Lucene search
K

8 matches found

Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.19 views

PT-2026-43396

Name of the Vulnerable Software and Affected Versions MaxKB versions prior to 2.8.1 Description An issue exists in the OSS file service URL fetch endpoint "chat/api/oss/get url" where inconsistent URL parsing between the urlparse validation function and the requests HTTP client allows for a...

6.3CVSS5.8AI score0.00232EPSS
Exploits0References3
PyPA
PyPA
added 2026/04/07 10:16 p.m.11 views

PYSEC-2026-59

Emmett is a full-stack Python web framework designed with simplicity. From 2.5.0 to before 2.8.1, the RSGI static handler for Emmett's internal assets /emmett paths is vulnerable to path traversal attacks. An attacker can use ../ sequences eg /emmett/../rsgi/handlers.py to read arbitrary files...

9.1CVSS5.9AI score0.00495EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:10 p.m.5 views

CVE-2026-32702

Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. From 2.7.0 to 2.8.0, the /api/auth/login endpoint contains a logic flaw that allows unauthenticated remote attackers to enumerate valid usernames by...

6.9CVSS5.8AI score0.00321EPSS
Exploits1References1
NVD
NVD
added 2025/08/01 6:15 p.m.44 views

CVE-2025-54590

webfinger.js is a TypeScript-based WebFinger client that runs in both browsers and Node.js environments. In versions 2.8.0 and below, the lookup function accepts user addresses for account checking. However, the ActivityPub specification requires preventing access to localhost services in...

6.9CVSS0.006EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/08/01 6:3 p.m.44 views

CVE-2025-54590 webfinger.js is vulnerable to Blind SSRF attacks through localhost

webfinger.js is a TypeScript-based WebFinger client that runs in both browsers and Node.js environments. In versions 2.8.0 and below, the lookup function accepts user addresses for account checking. However, the ActivityPub specification requires preventing access to localhost services in...

6.9CVSS0.006EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/01/24 12:58 p.m.12 views

CVE-2023-50944 Apache Airflow: Bypass permission verification to read code of other dags

Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version...

6.3AI score0.00971EPSS
Exploits0References3
OSV
OSV
added 2022/05/17 2:41 a.m.1 views

GHSA-H24P-QWF4-84Q8 Apache Hadoop's LinuxContainerExecutor runs docker commands as root with insufficient input validation

In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the LinuxContainerExecutor runs docker commands as root with insufficient input validation. When the docker feature is enabled, authenticated users can run commands as root. This issue is fixed in versions 2.8.1 and 3.0.0-alpha3...

7.5CVSS7.2AI score0.01795EPSS
Exploits0References3
Saint
Saint
added 2014/09/16 12:0 a.m.25 views

ALCASAR index.php Crafted HTTP host Header Vulnerability

Added: 09/16/2014 BID: 69662 OSVDB: 111026 Background ALCASAR is a free Network Access Controller that allows network managers to restrict Internet service access to authenticated users. ALCASAR allows control and logging of all network activity by users and/or defined user groups. Problem ALCASA...

1.8AI score
Exploits0
Rows per page
Query Builder