Lucene search
+L

519 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2012-5533

Malware in sbrugna...

6.8CVSS6.1AI score0.06558EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-31612

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00465EPSS
Exploits0References2
Gitee
Gitee
added 2025/09/06 12:9 p.m.101 views

vulhub

This is a pre-built vulnerable environment based on Docker-Compose, provided by the Vulhub project. The repository contains a collection of vulnerable applications and services, along with their corresponding Dockerfiles and configuration files. The vulnerable environments are designed to help...

7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/09/04 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2021-38295

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin open...

7.3CVSS5.9AI score0.02474EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/09/03 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2017-12636

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CouchDB administrative users can configure the database server via HTTPS. Some of the configuration options include paths for operating system-level binaries th...

9CVSS8.1AI score0.90602EPSS
Exploits15References2
Tenable Nessus
Tenable Nessus
added 2025/09/02 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2018-11769

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CouchDB administrative users before 2.2.0 can configure the database server via HTTPS. Due to insufficient validation of administrator-supplied configuration...

9CVSS7.8AI score0.11681EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2025/09/02 12:0 a.m.18 views

Linux Distros Unpatched Vulnerability : CVE-2018-17188

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configuration of key components of the database. In some cases, this lead to vulnerabilities where...

7.2CVSS7AI score0.03228EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/09/02 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2017-12635

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submi...

10CVSS8.1AI score0.99838EPSS
Exploits21References2
Tenable Nessus
Tenable Nessus
added 2025/09/02 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2018-8007

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache CouchDB administrative users can configure the database server via HTTPS. Due to insufficient validation of administrator-supplied configuration settings...

9CVSS8AI score0.11681EPSS
Exploits3References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.1 views

Malicious code in generator-accelerate-couchdb (npm)

The package generator-accelerate-couchdb was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.1 views

MAL-2025-21262 Malicious code in generator-accelerate-couchdb (npm)

The package generator-accelerate-couchdb was found to contain malicious code...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 5:39 a.m.4 views

CVE-2023-26268

Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions: validatedocupdate list filter filter views using view functions as filters rewrite update This doesn't affect map/reduce or searc...

5.3CVSS6.9AI score0.01429EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:2 a.m.8 views

CVE-2023-27877

IBM Planning Analytics Cartridge for Cloud Pak for Data 4.0 connects to a CouchDB server. An attacker can exploit an insecure password policy to the CouchDB server and collect sensitive information from the database. IBM X-Force ID: 247905...

7.5CVSS6.2AI score0.00465EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:1 a.m.9 views

CVE-2022-24706

In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front o...

10CVSS7AI score0.9251EPSS
Exploits9References1
Positive Technologies
Positive Technologies
added 2025/04/17 12:0 a.m.5 views

PT-2025-16956

Name of the Vulnerable Software and Affected Versions Erlang/OTP versions prior to OTP-27.3.3 Erlang/OTP versions prior to OTP-26.2.5.11 Erlang/OTP versions prior to OTP-25.3.2.20 Description The issue concerns Unauthenticated Remote Code Execution in Erlang/OTP. Almost 700K CouchDB instances,...

8.7CVSS5.5AI score0.00276EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/02/06 10:36 a.m.13 views

CVE-2017-12635

Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit users documents with duplicate keys for 'roles' used for access control within the database, including the special case 'admin' role,...

10CVSS7AI score0.99838EPSS
Exploits21References2
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.317 views

CouchDB Enum Utility

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'CouchDB Enum Utility', 'Description' = %q This module enumerates databases on CouchDB using the REST API without authentication by default. ,...

10CVSS6.9AI score0.99838EPSS
Exploits21
Vulnrichment
Vulnrichment
added 2024/07/16 2:36 p.m.25 views

CVE-2024-32861 Software House C•CURE - CouchDB executable protection

Under certain circumstances the impacted Software House C•CURE 9000 installer will utilize unnecessarily wide permissions...

7.8CVSS7.7AI score0.00148EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/07/16 2:36 p.m.28 views

CVE-2024-32861 Software House C•CURE - CouchDB executable protection

Under certain circumstances the impacted Software House C•CURE 9000 installer will utilize unnecessarily wide permissions...

7.8CVSS0.00148EPSS
Exploits0References2
OSV
OSV
added 2024/07/15 7:53 p.m.12 views

CVE-2024-39918 Path Traveral in @jmondi/url-to-png

@jmondi/url-to-png is an open source URL to PNG utility featuring parallel rendering using Playwright for screenshots and with storage caching via Local, S3, or CouchDB. Input of the ImageId in the code is not sanitized and may lead to path traversal. This allows an attacker to store an image in ...

4.3CVSS6.8AI score0.00523EPSS
Exploits0References5
Rows per page
Query Builder