Lucene search
K
GithubRecent

33225 matches found

Github Security Blog
Github Security Blog
added 2026/04/25 11:29 p.m.10 views

Heimdall: Case-sensitive handling of URL-encoded slashes may lead to inconsistent path interpretation

Summary Heimdall handles URL-encoded slashes %2F in a case-sensitive manner, while percent-encoding is defined to be case-insensitive. As a result, the lowercase equivalent %2f is not recognized and therefore not processed as expected when allowencodedslashes is set to off the default setting. Th...

7.8CVSS5.3AI score0.00396EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/25 11:27 p.m.69 views

LiteLLM: Authenticated command execution via MCP stdio test endpoints

Impact Two endpoints used to preview an MCP server before saving it — POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list — accepted a full server configuration in the request body, including the command, args, and env fields used by the stdio transport. When called with a stdio...

8.8CVSS5.7AI score0.80188EPSS
Exploits2References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/25 9:30 p.m.14 views

Kratos has a Confused Deputy issue

A security flaw has been discovered in go-kratos kratos up to 2.9.2. This impacts the function NewServer of the file transport/http/server.go of the component http.DefaultServeMux Fallback Handler. The manipulation results in unintended intermediary. The attack may be launched remotely. The explo...

6.9CVSS5.6AI score0.00315EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/25 6:32 p.m.11 views

PicoClaw has an Injection issue in its Web Launcher Management Plane component

A vulnerability was detected in PicoClaw up to 0.2.4. Impacted is an unknown function of the file /api/gateway/restart of the component Web Launcher Management Plane. Performing a manipulation results in command injection. It is possible to initiate the attack remotely. The project was informed o...

9.8CVSS5.6AI score0.03132EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/25 6:32 p.m.9 views

AstrBot has Incomplete Filtering of Special Elements

A security flaw has been discovered in AstrBotDevs AstrBot up to 4.22.1. This affects the function createtemplate of the file astrbot/dashboard/routes/t2i.py of the component Dashboard API. The manipulation results in improper neutralization of special elements used in a template engine. The atta...

5.8CVSS5.5AI score0.00299EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/25 3:33 p.m.40 views

ShowDoc has an Injection vulnerability

A vulnerability was determined in star7th ShowDoc up to 2.10.10/3.6.2/3.8.0. Affected by this vulnerability is an unknown functionality of the file server/Application/Api/Controller/PageController.class.PHP of the component API Page Sort Endpoint. Executing a manipulation of the argument pages ca...

6.5CVSS6.4AI score0.00241EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/25 6:30 a.m.9 views

simple-git is vulnerable to Remote Code Execution

Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code Execution RCE due to an incomplete fix for CVE-2022-25912 that blocks the -c option but not the equivalent --config form. If untrusted input can reach the options argument passed to simple-git, an attacker may still...

9.8CVSS7.9AI score0.00877EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/24 8:45 p.m.16 views

electerm has Command Injection via runLinux funtion

Impact What kind of vulnerability is it? Who is impacted? Command Injection vulnerabilities in electerm: A command injection vulnerability exists in github.com/elcterm/electerm/npm/install.js:130. The runLinux function appends attacker-controlled remote version strings directly into an exec"rm -r...

9.8CVSS6.1AI score0.01302EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/24 8:43 p.m.13 views

wlc: print_html outputs API data without HTML escaping

Impact The HTML output format in wlc embeds API response data into HTML without escaping, allowing cross-site scripting when the output is rendered in a browser. Patches https://github.com/WeblateOrg/wlc/pull/1327 Workarounds The only vulnerable code path is HTML output which is opt-in. Reference...

5.1CVSS4.9AI score0.00174EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/24 8:42 p.m.15 views

gitverify has improper tag signature verification

gitverify is still a prototype. Impact The bug is related to requireSignedTags which is on by default: an unsigned annotated tag would pass the verification. The commit pointed to by the tag would still have to be signed by a maintainer or a contributor. Patches Since the initial commit, fixed in...

5.3AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/24 8:41 p.m.21 views

Excalidraw vulnerable to XSS via Mermaid sequence diagram labels (KaTeX rendering)

Impact @excalidraw/[email protected] depends on a Mermaid conversion package version that resolves to a Mermaid release affected by CVE-2025-54881 / GHSA-7rqq-prvp-x9jh. User-supplied Mermaid sequence diagram labels could trigger XSS through Mermaid’s KaTeX label rendering path. This is patched i...

5.3CVSS5.2AI score0.0071EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/04/24 8:40 p.m.8 views

Kyverno Controller Denial of Service via forEach Mutation Panic

Summary An unchecked type assertion in the forEach mutation handler allows any user with permission to create a Policy or ClusterPolicy to crash the cluster-wide background controller into a persistent CrashLoopBackOff. The same bug also causes the admission controller to drop connections and blo...

7.7CVSS5.5AI score0.00369EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/24 8:39 p.m.8 views

Kirby is vulnerable to authorization bypass during page, file and user creation via blueprint injection

TL;DR This vulnerability affects all Kirby sites where users of a particular role have no permission to create pages, files or users pages.create, files.create or users.create permission is disabled. This can be due to configuration in the user blueprints, via options in the model blueprints or v...

8.8CVSS5.3AI score0.00363EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/24 8:36 p.m.13 views

Traefik: A timing side-channel vulnerability allows for valid username enumeration via BasicAuth middleware

Summary There is a timing side-channel vulnerability in Traefik's BasicAuth middleware that allows an attacker to enumerate valid usernames through response-time differences. The variable intended to hold a constant-time fallback secret always resolves to an empty string, causing the constant-tim...

6.3CVSS6.1AI score0.00385EPSS
Exploits0References6Affected Software3
Github Security Blog
Github Security Blog
added 2026/04/24 8:12 p.m.10 views

Traefik Kubernetes CRD allows unauthorized cross-namespace middleware binding

Summary There is a vulnerability in Traefik's Kubernetes CRD provider cross-namespace isolation enforcement. When providers.kubernetesCRD.allowCrossNamespace=false, Traefik correctly rejects direct cross-namespace middleware references from IngressRoute objects, but fails to apply the same...

6.4CVSS5.9AI score0.00254EPSS
Exploits1References7Affected Software3
Github Security Blog
Github Security Blog
added 2026/04/24 7:30 p.m.56 views

Gemini CLI: Remote Code Execution via workspace trust and tool allowlisting bypasses

Summary Gemini CLI @google/gemini-cli and the run-gemini-cli GitHub Action are being updated to harden workspace trust and tool allowlisting, in particular when used in untrusted environments like GitHub Actions. This update introduces a breaking change to how non-interactive headless environment...

6.5AI score
Exploits0References2Affected Software2
Github Security Blog
Github Security Blog
added 2026/04/24 4:39 p.m.14 views

ParquetSharp: Possible Stack Overflow When Reading a ParquetFile with Large Decimal Type Width

DecimalConverter.ReadDecimal makes a stackalloc using what might be an attacker-supplied value. If an attacker declares a decimal column with some unreasonable width, this could lead to a stack overflow. In a service environment, this would potentially take down a service. This affects applicatio...

5.3CVSS5.3AI score0.00273EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/24 4:39 p.m.12 views

TYPO3 CMS Stores Cleartext Password in User Settings Module

Problem The backend user settings module SetupModuleController incorrectly conflates entity data like passwords or email address with user-interface settings like theme, display options when persisting changes. As a result, passwords were stored in cleartext in the uc and usersettings fields of t...

7.5CVSS5.5AI score0.00167EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/24 4:37 p.m.11 views

Traefik has an StripPrefixRegex Middleware Authorization Bypass via Path/RawPath Desync

Summary There is a high severity authentication bypass vulnerability in Traefik's StripPrefixRegex middleware when used in combination with ForwardAuth, BasicAuth, or DigestAuth. The middleware matches the regex against the decoded URL path but uses the resulting byte length to slice the...

8.6CVSS5.6AI score0.00767EPSS
Exploits1References6Affected Software3
Github Security Blog
Github Security Blog
added 2026/04/24 4:37 p.m.9 views

k8sGPT has Prompt Injection through its k8sGPT-Operator

Summary In the auto-remediation pipeline, objecttoexecution.go was deserializing the AI-generated YAML directly into a Deployment object, but there was lack of validation from the original Deployment object. Details This issue was fixed after coordination with Alex Jones. PoC To minimize the...

5.3AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/24 4:34 p.m.36 views

Claude Code: Trust Dialog Bypass via Git Worktree Spoofing Allows Arbitrary Code Execution

Claude Code used the git worktree commondir file when determining folder trust but did not validate its contents. By crafting a repository with a commondir file pointing to a path the victim had previously trusted, an attacker could bypass the trust dialog and immediately execute malicious hooks...

8.8CVSS5.6AI score0.00281EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/24 4:32 p.m.10 views

Traefik: Pre-authentication decision bypass due to forwarded alias spoofing

Summary There is a high severity authentication bypass vulnerability in Traefik's ForwardAuth and snippet-based authentication middleware. Traefik's forwarded-header sanitization logic targets only canonical header names e.g., X-Forwarded-Proto and does not strip or normalize alias variants that...

10CVSS5.5AI score0.00479EPSS
Exploits1References6Affected Software3
Github Security Blog
Github Security Blog
added 2026/04/24 4:31 p.m.14 views

Traefik's ForwardAuth trustForwardHeader=false allows spoofed X-Forwarded-Prefix to bypass authentication

Summary There is a high-severity authentication bypass vulnerability in Traefik's ForwardAuth middleware when trustForwardHeader=false is configured and Traefik is deployed behind a trusted upstream proxy. While X-Forwarded- headers such as X-Forwarded-For, X-Forwarded-Host, and X-Forwarded-Proto...

10CVSS5.6AI score0.00267EPSS
Exploits1References6Affected Software3
Github Security Blog
Github Security Blog
added 2026/04/24 4:25 p.m.15 views

go-zserio has Unbounded Memory Allocation for All Platforms

Impact When deserializing arrays, strings or bytes blob types zserio first reads the size of the variable, and then allocates sufficient memory to load data. Since the size is always trusted this can be abused by creating a data file with a large size value, causing the zserio runtime to allocate...

5.3AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/24 4:25 p.m.13 views

Zserio Runtime: Integer Overflow in BitStreamReader and Unbounded Memory Allocation in Deserialization

Summary Unbounded Memory Allocation all platforms A crafted payload as small as 4-5 bytes can force memory allocations of up to 16 GB, crashing any process with an OOM error Denial of Service. Affected code C++: - cpp/runtime/src/zserio/Array.h line 1029 — mrawArray.reservereadLength with uncheck...

7.5CVSS5.6AI score0.0032EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/24 4:20 p.m.34 views

rustls-webpki: Denial of service via panic on malformed CRL BIT STRING

Summary bitstringflags in src/der.rs panics with an index-out-of-bounds when given a BIT STRING whose content is exactly 0x00 one byte: zero padding bits, zero data bytes. This is reachable through the public API BorrowedCertRevocationList::fromder via the issuingDistributionPoint CRL extension...

5.6AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/24 4:18 p.m.19 views

Budibase auth session cookies are set with httpOnly:false — any XSS can lead to full account takeover

Summary The budibase:auth cookie containing the JWT session token is set with httpOnly: false at packages/backend-core/src/utils/utils.ts:218. JavaScript can read this cookie via document.cookie. Given that Budibase has had XSS vulnerabilities GHSA-gp5x-2v54-v2q5 — stored XSS via unsanitized enti...

8.1CVSS5.5AI score0.00283EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/24 4:17 p.m.17 views

Kimai has Missing Object-Level Authorization in the Team API

Summary The Team API endpoints use IsGranted'editteam' instead of IsGranted'edit', 'team', causing Symfony TeamVoter to abstain from voting. This removes entity-level ownership checks on team operations, allowing any user with the editteam permission to modify any team, not just teams they are...

3.3CVSS5.5AI score0.00247EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/24 4:17 p.m.150 views

LiteLLM has SQL Injection in Proxy API key verification

Impact A database query used during proxy API key checks mixed the caller-supplied key value into the query text instead of passing it as a separate parameter. An unauthenticated attacker could send a specially crafted Authorization header to any LLM API route for example POST /chat/completions a...

9.8CVSS6AI score0.86607EPSS
Exploits7References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/24 4:15 p.m.11 views

Dgraph: Unauthenticated Admin Token Disclosure Leading to Authentication Bypass via /debug/vars

Summary Dgraph v25.3.2 still exposes the process command line through the unauthenticated /debug/vars endpoint on Alpha. Because the admin token is commonly supplied via the --security "token=..." startup flag, an unauthenticated attacker can retrieve that token and replay it in the...

9.8CVSS5.5AI score0.02187EPSS
Exploits1References4Affected Software3
Github Security Blog
Github Security Blog
added 2026/04/24 4:15 p.m.34 views

Ray: Remote Code Execution via Parquet Arrow Extension Type Deserialization

Ray Data registers custom Arrow extension types ray.data.arrowtensor, ray.data.arrowtensorv2, ray.data.arrowvariableshapedtensor globally in PyArrow. When PyArrow reads a Parquet file containing one of these extension types, it calls arrowextdeserialize on the field's metadata bytes. Ray's...

8.9CVSS6.3AI score0.00473EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/24 4:11 p.m.14 views

Avo: Broken Access Control Through Unauthorized Execution of Arbitrary Action Classes Across Resources

Summary A critical Broken Access Control vulnerability was identified in the ActionsController of the Avo framework v3.x. Due to insecure action lookup logic, an authenticated user can execute any Action class descendants of Avo::BaseAction on any resource, even if the action is not registered fo...

8.8CVSS5.7AI score0.00295EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/24 4:2 p.m.34 views

LiteLLM: Server-Side Template Injection in /prompts/test endpoint

Impact The POST /prompts/test endpoint accepted user-supplied prompt templates and rendered them without sandboxing. A crafted template could run arbitrary code inside the LiteLLM Proxy process. The endpoint only checks that the caller presents a valid proxy API key, so any authenticated user cou...

8.8CVSS5.9AI score0.00373EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/24 4:0 p.m.10 views

nova-toggle-5: Improper authorization on toggle endpoint allowed non-Nova users to modify boolean fields

Impact In versions middleware. Any user authenticated on the configured guard could call the endpoint and flip boolean attributes on any Nova resource — including users who do not have access to Nova itself for example, frontend customers sharing the web guard with the Nova admin area. The endpoi...

6.5CVSS5.6AI score0.00201EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/24 3:59 p.m.16 views

AWS Encryption SDK for Python: Key commitment policy bypass via shared key cache

Summary AWS Encryption SDK ESDK for Python is a client-side encryption library. An issue exists where, under certain circumstances, a specific cryptographic algorithm downgrade in the caching layer might allow an authenticated local threat actor to bypass key commitment policy enforcement via a...

5.7CVSS5.6AI score0.00096EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/24 3:57 p.m.15 views

Grid: Integer Overflow in Grid::expand_rows Leads to Safe-API Undefined Behavior

Summary An integer overflow in Grid::expandrows can corrupt the relationship between the grid’s logical dimensions and its backing storage. After the internal invariant is broken, the safe API get may invoke getunchecked with an invalid index, resulting in Undefined Behavior. Details Tested...

6.2CVSS5.3AI score0.00132EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/24 3:43 p.m.43 views

New API: Stripe Webhook Signature Bypass via Empty Secret Enables Unlimited Quota Fraud

Summary A critical vulnerability exists in the Stripe webhook handler that allows an unauthenticated attacker to forge webhook events and credit arbitrary quota to their account without making any payment. The vulnerability stems from three compounding flaws: 1. The Stripe webhook endpoint does n...

8.2CVSS5.9AI score0.00259EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/24 3:41 p.m.18 views

Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in NQuad Lang Field

Executive Summary A vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configuration where ACL is not enabled. The attack requires two HTTP POSTs to port 8080. The first sets up a...

9.1CVSS5.9AI score0.00338EPSS
Exploits1References3Affected Software3
Github Security Blog
Github Security Blog
added 2026/04/24 3:41 p.m.13 views

Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in Upsert Condition Field

Executive Summary A vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configuration where ACL is not enabled. The attack is a single HTTP POST to /mutate?commitNow=true containing a...

9.1CVSS5.6AI score0.00424EPSS
Exploits1References4Affected Software3
Github Security Blog
Github Security Blog
added 2026/04/24 3:39 p.m.19 views

russh has pre-auth DoS via unbounded allocation in its keyboard-interactive auth handler

Summary A pre-authentication denial-of-service vulnerability exists in the server's keyboard-interactive authentication handler. A malicious client can crash any russh-based server that implements keyboard-interactive auth e.g., for 2FA/TOTP with a single malformed packet, requiring no credential...

7.5CVSS5.5AI score0.00481EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/24 3:36 p.m.15 views

RedwoodSDK has Same-site CSRF through lack of origin validation in its server actions

Summary Server actions in rwsdk apply HTTP method enforcement but no origin validation. A request originating from a different origin that the browser treats as same-site can invoke a server action with the victim's session cookie attached. Impact An attacker who controls any origin the browser...

5.3CVSS5.3AI score0.00111EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/24 3:36 p.m.21 views

ERB has an @_init deserialization guard bypass via def_module / def_method / def_class

Summary Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance variable guard in ERBresult and ERBrun to prevent code execution when an ERB object is reconstructed via Marshal.load deserialization. However, three other public methods that also evaluate @src via eva...

8.1CVSS6.7AI score0.01131EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/24 3:34 p.m.13 views

liquidjs has a Denial of Service via circular block reference in layout

Summary A circular block reference in % layout % / % block % causes an infinite recursive loop, consuming all available memory 4GB and crashing the Node.js process with FATAL ERROR: JavaScript heap out of memory. This allows any user who can submit a Liquid template to perform a Denial of Service...

7.5CVSS5.4AI score0.00382EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/24 3:32 p.m.8 views

Apache Airflow's asset dependency graph did not restrict nodes by the viewer's DAG read permissions

The asset dependency graph did not restrict nodes by the viewer's DAG read permissions: a user with read access to at least one DAG could browse the asset graph for any other asset in the deployment and learn the existence and names of DAGs and assets outside their authorized scope. Users are...

4.3CVSS5.8AI score0.00352EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/24 3:32 p.m.9 views

Apache Airflow's authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in-the-Loop (HITL) and TaskInstance record

The authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in-the-Loop HITL and TaskInstance records: a logged-in Airflow user with read access to at least one DAG could retrieve HITL prompts including their request parameters and full TaskInstance details for DA...

4.3CVSS5.8AI score0.00352EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/24 3:31 p.m.200 views

PostCSS has XSS via Unescaped </style> in its CSS Stringify Output

PostCSS: XSS via Unescaped in CSS Stringify Output Summary PostCSS v8.5.5 latest does not escape sequences when stringifying CSS ASTs. When user-submitted CSS is parsed and re-stringified for embedding in HTML tags, in CSS values breaks out of the style context, enabling XSS. Proof of Concept...

6.1CVSS5.3AI score0.00205EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/24 3:22 p.m.10 views

Lemmy has SSRF in /api/v3/post via Webmention dispatch

Summary Lemmy allows an authenticated low-privileged user to create a link post through POST /api/v3/post. When a post is created in a public community, the backend asynchronously sends a Webmention to the attacker-controlled link target. The submitted URL is checked for syntax and scheme, but th...

6.3CVSS5.6AI score0.00184EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/24 3:21 p.m.11 views

Lemmy has SSRF and internal image disclosure in post link metadata via unvalidated og:image

Summary Lemmy fetches metadata for user-supplied post URLs and, under the default StoreLinkPreviews image mode, downloads the preview image through local pict-rs. While the top-level page URL is checked against internal IP ranges, the extracted og:image URL is not subject to the same restriction...

6.5CVSS5.4AI score0.00209EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/24 3:19 p.m.14 views

Contour has Lua code injection via Cookie Path Rewrite Policy

Impact Contour's Cookie Rewriting feature is vulnerable to Lua code injection. An attacker with RBAC permissions to create or modify HTTPProxy resources can craft a malicious value in the following fields that results in arbitrary code execution in the Envoy proxy: -...

8.1CVSS6.3AI score0.00481EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/24 12:30 p.m.15 views

Apache DolphinScheduler has an Incorrect Authorization Vulnerability

Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with system login permissions to use tenants that are not defined on the platform during workflow execution. This issue affects Apache DolphinScheduler versions prior to 3.4.1. Users are recommended to...

8.1CVSS5.8AI score0.00446EPSS
Exploits0References4Affected Software1
Total number of security vulnerabilities33225