Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

28 matches found

EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2023-30261

Malicious code in bioql PyPI...

5.7CVSS5.8AI score0.00385EPSS
Exploits0References4
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2023-30259

Malicious code in bioql PyPI...

7.8CVSS7.6AI score0.00419EPSS
Exploits0References4
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2023-30260

Malicious code in bioql PyPI...

7.8CVSS7.7AI score0.004EPSS
Exploits0References4
EUVD
EUVDadded 2025/10/03 8:7 p.m.4 views

EUVD-2023-30262

Malicious code in bioql PyPI...

3.2CVSS4.5AI score0.00345EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2025/05/23 4:39 a.m.6 views

CVE-2023-26439

The cacheservice API could be abused to inject parameters with SQL syntax which was insufficiently sanitized before getting executed as SQL statement. Attackers with access to a local or restricted network were able to perform arbitrary SQL queries, discovering other users cached data. We have...

7.8CVSS7.4AI score0.00419EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/23 4:39 a.m.8 views

CVE-2023-26442

In case Cacheservice was configured to use a sproxyd object-storage backend, it would follow HTTP redirects issued by that backend. An attacker with access to a local or restricted network with the capability to intercept and replay HTTP requests to sproxyd or who is in control of the sproxyd...

3.2CVSS6.7AI score0.00345EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/23 4:38 a.m.5 views

CVE-2023-26441

Cacheservice did not correctly check if relative cache object were pointing to the defined absolute location when accessing resources. An attacker with access to the database and a local or restricted network would be able to read arbitrary local file system resources that are accessible by the...

5.7CVSS6.8AI score0.00385EPSS
Exploits0References1
OSV
OSVadded 2023/08/02 1:15 p.m.3 views

CVE-2023-26440

The cacheservice API could be abused to indirectly inject parameters with SQL syntax which was insufficiently sanitized and would later be executed when creating new cache groups. Attackers with access to a local or restricted network could perform arbitrary SQL queries. We have improved the inpu...

7.8CVSS5.9AI score0.004EPSS
Exploits0References4
OSV
OSVadded 2023/08/02 1:15 p.m.2 views

CVE-2023-26442

In case Cacheservice was configured to use a sproxyd object-storage backend, it would follow HTTP redirects issued by that backend. An attacker with access to a local or restricted network with the capability to intercept and replay HTTP requests to sproxyd or who is in control of the sproxyd...

3.2CVSS5.8AI score0.00345EPSS
Exploits0References4
NVD
NVDadded 2023/08/02 1:15 p.m.9 views

CVE-2023-26442

In case Cacheservice was configured to use a sproxyd object-storage backend, it would follow HTTP redirects issued by that backend. An attacker with access to a local or restricted network with the capability to intercept and replay HTTP requests to sproxyd or who is in control of the sproxyd...

3.2CVSS3.8AI score0.00345EPSS
Exploits0References4
NVD
NVDadded 2023/08/02 1:15 p.m.17 views

CVE-2023-26441

Cacheservice did not correctly check if relative cache object were pointing to the defined absolute location when accessing resources. An attacker with access to the database and a local or restricted network would be able to read arbitrary local file system resources that are accessible by the...

5.7CVSS5.5AI score0.00385EPSS
Exploits0References4
Prion
Prionadded 2023/08/02 1:15 p.m.17 views

Sql injection

The cacheservice API could be abused to inject parameters with SQL syntax which was insufficiently sanitized before getting executed as SQL statement. Attackers with access to a local or restricted network were able to perform arbitrary SQL queries, discovering other users cached data. We have...

4.3CVSS7.7AI score0.00419EPSS
Exploits0References4Affected Software1
Prion
Prionadded 2023/08/02 1:15 p.m.19 views

Server side request forgery (ssrf)

In case Cacheservice was configured to use a sproxyd object-storage backend, it would follow HTTP redirects issued by that backend. An attacker with access to a local or restricted network with the capability to intercept and replay HTTP requests to sproxyd or who is in control of the sproxyd...

1.2CVSS4.1AI score0.00345EPSS
Exploits0References4Affected Software1
Prion
Prionadded 2023/08/02 1:15 p.m.17 views

Sql injection

The cacheservice API could be abused to indirectly inject parameters with SQL syntax which was insufficiently sanitized and would later be executed when creating new cache groups. Attackers with access to a local or restricted network could perform arbitrary SQL queries. We have improved the inpu...

4.3CVSS7.7AI score0.004EPSS
Exploits0References4Affected Software1
Prion
Prionadded 2023/08/02 1:15 p.m.20 views

Input validation

Cacheservice did not correctly check if relative cache object were pointing to the defined absolute location when accessing resources. An attacker with access to the database and a local or restricted network would be able to read arbitrary local file system resources that are accessible by the...

1.7CVSS5.4AI score0.00385EPSS
Exploits0References4Affected Software1
Cvelist
Cvelistadded 2023/08/02 12:23 p.m.27 views

CVE-2023-26442

In case Cacheservice was configured to use a sproxyd object-storage backend, it would follow HTTP redirects issued by that backend. An attacker with access to a local or restricted network with the capability to intercept and replay HTTP requests to sproxyd or who is in control of the sproxyd...

3.2CVSS4.2AI score0.00345EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2023/08/02 12:23 p.m.13 views

CVE-2023-26442

In case Cacheservice was configured to use a sproxyd object-storage backend, it would follow HTTP redirects issued by that backend. An attacker with access to a local or restricted network with the capability to intercept and replay HTTP requests to sproxyd or who is in control of the sproxyd...

3.2CVSS6.7AI score0.00345EPSS
Exploits0References4
CVE
CVEadded 2023/08/02 12:23 p.m.44 views

CVE-2023-26442

The CVE describes a vulnerability in Cacheservice when configured to use a sproxyd object-storage backend. If redirects issued by sproxyd are followed, a local/restricted network attacker (or someone controlling the sproxyd service) could perform a server-side request forgery (SSRF) and cause Cac...

3.2CVSS4.1AI score0.00345EPSS
Exploits0References4Affected Software1
CVE
CVEadded 2023/08/02 12:23 p.m.43 views

CVE-2023-26441

CVE-2023-26441 affects the Open-Xchange AppSuite Cacheservice. An attacker with database access or on a local/restricted network could read arbitrary local files accessible by the service user due to improper validation of relative cache object paths. The issue is addressed by improved path valid...

5.7CVSS5.4AI score0.00385EPSS
Exploits0References4Affected Software1
Cvelist
Cvelistadded 2023/08/02 12:23 p.m.27 views

CVE-2023-26441

Cacheservice did not correctly check if relative cache object were pointing to the defined absolute location when accessing resources. An attacker with access to the database and a local or restricted network would be able to read arbitrary local file system resources that are accessible by the...

5.7CVSS5.8AI score0.00385EPSS
Exploits0References4
Rows per page
Query Builder