...

6AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 1:26 p.m.17 views

n8n-MCP: Workflow telemetry sanitizer could retain partial values from URL-shaped node parameters

Summary In affected versions of n8n-mcp, the workflow telemetry sanitizer could retain partial fragments of URL-shaped node parameters before sending workflow data to the project's anonymous telemetry backend. Values placed in HTTP-Request-style node parameters — such as customer or tenant...

6.5CVSS5.9AI score0.00262EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 1:26 p.m.20 views

Microsoft APM: Symlinks under `.apm/prompts/` and `.apm/agents/` are dereferenced during `apm install`, copying host-local file contents into the project tree

Summary Two primitive integrators in apm-cli enumerate package files with bare Path.glob / Path.rglob calls and read each match with Path.readtext, transparently following symbolic links. A symlink committed inside a remote APM dependency under .apm/prompts/.prompt.md or .apm/agents/.agent.md is...

7.4CVSS5.8AI score0.00654EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 12:59 p.m.18 views

iskorotkov/avro: Denial-of-Service Vulnerability in Decoder

Memory Exhaustion via Unbounded Map Allocations in Avro Decoder Summary The Avro map decoder accepted attacker-controlled block-element counts from the wire format and grew the destination map without enforcing an upper bound. The slice decoder already had Config.MaxSliceAllocSize for the...

7.5CVSS7.1AI score0.00804EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 12:31 p.m.17 views

SGLang's multimodal generation runtime has an unauthenticated path traversal vulnerability

SGLang's multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by including ../ sequences in the upload filename when sent to specific endpoints...

9.1CVSS5.9AI score0.00386EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 12:31 p.m.13 views

SGLanG: Multimodal scheduler deserializes untrusted pickle data on 0.0.0.0 ROUTER socket

SGLang's multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and contains a sink that calls pickle.loads on incoming messages, enabling RCE when exposed to the internet...

9.8CVSS5.8AI score0.00399EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 12:31 p.m.12 views

SGLang: Unauthenticated RCE via --enable-custom-logit-processor

SGLang's multimodal generation runtime is vulnerable to unauthenticated remote code execution when the --enable-custom-logit-processor option is enabled, as Python objects loaded via dill.loads will be deserialized without validation...

9.8CVSS6.4AI score0.00585EPSS
Exploits0References4Affected Software1
Total number of security vulnerabilities33254