Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

265 matches found

Positive Technologies
Positive Technologiesadded 2023/07/28 12:0 a.m.3 views

PT-2023-26744 · Unknown · University Compass

Name of the Vulnerable Software and Affected Versions: University Compass versions 2.2.0 and below Description: The issue is related to a code injection vulnerability in the org.compass.core.executor.DefaultExecutorManager.configure component. This vulnerability can be exploited by passing an...

9.8CVSS9.3AI score0.00131EPSS
Exploits1References3
Vulnrichment
Vulnrichmentadded 2023/07/28 12:0 a.m.10 views

CVE-2023-39023

university compass v2.2.0 and below was discovered to contain a code injection vulnerability in the component org.compass.core.executor.DefaultExecutorManager.configure. This vulnerability is exploited via passing an unchecked argument...

8AI score0.00131EPSS
Exploits1References1
CVE
CVEadded 2023/07/28 12:0 a.m.46 views

CVE-2023-39023

CVE-2023-39023 affects University Compass versions 2.2.0 and earlier. The vulnerability is a code injection in the component org.compass.core.executor.DefaultExecutorManager.configure, exploitable via passing an unchecked argument. The issue is documented across multiple sources, and connected do...

9.8CVSS9.6AI score0.00131EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2023/07/28 12:0 a.m.14 views

CVE-2023-39023

university compass v2.2.0 and below was discovered to contain a code injection vulnerability in the component org.compass.core.executor.DefaultExecutorManager.configure. This vulnerability is exploited via passing an unchecked argument...

9.8AI score0.00131EPSS
Exploits1References1
OSV
OSVadded 2023/06/27 12:15 a.m.1 views

CVE-2023-22834

The Contour Service was not checking that users had permission to create an analysis for a given dataset. This could allow an attacker to clutter up Compass folders with extraneous analyses, that the attacker would otherwise not have permission to create...

4.3CVSS5.8AI score0.00053EPSS
Exploits0References1
NVD
NVDadded 2023/06/27 12:15 a.m.13 views

CVE-2023-22834

The Contour Service was not checking that users had permission to create an analysis for a given dataset. This could allow an attacker to clutter up Compass folders with extraneous analyses, that the attacker would otherwise not have permission to create...

4.3CVSS4AI score0.00053EPSS
Exploits0References1
Prion
Prionadded 2023/06/27 12:15 a.m.16 views

Code injection

The Contour Service was not checking that users had permission to create an analysis for a given dataset. This could allow an attacker to clutter up Compass folders with extraneous analyses, that the attacker would otherwise not have permission to create...

4CVSS4.6AI score0.00053EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinuxadded 2023/06/26 11:6 p.m.2 views

CVE-2023-22834

The Contour Service was not checking that users had permission to create an analysis for a given dataset. This could allow an attacker to clutter up Compass folders with extraneous analyses, that the attacker would otherwise not have permission to create...

4.3CVSS4.5AI score0.00053EPSS
Exploits0References1
Cvelist
Cvelistadded 2023/06/26 11:6 p.m.13 views

CVE-2023-22834 The contour service was not checking that users had permission to create an analysis for a given dataset

The Contour Service was not checking that users had permission to create an analysis for a given dataset. This could allow an attacker to clutter up Compass folders with extraneous analyses, that the attacker would otherwise not have permission to create...

2.7CVSS4.8AI score0.00053EPSS
Exploits0References1
CNNVD
CNNVDadded 2023/06/26 12:0 a.m.2 views

Contour 安全漏洞

Contour is a Kubernetes entry controller that uses the Envoy agent. A security vulnerability exists in versions of Contour prior to 9.642.0 that stems from not checking whether a user has the right to create analytics for a given dataset. An attacker exploited the vulnerability to mess up the...

4.3CVSS5.1AI score0.00053EPSS
Exploits0References3
Veracode
Veracodeadded 2023/04/27 11:2 a.m.22 views

Remote Code Execution (RCE)

broccoli-compass is vulnerable to Remote Code Execution RCE. Lack of proper checking of attacker-controlled filenames which is included in the list of files passed to the library via its files option, allows an attacker to execute malicious code on the system...

9.8CVSS9.5AI score0.06257EPSS
Exploits1References4Affected Software1
vulnersOsv
vulnersOsvadded 2023/04/24 6:30 p.m.0 views

ember-cli-broccoli-compass (>=0.0.1 <=0.0.5), ember-cli-compass (>=0.0.4 <=0.0.5) +1 more potentially affected by CVE-2023-27848 via broccoli-compass (>=0.0.7 <=0.1.1)

broccoli-compass NPM version =0.0.7, =0.0.1, =0.0.4, =0.0.1, =0.0.13 Source cves: CVE-2023-27848 Source advisory: OSV:GHSA-WQ8F-XMQ3-5VQ9...

9.8CVSS7.2AI score0.06257EPSS
Exploits1
Github Security Blog
Github Security Blogadded 2023/04/24 6:30 p.m.20 views

Remote code execution in broccoli-compass

broccoli-compass v0.2.4 was discovered to contain a remote code execution RCE vulnerability via the childprocess function...

9.8CVSS7.6AI score0.06257EPSS
Exploits1References4Affected Software1
NVD
NVDadded 2023/04/24 6:15 p.m.8 views

CVE-2023-27848

broccoli-compass v0.2.4 was discovered to contain a remote code execution RCE vulnerability via the childprocess function...

9.8CVSS9.9AI score0.06257EPSS
Exploits1References2
OSV
OSVadded 2023/04/24 6:15 p.m.10 views

CVE-2023-27848

broccoli-compass v0.2.4 was discovered to contain a remote code execution RCE vulnerability via the childprocess function...

9.8CVSS10AI score
Exploits0References2
CNNVD
CNNVDadded 2023/04/24 12:0 a.m.2 views

npm broccoli-compass 命令注入漏洞

npm broccoli-compass is a library from the American company npm. A security vulnerability exists in npm broccoli-compass version v0.2.4, which stems from the discovery of a remote code execution RCE vulnerability via the childproces function...

9.8CVSS9.1AI score0.06257EPSS
Exploits1References3
Cvelist
Cvelistadded 2023/04/24 12:0 a.m.15 views

CVE-2023-27848

broccoli-compass v0.2.4 was discovered to contain a remote code execution RCE vulnerability via the childprocess function...

10AI score0.06257EPSS
Exploits1References2
CVE
CVEadded 2023/04/24 12:0 a.m.49 views

CVE-2023-27848

CVE-2023-27848 affects broccoli-compass v0.2.4. A remote code execution (RCE) vulnerability exists via the child_process function, allowing execution of attacker-controlled code. Impact is high (C/H/I/H/A/H) per the CVSS3.1 data; exploitation is network-borne with no user interaction and no privi...

9.8CVSS9.9AI score0.06257EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichmentadded 2023/04/24 12:0 a.m.3 views

CVE-2023-27848

broccoli-compass v0.2.4 was discovered to contain a remote code execution RCE vulnerability via the childprocess function...

9.9AI score0.06257EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2023/04/24 12:0 a.m.2 views

PT-2023-21373 · Unknown · Broccoli-Compass

Name of the Vulnerable Software and Affected Versions: broccoli-compass version 0.2.4 Description: The issue is related to a remote code execution RCE vulnerability. It is exploited via the child process function. Recommendations: For broccoli-compass version 0.2.4, consider restricting the use o...

9.8CVSS9.6AI score0.06257EPSS
Exploits1References6
Rows per page
Query Builder