68 matches found
CVE-2025-56406
An issue was discovered in mcp-neo4j 0.3.0 allowing attackers to obtain sensitive information or execute arbitrary commands via the SSE service. NOTE: the Supplier's position is that authentication is not mandatory for MCP servers, and the mcp-neo4j MCP server is only intended for use in a local...
CWEXploit
This is a PoC Proof of Concept exploit for various CWE Common...
CVE-2025-48068 Information exposure in Next.js dev server due to lack of origin verification
Next.js is a React framework for building full-stack web applications. In versions starting from 13.0 to before 14.2.30 and 15.0.0 to before 15.2.2, Next.js may have allowed limited source code exposure when the dev server was running with the App Router enabled. The vulnerability only affects...
Exploit for CVE-2025-30208
CVE-2025-30208 & CVE-2025-31125 & CVE-2025-31486 1. Overvie...
Arbitrary Code Injection
Overview langflow is an A Python package with a built-in web application Affected versions of this package are vulnerable to Arbitrary Code Injection through any components that provided the code functionality running on the local machine rather than a sandboxed environment. An attacker can execu...
PT-2024-2807 · Microsoft · Azure Migrate
Name of the Vulnerable Software and Affected Versions: Azure Migrate affected versions not specified Description: The issue is related to improper authorization in the Azure Migrate service for transferring data from a local environment. Exploitation of this issue may allow a remote attacker to...
Information Exposure
Quarkus-core is vulnerable to Information Exposure. The vulnerability is due to the capture of local environment variables from the Quarkus namespace during the build process, leading to applications inheriting potentially sensitive or test-specific settings at runtime...
quarkus-core leaks local environment variables from Quarkus namespace during application's build
A vulnerability was found in the quarkus-core component. Quarkus captures the local environment variables from the Quarkus namespace during the application's build. Thus, running the resulting application inherits the values captured at build time. However, some local environment variables may ha...
CVE-2024-2700
A vulnerability was found in the quarkus-core component. Quarkus captures local environment variables from the Quarkus namespace during the application's build, therefore, running the resulting application inherits the values captured at build time. Some local environment variables may have been...
CVE-2024-2700 Quarkus-core: leak of local configuration properties into quarkus applications
A vulnerability was found in the quarkus-core component. Quarkus captures local environment variables from the Quarkus namespace during the application's build, therefore, running the resulting application inherits the values captured at build time. Some local environment variables may have been...
PT-2024-21609 · Quarkus · Quarkus
Name of the Vulnerable Software and Affected Versions: Quarkus affected versions not specified Description: A vulnerability was found in the quarkus-core component. Quarkus captures local environment variables from the Quarkus namespace during the application's build, and the resulting applicatio...
Server side request forgery (ssrf)
A Blind SSRF vulnerability exists in the "Crawl Meta Data" functionality of SEO Panel version 4.10.0. This makes it possible for remote attackers to scan ports in the local environment...
Server side request forgery (ssrf)
Engelsystem is a shift planning system for chaos events. A Blind SSRF in the "Import schedule" functionality makes it possible to perform a port scan against the local environment. This vulnerability has been fixed in commit ee7d30b33. If a patch cannot be deployed, operators should ensure that n...
CVE-2023-45152 Blind Server Side Request Forgery (SSRF) in remote schedule import feature in Engelsystem
Engelsystem is a shift planning system for chaos events. A Blind SSRF in the "Import schedule" functionality makes it possible to perform a port scan against the local environment. This vulnerability has been fixed in commit ee7d30b33. If a patch cannot be deployed, operators should ensure that n...
CVE-2022-27176
Incomplete filtering of special elements vulnerability exists in RevoWorks SCVX using 'File Sanitization Library' 1.043 and prior versions, RevoWorks Browser 2.2.67 and prior versions when using 'File Sanitization Option', and RevoWorks Desktop 2.1.84 and prior versions when using 'File...
Design/Logic Flaw
Incomplete filtering of special elements vulnerability exists in RevoWorks SCVX using 'File Sanitization Library' 1.043 and prior versions, RevoWorks Browser 2.2.67 and prior versions when using 'File Sanitization Option', and RevoWorks Desktop 2.1.84 and prior versions when using 'File...
CVE-2022-27176
Incomplete filtering of special elements vulnerability exists in RevoWorks SCVX using 'File Sanitization Library' 1.043 and prior versions, RevoWorks Browser 2.2.67 and prior versions when using 'File Sanitization Option', and RevoWorks Desktop 2.1.84 and prior versions when using 'File...
CVE-2021-20791
Improper access control vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to bypass access restriction and to exchange unauthorized files between the local environment and the isolated environment or settings of the web browser via unspecified vectors...
Malicious Package
nodetest199 is a malicious package. The package contains malicious code in index.js which sends local environment variables to a remote server. The malicious code does not execute upon installation...
Security Bulletin: Mutiple Vulnerabilities in OpenSSL affects IBM Watson Studio Local
Summary Mutiple Vulnerabilities in OpenSSL affects IBM Watson Studio Local Vulnerability Details CVEID: CVE-2018-0734 DESCRIPTION: The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to...