Lucene search
K
GithubRecent

33268 matches found

Github Security Blog
Github Security Blog
added 2026/05/12 9:31 p.m.12 views

HashiCorp Nomad vulnerable to symlink attack

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-6959 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11...

6CVSS5.9AI score0.00169EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/12 9:31 p.m.15 views

HashiCorp Nomad’s exec2 task driver vulnerable to a symlink attack

HashiCorp Nomad’s exec2 task driver prior to 0.1.2 is vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-8052 is fixed in version 0.1.2 of the exec2 task driver...

6CVSS5.9AI score0.00129EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/12 9:31 p.m.13 views

HashiCorp Nomad vulnerable to a path traversal

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to code execution on the client host through a path traversal attack. This vulnerability CVE-2026-7474 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11...

8.8CVSS6.2AI score0.06892EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/12 6:30 p.m.12 views

Security feature bypass vulnerability in Azure Key Vault Keys library for Java

The Java Key Vault Keys library in the Azure SDK for Java contains an issue in the local cryptographic verification path where authentication tag comparison was implemented incorrectly. In affected applications that use the vulnerable local cryptography path, specially crafted encrypted input may...

9.1CVSS6AI score0.00479EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/12 6:30 p.m.14 views

llm CLI tool contains a code injection vulnerability via `--functions` command-line argument

The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide custom Python function definitions. However, the tool directly executes the provided code using the unsafe exec function...

9.8CVSS6.3AI score0.00327EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/12 6:30 p.m.17 views

Ludwig framework is vulnerable to insecure deserialization in its model serving component

The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization CWE-502 in its model serving component. When starting a model server with the ludwig serve command, the framework loads model weight files using torch.load without enabling the security-restrictive weightsonly=True...

9.8CVSS6.3AI score0.00497EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/12 6:30 p.m.12 views

mamba language model framework vulnerable to insecure deserialization when loading pre-trained models from HuggingFace Hub

The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization CWE-502 when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.frompretrained method uses torch.load to load the pytorchmodel.bin weight file without enabling the security-restrictive...

9.8CVSS6.1AI score0.00409EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/12 6:30 p.m.9 views

imgaug contains an insecure deserialization vulnerability in BackgroundAugmenter class within multicore.py module

The imgaug library thru 0.4.0 contains an insecure deserialization vulnerability in its BackgroundAugmenter class within the multicore.py module. The class uses Python's pickle module to deserialize data received via a multiprocessing queue in the augmentimagesworker method without any safety...

9.8CVSS6.5AI score0.00472EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/12 6:30 p.m.10 views

Ludwig framework is vulnerable to insecure deserialization through its predict() method.

The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization CWE-502 through its predict method. When a user provides a dataset file path to the predict method, the framework automatically determines the file format. If the file is a pickle .pkl file, it is loaded using...

9.8CVSS6.3AI score0.006EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/12 6:30 p.m.15 views

mem0 server lacks authentication and authorization controls for its memory deletion API endpoint

The mem0 1.0.0 server lacks authentication and authorization controls for its memory deletion API endpoint DELETE /memories. The endpoint allows unauthenticated users to delete memory records by specifying arbitrary user identifiers e.g., userid, runid, agentid in the request query parameters. A...

6.5CVSS6AI score0.00386EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/12 6:30 p.m.11 views

mem0 server lacks authentication and authorization controls for its memory creation API endpoint

The mem0 1.0.0 server lacks authentication and authorization controls for its memory creation API endpoint POST /memories. The endpoint allows unauthenticated users to submit arbitrary memory records without verifying their identity or permissions. A remote attacker can exploit this by sending...

5.3CVSS6AI score0.00335EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/12 6:30 p.m.13 views

mem0 server lacks authentication and authorization controls for its memory management API endpoints

The mem0 1.0.0 server lacks authentication and authorization controls for its memory management API endpoints. Critical functions such as updating memory records PUT /memories/memoryid are exposed without any verification of the requester's identity or permissions. A remote attacker can exploit...

7.5CVSS5.9AI score0.00372EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/12 6:30 p.m.11 views

Guardrails AI contains a code injection vulnerability in its Hub package installation mechanism

Guardrails AI thru 0.6.7 contains a code injection vulnerability CWE-94 in its Hub package installation mechanism. When installing validator packages via guardrails hub install, the system retrieves a manifest from the Guardrails Hub and dynamically executes a script specified in the postinstall...

9.8CVSS6.3AI score0.00635EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/12 6:30 p.m.15 views

Horovod contains an insecure deserialization vulnerability in its KVStore HTTP server component

Horovod thru 0.28.1 contains an insecure deserialization vulnerability CWE-502 in its KVStore HTTP server component. The KVStore server, used for distributed task coordination, lacks authentication and authorization controls, allowing any remote attacker to write arbitrary data via HTTP PUT...

9.8CVSS6.4AI score0.00687EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/12 6:30 p.m.8 views

Open Source Kubectl MCP Server vulnerable to arbitrary code execution via user interaction with crafted HTML page

An issue in Open Source Kubectl MCP Server v1.1.1 allows attackers to execute arbitrary code on a victim system via user interaction with a crafted HTML page...

9.8CVSS5.9AI score0.00578EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/12 6:30 p.m.12 views

Apache Tomcat: Unbounded read in WebDAV LOCK and PROPFIND handling

Versions Affected: Apache Tomcat 11.0.0-M1 to 11.0.21 Apache Tomcat 10.1.0-M1 to 10.1.54 Apache Tomcat 9.0.0.M1 to 9.0.117 Older, unsupported versions may also be affected Description: No limit was enforced on the request body for WebDAV LOCK or PROPFIND requests which were available to...

7.5CVSS5.8AI score0.0078EPSS
Exploits0References10Affected Software3
Github Security Blog
Github Security Blog
added 2026/05/12 6:30 p.m.45 views

Apache Tomcat - Digest authenticator will authenticate any unknown user

Versions Affected: Apache Tomcat 11.0.0-M1 to 11.0.21 Apache Tomcat 10.1.0-M1 to 10.1.54 Apache Tomcat 9.0.0.M1 to 9.0.117 Older, unsupported versions may also be affected Description: When DIGEST authentication was configured, any user not known to the configured Realm would be authenticated if...

9.8CVSS5.8AI score0.01233EPSS
Exploits1References10Affected Software3
Github Security Blog
Github Security Blog
added 2026/05/12 6:30 p.m.15 views

Apache Tomcat - Security constraints not correctly applied

Versions Affected: Apache Tomcat 11.0.0-M1 to 11.0.21 Apache Tomcat 10.1.0-M1 to 10.1.54 Apache Tomcat 9.0.0.M1 to 9.0.117 Older, unsupported versions may also be affected Description: When multiple security constraints defined an HTTP method constraint for the same extension pattern, only the...

9.1CVSS5.8AI score0.01136EPSS
Exploits1References10Affected Software3
Github Security Blog
Github Security Blog
added 2026/05/12 6:30 p.m.19 views

Apache Tomcat - HTTP/2 request headers not validated

Versions Affected: Apache Tomcat 11.0.0-M1 to 11.0.21 Apache Tomcat 10.1.0-M1 to 10.1.54 Apache Tomcat 9.0.0.M1 to 9.0.117 Older, unsupported versions may also be affected Description: HTTP/2 request headers were not validated which may have triggered unexpected application behaviour if the...

9.8CVSS5.8AI score0.01339EPSS
Exploits0References16Affected Software3
Github Security Blog
Github Security Blog
added 2026/05/12 6:30 p.m.16 views

Superduper: Remote code execution via unsafe eval in superduper query parsing

The superduper project thru v0.10.0 contains a critical remote code execution vulnerability in its query parsing component. The parseoppart function in query.py uses the unsafe eval function to dynamically evaluate user-supplied query operands without proper sanitization or restriction. Although...

8.8CVSS6.5AI score0.00405EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/12 6:30 p.m.28 views

Apache Tomcat: LockOutRealm treats user names as case-sensitive

Improper Handling of Case Sensitivity vulnerability in LockOutRealm in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Older unsupported versions...

7.5CVSS5.7AI score0.00467EPSS
Exploits0References10Affected Software3
Github Security Blog
Github Security Blog
added 2026/05/12 6:30 p.m.11 views

Apache Tomcat - AJP secret compared in non-constant time

Versions Affected: Apache Tomcat 11.0.0-M1 to 11.0.21 Apache Tomcat 10.1.0-M1 to 10.1.54 Apache Tomcat 9.0.0.M1 to 9.0.117 Older, unsupported versions may also be affected Description: The AJP secret was compared in non-constant time allowing an attacker on the local network to mount a timing...

3.7CVSS5.8AI score0.00352EPSS
Exploits0References10Affected Software3
Github Security Blog
Github Security Blog
added 2026/05/12 6:30 p.m.20 views

Apache Tomcat - WebSocket authentication header exposure

Versions Affected: Apache Tomcat 11.0.0-M1 to 11.0.21 Apache Tomcat 10.1.0-M1 to 10.1.54 Apache Tomcat 9.0.2 to 9.0.117 Older, unsupported versions may also be affected Description: If a WebSocket request was redirected after authentication, Tomcat's WebSocket client would present the most recent...

7.3CVSS5.8AI score0.00548EPSS
Exploits0References10Affected Software3
Github Security Blog
Github Security Blog
added 2026/05/12 6:30 p.m.15 views

PyTorch Lightning load_from_checkpoint has an insecure checkpoint deserialization

PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability CWE-502 in the checkpoint loading mechanism. The LightningModule.loadfromcheckpoint method, which is commonly used to load saved model states, internally calls torch.load without setting the...

8.8CVSS6.3AI score0.00385EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/12 6:30 p.m.12 views

Snorkel Trainer.load uses an unsafe torch.load

The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability CWE-502 in the Trainer.load method of the Trainer class. The method loads model checkpoint files using torch.load without enabling the security-restrictive weightsonly=True parameter. This default behavior allows...

8.8CVSS6.3AI score0.00392EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/12 6:30 p.m.10 views

PySyft server-side arbitrary Python execution after code approval

PySyft Syft Datasite/Server versions 0.9.5 and earlier are vulnerable to remote code execution due to insufficient validation and sandboxing of user-submitted code. The system allows low-privileged users to submit Python functions via @sy.syftfunction for remote execution on the server. While a...

9.8CVSS6.7AI score0.00631EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/12 6:30 p.m.11 views

Snorkel BaseLabeler.load uses an unsafe pickle.load

The snorkel library thru v0.10.0 contains a critical insecure deserialization vulnerability CWE-502 in the BaseLabeler.load method of the BaseLabeler class. The method loads serialized labeler models using the unsafe pickle.load function on user-supplied file paths without any validation or...

8.8CVSS6.5AI score0.00392EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/12 6:30 p.m.15 views

Snorkel MultitaskClassifier.load uses an unsafe torch.load

The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability CWE-502 in the MultitaskClassifier.load method of the MultitaskClassifier class. The method loads model weight files using torch.load without enabling the security-restrictive weightsonly=True parameter. This...

8.8CVSS6.3AI score0.00392EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/12 4:17 p.m.12 views

OpenClaude Sandbox Bypass via Model-Controlled `dangerouslyDisableSandbox` Input

Summary The dangerouslyDisableSandbox parameter is exposed as part of the BashTool input schema, meaning the LLM an untrusted principal per the project's own threat model can set it to true in any tooluse response. Combined with the default allowUnsandboxedCommands: true setting, a prompt-injecte...

9.8CVSS6.4AI score0.00544EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/12 3:34 p.m.10 views

OpenClaude MCP OAuth Callback: State Check Bypass via error Param Leads to DoS

OAuth State Validation Bypass via error Parameter Causes Local Server DoS in MCP Auth Callback --- Description The OpenClaude MCP authentication flow starts a temporary local HTTP server to handle OAuth callbacks. To prevent CSRF attacks, the server validates a state parameter against an internal...

6.5CVSS5.9AI score0.00219EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/12 3:9 p.m.13 views

Decimal: Unbounded exponent in `Decimal.new` enables unauthenticated DoS

Summary decimal doesn't bound the exponent on parsed input, so something like "1e10000000" is parsed fine but then explodes the memory to more than 7GB if you run e.g. Decimal.addDecimal.parse"1e10000000", 1 because for positive exp, the function tail-recurses with coef 10 and exp - 1 per...

6.9CVSS5.8AI score0.00321EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/12 3:9 p.m.12 views

sealed-env: TOTP secret embedded in unseal token payload (enterprise mode)

In sealed-env enterprise mode, versions 0.1.0-alpha.1 through 0.1.0-alpha.3 embedded the operator's literal TOTP secret in the JWS payload of every minted unseal token. JWS payload is base64-encoded JSON, NOT encrypted. Any party who could observe a minted token CI build logs, container env dumps...

9.1CVSS5.8AI score0.00326EPSS
Exploits1References3Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/12 3:8 p.m.17 views

Dalfox has an Unauthenticated Remote DoS via Closed-Channel Write in `ParameterAnalysis` (server mode)

Summary ParameterAnalysis in pkg/scanning/parameterAnalysis.go runs two sequential worker stages that both write to the same results channel. The channel is correctly closed after the first stage completes closeresults at line 438, but the second stage — which processes POST-body parameters dp — ...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/12 3:8 p.m.10 views

Dalfox Server Mode has an Unauthenticated Arbitrary File Create/Append via `output` Option

Summary When dalfox is run in REST API server mode, the output, output-all, and debug fields in model.Options are JSON-tagged and deserialized directly from the attacker's request body, then propagated unchanged through dalfox.Initialize into the scan engine's logging path. The logger opens the...

8.2CVSS6AI score0.00243EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/12 3:8 p.m.11 views

Dalfox Server Mode has an Unauthenticated Arbitrary File Read with Out-of-Band Exfiltration via `custom-payload-file`

Summary When dalfox is run in REST API server mode, the custom-payload-file field in model.Options is JSON-tagged and deserialized directly from the attacker's request body, then propagated unchanged through dalfox.Initialize into the scan engine. The engine passes the value to...

7.5CVSS6AI score0.00251EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/12 3:7 p.m.12 views

Dalfox Server Mode Vulnerable to Unauthenticated Remote Code Execution via `found-action`

GHSA: Unauthenticated Remote Code Execution via found-action in Dalfox Server Mode Summary When dalfox is started in REST API server mode dalfox server, the server binds to 0.0.0.0:6664 by default and requires no API key unless the operator explicitly passes --api-key. Because model.Options —...

10CVSS6.4AI score0.01051EPSS
Exploits2References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/12 3:6 p.m.51 views

protobuf.js: Code injection in pbjs static output from crafted schema names

Summary pbjs static code generation could emit unsafe JavaScript identifiers derived from schema-controlled names. When generating static JavaScript from a crafted schema or JSON descriptor, certain namespace, enum, service, or derived full names could be written into the generated output without...

8.7CVSS5.9AI score0.00395EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/12 3:6 p.m.44 views

protobuf.js: Denial of service from crafted field names in generated code

Summary protobufjs generated JavaScript property accessors from schema-controlled field and oneof names. Certain control characters in field names were not escaped before being embedded into generated function bodies. A crafted schema or JSON descriptor could therefore cause generated encode,...

5.3CVSS6.2AI score0.00431EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/12 3:6 p.m.18 views

protobuf.js: Code injection through bytes field defaults in generated toObject code

Summary protobufjs generated JavaScript for toObject conversion could include an unsafe expression derived from a schema-controlled bytes field default value. A crafted descriptor with a non-string default value for a bytes field could cause attacker-controlled code to be emitted into the generat...

8.8CVSS6.1AI score0.00392EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/12 3:1 p.m.15 views

protobuf.js: Prototype injection in generated message constructors

Summary protobufjs generated message constructors copied enumerable properties from a provided properties object without filtering the proto key. If an application constructed a message from an attacker-controlled plain object, an own enumerable proto property could alter the prototype of that...

5.3CVSS5.9AI score0.00264EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/12 3:1 p.m.133 views

protobuf.js: Code generation gadget after prototype pollution

Summary protobufjs used plain objects with inherited prototypes for internal type lookup tables used by generated encode and decode functions. If Object.prototype had already been polluted, those lookup tables could resolve attacker-controlled inherited properties as valid protobuf type...

8.1CVSS6AI score0.00499EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/12 3:1 p.m.20 views

protobuf.js: Process-wide denial of service through unsafe option paths

Summary protobufjs allowed certain schema option paths to traverse through inherited object properties while applying options. A crafted protobuf schema or JSON descriptor could cause option handling to write to properties on global JavaScript constructors, corrupting process-wide built-in...

7.5CVSS6.2AI score0.00374EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/12 3:1 p.m.59 views

protobuf.js: Denial of service through unbounded protobuf recursion

Summary protobufjs could recurse without a depth limit while decoding nested protobuf data. This affected both skipping unknown group fields and generated decoding of nested message fields. A crafted protobuf binary payload could cause the JavaScript call stack to be exhausted during decoding...

7.5CVSS5.7AI score0.0058EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/12 3:0 p.m.23 views

protobufjs has overlong UTF-8 decoding

Summary protobufjs includes a minimal UTF-8 decoder used in non-Node and fallback decoding paths. The affected decoder accepted overlong UTF-8 byte sequences and decoded them to their canonical characters instead of replacing them. The issue concerns overlong encodings and code points outside the...

5.3CVSS5.8AI score0.00301EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/12 2:59 p.m.17 views

protobuf.js is Vulnerable to OS Command Injection in the CLI

Summary pbts invoked JSDoc by building a shell command string from input file paths and executing it through childprocess.exec. File paths containing shell metacharacters could therefore be interpreted by the shell instead of being passed to JSDoc as plain arguments. Impact An attacker who can...

7.8CVSS6AI score0.00132EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/12 12:32 p.m.16 views

Spring AI: ChatMemory DEFAULT_CONVERSATION_ID causes unintended cross-user data leakage

Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could result in unintended data exposure between users...

7.5CVSS5.5AI score0.0026EPSS
Exploits0References4Affected Software3
Github Security Blog
Github Security Blog
added 2026/05/12 12:32 p.m.13 views

Spring AI: Prompt Injection via Memory Poisoning in PromptChatMemoryAdvisor

A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended way. Applications using the affected advisor with user-controlled input may be susceptible to manipulation of model behavior across conversation turns...

8.2CVSS5.7AI score0.00218EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/12 12:31 a.m.11 views

omec-project amf crashes when processing malformed LocationReports

A flaw has been found in omec-project amf up to 2.1.1. This vulnerability affects unknown code of the component NGAP Message Handler. Executing a manipulation can lead to memory corruption. The attack can be launched remotely. The exploit has been published and may be used. This patch is called...

5.3CVSS5.3AI score0.00309EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/12 12:12 a.m.28 views

Malware in @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys

Summary On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/ packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow...

9.6CVSS5.8AI score0.02342EPSS
Exploits3References8Affected Software42
Github Security Blog
Github Security Blog
added 2026/05/11 9:31 p.m.12 views

aiwaves-cn agents is vulnerable to resource consumption in the recall_relevant_memories_to_working_memory function

A weakness has been identified in aiwaves-cn agents up to e8c4e3c2d19739d3dff59e577d1c97090cc15f59. Affected by this issue is the function recallrelevantmemoriestoworkingmemory of the file core/cat/lookingglass/straycat.py of the component cheshirecatcore. This manipulation causes resource...

6.9CVSS5.7AI score0.0038EPSS
Exploits0References7Affected Software1
Total number of security vulnerabilities33268