Core Security Vulnerabilities
The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Before deserializing CycloneDX Bill of Materials in XML format, cyclonedx-core-java leverages XPath expressions to determine the schema version of the...
7.5CVSS
7.7AI Score
0.0005EPSS
ZenUML is JavaScript-based diagramming tool that requires no server, using Markdown-inspired text definitions and a renderer to create and modify sequence diagrams. Markdown-based comments in the ZenUML diagram syntax are susceptible to Cross-site Scripting (XSS). The comment feature allows the...
5.4CVSS
5.5AI Score
0.0004EPSS
A security vulnerability has been identified in HPE Athonet Mobile Core software. The core application contains a code injection vulnerability where a threat actor could execute arbitrary commands with the privilege of the underlying container leading to complete takeover of the target...
7.5CVSS
7.9AI Score
0.0004EPSS
Incorrect Authorization vulnerability in Artbees JupiterX Core allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JupiterX Core: from n/a through...
9.8CVSS
6.9AI Score
0.001EPSS
Missing Authorization vulnerability in Artbees JupiterX Core.This issue affects JupiterX Core: from 3.0.0 through...
5.4CVSS
5.6AI Score
0.0004EPSS
This High severity Information Disclosure vulnerability was introduced in versions 9.4.0, 9.12.0, and 9.15.0 of Jira Core Data Center. This Information Disclosure vulnerability, with a CVSS Score of 7.4, allows an unauthenticated attacker to view sensitive information via an Information...
7.4CVSS
7.2AI Score
0.0004EPSS
** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: from 0.8.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or....
6.5AI Score
0.0004EPSS
** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: all versions. As this project is retired, we do not plan to release a version that...
7.1AI Score
0.0004EPSS
7CVSS
6.9AI Score
0.0004EPSS
7.8CVSS
7.7AI Score
0.0004EPSS
8.8CVSS
8.9AI Score
0.002EPSS
7.8CVSS
7.9AI Score
0.001EPSS
7CVSS
6.9AI Score
0.0004EPSS
5.5CVSS
5.3AI Score
0.001EPSS
7.8CVSS
7.6AI Score
0.001EPSS
7CVSS
6.9AI Score
0.0004EPSS
7.3CVSS
7.2AI Score
0.0005EPSS
7.8CVSS
7.9AI Score
0.001EPSS
7.8CVSS
7.7AI Score
0.0005EPSS
7.8CVSS
7.7AI Score
0.0005EPSS
7CVSS
6.9AI Score
0.0004EPSS
7.8CVSS
7.7AI Score
0.0005EPSS
7.8CVSS
7.7AI Score
0.001EPSS
7.5CVSS
7.5AI Score
0.001EPSS
7.8CVSS
7.7AI Score
0.001EPSS
9.8CVSS
9.7AI Score
0.003EPSS
7CVSS
6.9AI Score
0.0004EPSS
6.8CVSS
6.7AI Score
0.0005EPSS
8CVSS
8.1AI Score
0.001EPSS
8CVSS
8.1AI Score
0.001EPSS
8CVSS
8.1AI Score
0.0004EPSS
8.8CVSS
9AI Score
0.001EPSS
8.8CVSS
8.8AI Score
0.0004EPSS
7.8CVSS
7.8AI Score
0.001EPSS
4.7CVSS
4.7AI Score
0.0004EPSS
7.5CVSS
7.5AI Score
0.001EPSS
5.5CVSS
5.5AI Score
0.0004EPSS
5.5CVSS
5.5AI Score
0.0004EPSS
6.7CVSS
6.8AI Score
0.0004EPSS
8.8CVSS
8.8AI Score
0.0004EPSS
5.5CVSS
5.5AI Score
0.0004EPSS
7.8CVSS
7.9AI Score
0.001EPSS
Aimeos is an Open Source e-commerce framework for online shops. Starting in version 2024.01.1 and prior to version 2024.04.5, a user with administrative privileges can upload files that look like images but contain PHP code which can then be executed in the context of the web server. Version...
7.2CVSS
7.2AI Score
0.0004EPSS
Aimeos is an Open Source e-commerce framework for online shops. All SaaS and marketplace setups using Aimeos version from 2022/2023/2024 are affected by a potential denial of service attack. Users should upgrade to versions 2022.10.17, 2023.10.17, or 2024.04 of the aimeos/aimeos-core package to...
5.5CVSS
5.6AI Score
0.0004EPSS
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. A vulnerability in versions prior to 8.6.1 allows for Host Header Injection when directly accessing the /legacy route. Version 8.6.1 contains a patch for the...
4.3CVSS
4.8AI Score
0.001EPSS
Missing Authorization vulnerability in 8theme XStore Core.This issue affects XStore Core: from n/a through...
8.1CVSS
8.1AI Score
0.0004EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Select-Themes Stockholm Core allows PHP Local File Inclusion.This issue affects Stockholm Core: from n/a through...
8.8CVSS
7.1AI Score
0.0005EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in 8theme XStore Core allows PHP Local File Inclusion.This issue affects XStore Core: from n/a through...
8.5CVSS
7.1AI Score
0.0004EPSS
If a SCSI READ(10) command is initiated via USB using the largest LBA (0xFFFFFFFF) with it's default block size of 512 and a count of 1, the first 512 byte of the 0x80000000 memory area is returned to the user. If the block count is increased, the full RAM can be exposed. The same method works...
6.9AI Score
0.0004EPSS
dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. Prior to versions 1.6.15, 1.7.15, and 1.8.1, Binding to INADDR_ANY (0.0.0.0) or IN6ADDR_ANY (::) exposes an application on all network interfaces, increasing.....
5.3CVSS
6.6AI Score
0.0004EPSS