Lucene search
K

359 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-29512

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.00631EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-51736

Malicious code in bioql PyPI...

8CVSS7.8AI score0.00472EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2025/06/04 9:0 p.m.6 views

abracadabra (>=0.0.0 <=0.0.7), ac-solver (=0.1.0) +307 more potentially affected by CVE-2025-30167 via jupyter-core (>=4.10.0 <=5.8.0)

jupyter-core PYPI version =4.10.0, =0.0.0, =0.14.0.3, =1.0.0, =0.1.23, =0.20.0, =0.9.5, =0.1.0, =0.0.4, =1.0.1, =0.1.0, =1.0.1, =1.0.1, =1.0.14 and more Source cves: CVE-2025-30167 Source advisory: OSV:GHSA-33P9-3P43-82VQ...

7.3CVSS7AI score0.00154EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 6:9 a.m.7 views

CVE-2023-25557

DataHub is an open-source metadata platform. The DataHub frontend acts as a proxy able to forward any REST or GraphQL requests to the backend. The goal of this proxy is to perform authentication if needed and forward HTTP requests to the DataHub Metadata Store GMS. It has been discovered that the...

9.1CVSS7.2AI score0.00684EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:25 a.m.7 views

CVE-2023-25558

DataHub is an open-source metadata platform. When the DataHub frontend is configured to authenticate via SSO, it will leverage the pac4j library. The processing of the idtoken is done in an unsafe manner which is not properly accounted for by the DataHub frontend. Specifically, if any of the...

8.8CVSS7.5AI score0.01034EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:0 a.m.9 views

CVE-2023-47629

DataHub is an open-source metadata platform. In affected versions sign-up through an invite link does not properly restrict users from signing up as privileged accounts. If a user is given an email sign-up link they can potentially create an admin account given certain preconditions. If the defau...

8CVSS6.8AI score0.00472EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:58 a.m.7 views

CVE-2023-47628

DataHub is an open-source metadata platform. DataHub Frontend's sessions are configured using Play Framework's default settings for stateless session which do not set an expiration time for a cookie. Due to this, if a session cookie were ever leaked, it would be valid forever. DataHub uses a...

4.8CVSS6.7AI score0.00379EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:57 a.m.10 views

CVE-2023-47640

DataHub is an open-source metadata platform. The HMAC signature for DataHub Frontend sessions was being signed using a SHA-1 HMAC with the frontend secret key. SHA1 with a 10 byte key can be brute forced using sufficient resources i.e. state level actors with large computational capabilities...

8.8CVSS6.7AI score0.00363EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:10 a.m.7 views

CVE-2013-0682

Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 do not properly handle exceptions, which allows remote attackers to cause a denial of service application crash or possibly execute...

7.5CVSS8.4AI score0.02467EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:9 a.m.10 views

CVE-2013-0680

Stack-based buffer overflow in the web server in Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allows remote attackers to cause a denial of service daemon crash or possibly execute...

7.5CVSS8.7AI score0.18768EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:47 a.m.6 views

CVE-2011-3501

Integer overflow in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to cause a denial of service crash via a negative or large Content-Length value...

5CVSS7.2AI score0.03018EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:15 a.m.10 views

CVE-2011-3502

The web server in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to obtain the source code of executable files via a request with a trailing 1 space or 2 %2e encoded dot...

5CVSS7.1AI score0.05891EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:15 a.m.7 views

CVE-2011-3500

Directory traversal vulnerability in the web server in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to read arbitrary files via a ..\ dot dot backslash in an HTTP request...

5CVSS7AI score0.02652EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:14 a.m.6 views

CVE-2011-3493

Multiple stack-based buffer overflows in the DHOneSecondTick function in Cogent DataHub 7.1.1.63 and earlier allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via long 1 domain, 2 reportdomain, 3 registerdatahub, or 4 slave commands...

10CVSS8.2AI score0.07991EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:31 a.m.11 views

CVE-2013-0683

The DataSim and DataPid demonstration clients in Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allow remote servers to cause a denial of service incorrect pointer access and client cra...

7.1CVSS6.9AI score0.00992EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/03/25 2:38 a.m.6 views

Malicious code in datahub-react-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f1d82378a4b4eeb1355f9d5fbee783eb02ebfd625e5b7480f1ab594461b8d90d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
OSV
OSV
added 2025/03/25 2:38 a.m.4 views

MAL-2025-2663 Malicious code in datahub-react-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f1d82378a4b4eeb1355f9d5fbee783eb02ebfd625e5b7480f1ab594461b8d90d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/05 7:37 p.m.7 views

CVE-2022-39366

DataHub is an open-source metadata platform. Prior to version 0.8.45, the StatelessTokenService of the DataHub metadata service GMS does not verify the signature of JWT tokens. This allows an attacker to connect to DataHub instances as any user if Metadata Service authentication is enabled. This...

9.9CVSS6.9AI score0.00851EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 8:7 a.m.8 views

CVE-2024-29037

datahub-helm provides the Kubernetes Helm charts for deploying Datahub and its dependencies on a Kubernetes cluster. Starting in version 0.1.143 and prior to version 0.2.182, due to configuration issues in the helm chart, if there was a successful initial deployment during a limited window of tim...

9.1CVSS7.1AI score0.00605EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/04 11:46 p.m.5 views

CVE-2024-22409

DataHub is an open-source metadata platform. In affected versions a low privileged user could remove a user, edit group members, or edit another user's profile information. The default privileges gave too many broad permissions to low privileged users. These have been constrained in PR 9067 to...

8.8CVSS7.2AI score0.00652EPSS
Exploits1References1
Rows per page
Query Builder