Lucene search
+L

6 matches found

EUVD
EUVD
added 2026/07/01 12:34 a.m.8 views

EUVD-2026-40418

txtai through 9.10.0, fixed in commit 11b32da, exposes an API /reindex endpoint whose function body parameter is resolved through txtai.util.Resolver, which performs import and getattr on the caller-supplied dotted path with no allowlist. When the API is exposed with no TOKEN configured...

9.8CVSS6.5AI score0.00725EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/22 7:36 p.m.6 views

CVE-2021-29438

The Nextcloud dialogs library npm package @nextcloud/dialogs before 3.1.2 insufficiently escaped text input passed to a toast. If your application displays toasts with user-supplied input, this could lead to a XSS vulnerability. The vulnerability has been patched in version 3.1.2 If you need to...

5.4CVSS5.7AI score0.00703EPSS
Exploits0References1
NVD
NVD
added 2025/02/27 4:15 p.m.19 views

CVE-2025-0914

An improper access control issue in the VQL shell feature in Velociraptor Versions 0.73.4 allowed authenticated users to execute the execve plugin in deployments where this was explicitly forbidden by configuring the preventexecve flag in the configuration file. This setting is not usually...

3.8CVSS0.00215EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/03/09 9:30 p.m.32 views

CVE-2022-24741 High memory usage in Nextcloud server

Nextcloud server is an open source, self hosted cloud style services platform. In affected versions an attacker can cause a denial of service by uploading specially crafted files which will cause the server to allocate too much memory / CPU. It is recommended that the Nextcloud Server is upgraded...

3.5CVSS6.8AI score0.01581EPSS
Exploits1References4
OSV
OSV
added 2018/01/10 9:29 a.m.3 views

UBUNTU-CVE-2017-18026

Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary commands through the Mercurial adapter via vectors involving a branch whose name begins with a --config...

8.8CVSS7.6AI score0.02825EPSS
Exploits0References7
OSV
OSV
added 2018/01/10 9:29 a.m.2 views

DEBIAN-CVE-2017-18026

Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary commands through the Mercurial adapter via vectors involving a branch whose name begins with a --config...

8.8CVSS7.8AI score0.02825EPSS
Exploits0References1
Rows per page
Query Builder