Lucene search
K
GithubRecent

33227 matches found

Github Security Blog
Github Security Blog
added 2026/04/30 12:31 a.m.14 views

mcp-server-semgrep has a Command Injection issue

A vulnerability was detected in VetCoders mcp-server-semgrep 1.0.0. This affects the function analyzeresults/filterresults/exportresults/compareresults/scandirectory/createrule of the file src/index.ts of the component MCP Interface. The manipulation of the argument ID results in os command...

7.5CVSS6.9AI score0.01394EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/29 11:11 p.m.12 views

CKAN has Unauthenticated SQL Injection and Authorization Bypass in `datastore_search_sql`

Impact A vulnerability in datastoresearchsql allowed attackers to inject SQL in order to gain access to private resources and PostgreSQL system information. Patches The issue has been patched in CKAN 2.10.10 and CKAN 2.11.5 Workarounds Disable the DataStore SQL search...

9.8CVSS5.7AI score0.01815EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/29 10:28 p.m.32 views

Claude SDK for TypeScript has Insecure Default File Permissions in Local Filesystem Memory Tool

The BetaLocalFilesystemMemoryTool in the Anthropic TypeScript SDK created memory files and directories using the Node.js default modes 0o666 for files, 0o777 for directories, leaving them world-readable on systems with a standard umask and world-writable in environments with a permissive umask su...

4.8CVSS5.3AI score0.00119EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/29 10:26 p.m.18 views

i18next-http-middleware has path traversal / SSRF via user-controlled language and namespace parameters

Summary Versions of i18next-http-middleware prior to 3.9.3 pass the user-controlled lng and ns values from getResourcesHandler directly into i18next.services.backendConnector.loadlanguages, namespaces, … without any sanitisation. Depending on which backend is configured, the unvalidated path...

8.2CVSS5.4AI score0.00387EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/29 10:23 p.m.8 views

netfoil's optional seccomp sandboxing was not applied

Summary The optional flag --filter-system-calls was not applied even if specified. Details This is a defense in depth feature to apply additional seccomp filters after the binary has started. The example config also sandboxes the binary with systemd. Impact Reduced sandboxing of the netfoil binar...

5.3AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/29 10:22 p.m.14 views

Netfoil has incorrect allowlist enforcement

Summary Rules could be bypassed by changing the first character: example.com could be be bypassed by e.g. fxample.com. Details Off-by-one error in the suffixtrie implementation. Impact The domain filter could be bypassed. Please note that DNS filtering alone is not enough to block malicious traff...

5.2AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/29 10:19 p.m.6 views

pygeoapi 0.23.x: Unauthenticated SSRF via OGC API - Processes Subscriber

Impact OGC API - Process execution requests can use the subscriber object to requests to internal HTTP services. Patches The issue has been patched in master branch and made available as part of the 0.23.3 release. The patch disables any HTTP requests made to internal resources by default unless...

8.6CVSS5.5AI score0.00454EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/29 10:18 p.m.14 views

pygeoapi 0.23.x: Path Traversal in STAC FileSystemProvider

Impact A raw string path concatenation vulnerability in pygeoapi's STAC FileSystemProvider plugin can allow for requests to STAC collection based collections to expose directories without authentication. The issue manifests when pygeoapi is deployed without a proxy or web front end that would...

7.5CVSS5.3AI score0.0051EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/29 10:12 p.m.7 views

Marked Vulnerable to OOM Denial of Service via Infinite Recursion in marked Tokenizer

Summary A critical Denial of Service DoS vulnerability exists in [email protected]. By providing a specific 3-byte input sequence a tab, a vertical tab, and a newline \x09\x0b\n—an unauthenticated attacker can trigger an infinite recursion loop during parsing. This leads to unbounded memory allocatio...

8.7CVSS5.7AI score0.00342EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/29 9:58 p.m.6 views

Admidio: OIDC Token Introspection Endpoint Returns Active for All Tokens Without Validation

Summary The OIDC token introspection endpoint /modules/sso/index.php/oidc/introspect always returns "active": true for every request, regardless of whether a valid token is provided, whether the token is expired, revoked, or completely fabricated. The endpoint performs no authentication of the...

6.8CVSS5.9AI score0.00323EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/29 9:57 p.m.9 views

Admidio Sends SAML Response to Unvalidated Assertion Consumer Service URL from AuthnRequest

Summary The SAML IdP implementation in Admidio's SSO module uses the AssertionConsumerServiceURL value directly from incoming SAML AuthnRequest messages as the destination for the SAML response, without validating it against the registered ACS URL smcacsurl stored in the database for the...

8.2CVSS6AI score0.0028EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/29 9:56 p.m.9 views

Admidio Ignores SAML Signature Validation Result, Processes Forged AuthnRequests and LogoutRequests

Summary The Admidio SAML Identity Provider implementation discards the return value of its validateSignature method at both call sites handleSSORequest line 418 and handleSLORequest line 613. The method returns error strings on failure rather than throwing exceptions, but the developer believed i...

8.2CVSS6.1AI score0.00191EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/29 9:54 p.m.10 views

Admidio has CSRF on Admin Preferences that Triggers Unauthorized Backup, .htaccess Write, and Email Send

Summary Several administrative operations in Admidio's preferences module database backup, test email, htaccess generation fire via GET requests with no CSRF token validation. Because SameSite=Lax cookies travel with top-level GET navigations, an attacker forces an authenticated admin to trigger...

3.5CVSS5.6AI score0.00117EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/29 9:53 p.m.10 views

Admidio Missing Minimum Administrator Check in Role Membership Removal

Summary Role::stopMembership does not verify whether removing a user from the administrator role leaves zero administrators. The deprecated Membership::stopMembership contains this safety check, but the current code path bypasses it. Any administrator can remove the last remaining other...

5.2CVSS5.4AI score0.00285EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/29 9:51 p.m.10 views

Admidio vulnerable to reflected XSS in msg_window.php via Square Bracket to HTML Tag Conversion

Summary An unauthenticated attacker can execute arbitrary JavaScript in any Admidio user's browser through a reflected XSS in system/msgwindow.php. The endpoint passes user input through htmlspecialchars, which does not encode square brackets. A subsequent call to Language::prepareTextPlaceholder...

6.1CVSS6AI score0.00181EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/29 9:49 p.m.10 views

Admidio has Inverted 2FA Reset Authorization Check that Lets Group Leaders Strip Admin TOTP

Summary A logic error in Admidio's two-factor authentication reset inverts the authorization check. Non-admin users cannot remove their own TOTP configuration, but they can remove other users' TOTP, including administrators. A group leader with profile edit rights on an admin account can strip th...

7.1CVSS5.4AI score0.00297EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/29 9:47 p.m.7 views

Admidio Leaks Hidden Profile Field Values via Blind Search Oracle in Member Assignment

Summary The member assignment DataTables endpoint membersassignmentdata.php includes hidden profile fields BIRTHDAY, STREET, CITY, POSTCODE, COUNTRY in its SQL search condition regardless of field visibility settings. While the JSON output correctly suppresses hidden columns via isVisible checks,...

2.7CVSS5.9AI score0.00258EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/29 9:46 p.m.12 views

Admidio's Missing Authorization on Inventory Module Destructive Endpoints Allows Any Authenticated User to Delete Items

Summary The Admidio inventory module enforces authorization for destructive operations delete, retire, reinstate only in the UI layer by conditionally rendering buttons. The backend POST handlers at modules/inventory.php for itemdelete, itemretire, itemreinstate, itempictureupload, itempicturesav...

6.5CVSS5.8AI score0.00227EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/29 9:44 p.m.37 views

Admidio Exposes Cross-Organization Member Data via Permission Check Mismatch in contacts_data.php

Summary The contactsdata.php endpoint uses a weaker permission check isAdministratorUsers, requiring only roledituser=true than the frontend UI contacts.php which correctly requires the stronger isAdministrator requiring roladministrator=true and the contactsshowall system setting. A user manager...

4.9CVSS5.7AI score0.00322EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/29 9:42 p.m.18 views

Admidio has Path Traversal via Unvalidated `name` Parameter in Document Add Mode that Enables Arbitrary Server File Read

Summary The add mode in modules/documents-files.php accepts a name parameter validated only as 'string' type HTML encoding, allowing path traversal characters ../ to pass through unfiltered. Combined with the absence of CSRF protection on this endpoint and SameSite=Lax session cookies, a...

4.5CVSS5.6AI score0.00362EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/29 9:37 p.m.14 views

Admidio has Path Traversal in ECard Preview that Allows Reading Arbitrary Server Files Including Database Credentials

Summary The ecardpreview.php endpoint does not validate that the ecardtemplate POST parameter is a safe filename before passing it to ECard::getEcardTemplate. An authenticated user can supply a path traversal payload e.g., ../config.php to read arbitrary files accessible to the web server process...

6.5CVSS5.9AI score0.00307EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/29 9:34 p.m.9 views

OpenClaw: Webchat audio embedding could read local files without local-root containment

Impact OpenClaw deployments before 2026.4.15 could embed host-local audio files into webchat responses without applying the local media root containment check used by other media-serving paths. If an attacker could influence an agent or tool-produced ReplyPayload.mediaUrl, the webchat audio...

5.4AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/29 9:31 p.m.7 views

mcpo-simple-server has a Path Traversal issue

A weakness has been identified in getsimpletool mcpo-simple-server up to 0.2.0. Affected is the function deletesharedprompt of the file src/mcposimpleserver/services/promptmanager/basemanager.py. This manipulation of the argument detail causes relative path traversal. It is possible to initiate t...

7.5CVSS6.8AI score0.00512EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/29 9:27 p.m.9 views

OpenClaw: Owner-enforced commands could accept wildcard channel senders as command owners

Impact OpenClaw deployments before 2026.4.21 could treat a non-owner sender as authorized for owner-enforced slash commands when all of the following were true: - a channel plugin declared commands.enforceOwnerForCommands: true; - the channel accepted wildcard inbound senders with allowFrom: ""; ...

4.2CVSS5.4AI score0.00237EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/29 9:25 p.m.30 views

n8n has XML Node Prototype Pollution that to RCE

Impact An authenticated user with permission to create or modify workflows could achieve global prototype pollution via the XML Node leading to RCE when combined with other nodes exploiting the prototype pollution. Patches The issue has been fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1. Use...

9.4CVSS5.3AI score0.00478EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/29 9:25 p.m.22 views

n8n has Prototype Pollution in XML Webhook Body Parser that Leads to RCE

Impact A flaw in the xml2js library used to parse XML request bodies in n8n's webhook handler allowed prototype pollution via a crafted XML payload. An authenticated user with permission to create or modify workflows could exploit this to pollute the JavaScript object prototype and, by chaining t...

9.4CVSS6.4AI score0.00851EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/29 9:23 p.m.10 views

n8n Vulnerable to XSS via MCP OAuth client

Impact An unauthenticated attacker could register a malicious MCP OAuth client with a crafted clientname. If a victim user authorized the OAuth consent dialog and a second user subsequently revoked that access, a toast notification would render the injected script. Clicking the link would execute...

9.6CVSS5.8AI score0.00332EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/29 9:22 p.m.19 views

n8n's Credential Authorization Bypass in dynamic-node-parameters Allows Foreign API Key Replay

Impact The dynamic-node-parameters endpoints did not verify whether the authenticated caller was authorized to use a supplied credential reference. An authenticated user with access to a shared workflow could supply a foreign credential ID in the request body, causing the backend to decrypt and u...

7.5CVSS5.7AI score0.0026EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/29 9:21 p.m.15 views

n8n has a Python Task Runner Sandbox Escape Vulnerability

Impact An authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. - This issue only affects instances where the Python Task Runner is enabled. Patches The issue has...

8.8CVSS6.4AI score0.00377EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/29 9:21 p.m.12 views

n8n has Public API Variables IDOR that Allows Cross-Project Secret Disclosure

Impact An authenticated user with a valid API key scoped to variable:list could read variables from projects they are not a member of by supplying an arbitrary projectId query parameter to the public API variables endpoint. The handler queried the variables repository directly without enforcing...

6.5CVSS5.7AI score0.00203EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/29 9:19 p.m.8 views

n8n Vulnerable to Unauthenticated Denial of Service via MCP Client Registration

Impact The MCP OAuth client registration endpoint accepted unauthenticated requests and stored client data without adequate resource controls. An unauthenticated remote attacker could exhaust server memory resources by sending large registration payloads, rendering the n8n instance unavailable. T...

8.7CVSS5.6AI score0.00487EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/29 9:17 p.m.14 views

n8n Vulnerable to Hijacking of Unauthenticated Chat Execution

Impact The /chat WebSocket endpoint used by the Chat Trigger node's Hosted Chat feature did not verify that an incoming connection was authorized to interact with the target execution. An unauthenticated remote attacker who could identify a valid execution ID for a workflow in a waiting state cou...

6.5CVSS6AI score0.00383EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/29 9:10 p.m.8 views

n8n has SQL Injection in SeaTable Node

Impact A flaw in the SeaTable node's row:search and row:get operations allowed user-controlled input to be concatenated directly into SQL query strings without escaping or parameterization. In workflows where external user input is passed via expressions into the SeaTable node's search or row...

8.8CVSS5.7AI score0.00342EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/29 9:10 p.m.19 views

n8n has Open Redirect in MCP OAuth Consent Flow

Impact The /mcp-oauth/register endpoint accepted OAuth client registrations without authentication, allowing arbitrary redirecturi values to be registered. When a user denies the MCP OAuth consent dialog, the handleDeny handler redirects the user to the registered redirecturi without validation,...

6.1CVSS5.7AI score0.00181EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/29 9:8 p.m.9 views

n8n has SQL Injection in Oracle Database Node via Limit Field

Impact A flaw in the Oracle Database node's select operation allowed user-controlled input passed into the Limit field via expressions to be interpolated directly into the SQL query without sanitization or parameterization. In workflows where external input is passed into the Limit field e.g., fr...

9.8CVSS6AI score0.00327EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/29 9:3 p.m.9 views

n8n has SQL Injection in Snowflake and MySQL Nodes

Impact The fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node or the legacy MySQL v1 node. Both nodes construct SQL queries by directly interpolating user-controlled table names, column names, and update keys into query strings without identifier escaping, enabling SQL injection against...

8.8CVSS5.8AI score0.00254EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/29 9:1 p.m.12 views

ipl/web is vulnerable to reflected XSS by malformed search requests

Impact The vulnerability allows an attacker to inject malicious Javascript into a victim's browser to run it in the context of Icinga Web. The victim needs to visit a specifically prepared website and may have no immediate chance to notice any wrongdoing. Patches Version 0.13.1 includes a fix for...

7.6CVSS5.3AI score0.00259EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/29 8:59 p.m.11 views

appsmith has SQL Injection in FilterDataService via Unsafe DROP TABLE Execution

Summary A SQL injection vulnerability exists in FilterDataServiceCE.java where the dropTable method constructs a SQL DROP TABLE statement using string concatenation with the table name. If the table name is derived from user input, this allows for arbitrary SQL command execution. Details The...

6.1AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/29 8:54 p.m.7 views

Nginx-UI has Server-Side Request Forgery (SSRF) via Cluster Proxy Middleware that Allows Access to Internal Services

Summary An authenticated user can perform Server-Side Request Forgery SSRF by creating a cluster node pointing to an arbitrary internal URL and then sending API requests with the X-Node-ID header. The Proxy middleware forwards these requests to the attacker-specified internal address, bypassing...

9.9CVSS5.9AI score0.00318EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/29 8:51 p.m.10 views

OpenID Connect nonce generated but never validated — ID token replay attack

Summary The roadiz/openid package generates an OIDC nonce in OAuth2LinkGenerator::generate and includes it in the authorization request sent to the identity provider, but never stores it and never validates it on the callback. The OpenIdJwtConfigurationFactory validation chain does not include a...

7.1CVSS5.6AI score0.00152EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/29 8:44 p.m.11 views

GoBGP has Remote Denial of Service (Panic) in UpdatePathAttrs4ByteAs via Malformed BGP UPDATE

Summary A remote Denial of Service DoS vulnerability exists in GoBGP where a malformed BGP UPDATE message can trigger a runtime error: index out of range panic. This occurs during the processing of 4-byte AS attributes when the message structure causes an internal slice index shift that is not...

7.5CVSS5.6AI score0.00503EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/29 8:43 p.m.13 views

GoBGP has Remote Denial of Service (Panic) via Malformed Well-known Path Attribute

Summary A remote Denial of Service DoS vulnerability exists in GoBGP due to a nil pointer dereference. When a malformed BGP UPDATE message contains an unrecognized Path Attribute marked as "Well-known," the daemon fails to interrupt the message handling flow. This results in an illegal memory...

7.5CVSS5.7AI score0.00503EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/29 8:42 p.m.9 views

CI4MS has Unrestricted PHP File Upload via Theme Installation that Leads to Authenticated Remote Code Execution

Summary A theme upload feature allows any authenticated backend user with theme-upload permission to achieve remote code execution RCE by uploading a crafted ZIP file. PHP files inside the ZIP are installed into the web-accessible public/ directory with no extension or content filtering, making...

8.6CVSS7.1AI score0.00501EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/29 8:41 p.m.10 views

fabric-sdk-java has ObjectInputStream.readObject() without ObjectInputFilter, which allows Java deserialization RCE

Summary This advisory covers the deprecated fabric-sdk-java client SDK. Channel.java implements readObject and exposes deSerializeChannel which call ObjectInputStream.readObject on untrusted byte arrays without configuring an ObjectInputFilter. This is the classic Java deserialization RCE pattern...

9.3CVSS5.8AI score0.0041EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/29 8:36 p.m.9 views

CKAN has CSRF exemption primed by anonymous requests

Views can be marked as exempt from CSRF protection Access to the views via tokens or unauthenticated requests marked the endpoint as not requiring CSRF protection. The marking was a member variable in flask-wtf.csrf.CSRFProtect, which was stored as a module level variable in the flaskapp...

6.1CVSS5.8AI score0.00124EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/29 8:33 p.m.10 views

CKAN has no certificate validation on STMP connection

Impact Configured SMTP server may be spoofed with any certificate e.g. self-signed, leaving credentials and all emails sent open to MITM attacks. Patches The vulnerability has been patched in CKAN 2.10.10 and CKAN 2.11.5...

8.7CVSS5.2AI score0.00194EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/29 8:24 p.m.13 views

PhpSpreadsheet has CPU Denial of Service via Unbounded Row Number in XLSX Row Dimensions

Summary The XLSX reader's ColumnAndRowAttributes::readRowAttributes method reads row numbers from XML attributes without validating them against the spreadsheet maximum row limit AddressRange::MAXROW = 1,048,576. An attacker can craft a minimal XLSX file 1.6KB containing a element that inflates...

7.5CVSS5.6AI score0.00395EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/29 8:23 p.m.9 views

PhpSpreadsheet has CPU Denial of Service via Unbounded Row Index in SpreadsheetML XML Reader

Summary The SpreadsheetML XML reader Reader\Xml does not validate the ss:Index row attribute against the maximum allowed row count AddressRange::MAXROW = 1,048,576. An attacker can craft a SpreadsheetML XML file with ss:Index="999999999" on a element, which inflates the internal cachedHighestRow ...

7.5CVSS5.6AI score0.00395EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/29 8:22 p.m.8 views

PhpSpreadsheet has SSRF/RCE in IOFactory::load when $filename is user controlled

The usage of isfile, used to verify if the $filename is indeed an actual file, by all? Reader implementations inside the helper function File::assertFile is php-wrapper aware, for any php wrappers implementing stat. The 3 wrappers ftp://, phar:// and ssh2.sftp://, all satisfy this requirement - 2...

9.8CVSS5.7AI score0.00712EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/29 8:17 p.m.10 views

OneCollector exporter reads unbounded HTTP response bodies

Summary When exporting telemetry to a back-end/collector over HTTP using the OpenTelemetry.Exporter.OneCollector exporter, if the request results in a unsuccessful request i.e. HTTP 4xx or 5xx, the response is read into memory with no upper-bound on the number of bytes consumed. This could cause...

5.9CVSS5.5AI score0.00338EPSS
Exploits0References5Affected Software1
Total number of security vulnerabilities33227