Lucene search
+L

191 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-37413

Malicious code in bioql PyPI...

8.2CVSS8.1AI score0.00474EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-25168

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00475EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-2308

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.01225EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/09/30 12:45 a.m.12 views

CVE-2025-56449

A security vulnerability was identified in Obsidian Scheduler's REST API 5.0.0 thru 6.3.0. If an account is locked out due to not enrolling in MFA e.g. after the 7-day enforcement window, the REST API still allows the use of Basic Authentication to authenticate and perform administrative actions...

6.8AI score0.00354EPSS
Exploits0References1
NVD
NVD
added 2025/09/29 3:16 p.m.5 views

CVE-2025-56449

A security vulnerability was identified in Obsidian Scheduler's REST API 5.0.0 thru 6.3.0. If an account is locked out due to not enrolling in MFA e.g. after the 7-day enforcement window, the REST API still allows the use of Basic Authentication to authenticate and perform administrative actions...

8.2CVSS0.00354EPSS
Exploits0References3
CVE
CVE
added 2025/09/29 12:0 a.m.17 views

CVE-2025-56449

Obsidian Scheduler REST API 5.0.0–6.3.0 is affected. The root cause is that accounts locked out due to MFA enforcement can still authenticate via Basic Authentication for administrative actions, allowing creation of a new privileged user and bypassing MFA protections. The issue affects the REST A...

8.2CVSS6.4AI score0.00354EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/09/29 12:0 a.m.6 views

Obsidian Scheduler 安全漏洞

Obsidian Scheduler is an enterprise-level task scheduler from Obsidian USA. A security vulnerability exists in Obsidian Scheduler versions 5.0.0 through 6.3.0, which stems from an account lockout that still allows authentication via Basic Authentication, which could lead to bypassing MFA...

8.2CVSS6.9AI score0.00354EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/09/29 12:0 a.m.3 views

CVE-2025-56449

A security vulnerability was identified in Obsidian Scheduler's REST API 5.0.0 thru 6.3.0. If an account is locked out due to not enrolling in MFA e.g. after the 7-day enforcement window, the REST API still allows the use of Basic Authentication to authenticate and perform administrative actions...

6.4AI score0.00354EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/09/29 12:0 a.m.12 views

CVE-2025-56449

A security vulnerability was identified in Obsidian Scheduler's REST API 5.0.0 thru 6.3.0. If an account is locked out due to not enrolling in MFA e.g. after the 7-day enforcement window, the REST API still allows the use of Basic Authentication to authenticate and perform administrative actions...

0.00354EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/29 12:0 a.m.12 views

PT-2025-39827

Name of the Vulnerable Software and Affected Versions Obsidian Scheduler versions 5.0.0 through 6.3.0 Description A security issue exists in the Obsidian Scheduler REST API. If an account is locked out due to not enrolling in Multi-Factor Authentication MFA, the REST API continues to permit the u...

8.2CVSS6.7AI score0.00354EPSS
Exploits0References6
Metasploit
Metasploit
added 2025/09/16 6:53 p.m.1064 views

Obsidian Plugin Persistence

This module searches for Obsidian vaults for a user, and uploads a malicious community plugin to the vault. The vaults must be opened with community plugins enabled NOT restricted mode, but the plugin will be enabled automatically. Tested against Obsidian 1.7.7 on Kali, Ubuntu 22.04, and Windows...

5.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/09/07 5:33 a.m.16 views

CVE-2025-58401

Obsidian GitHub Copilot Plugin versions prior to 1.1.7 store Github API token in cleartext form. As a result, an attacker may perform unauthorized operations on the linked Github account...

6.8CVSS6.6AI score0.00094EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/09/05 7:52 a.m.14 views

Obsidian GitHub Copilot Plugin stores sensitive information in cleartext

Overview Obsidian GitHub Copilot Plugin provided by Pierre-Adrien Vasseur is vulnerable to the following vulnerability. Cleartext storage of sensitive information CWE-312 - CVE-2025-58401 Rui Nakajima reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

6.8CVSS6.6AI score0.00094EPSS
Exploits0References4
CVE
CVE
added 2025/09/05 4:28 a.m.37 views

CVE-2025-58401

Summary: CVE-2025-58401 affects Obsidian GitHub Copilot Plugin versions prior to 1.1.7 and is due to storing GitHub API tokens in cleartext. This enables an attacker to perform unauthorized operations on the linked GitHub account. Impact: Unauthorized access to the GitHub account via the plugin t...

6.8CVSS6.3AI score0.00094EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/05 4:28 a.m.5 views

CVE-2025-58401

Obsidian GitHub Copilot Plugin versions prior to 1.1.7 store Github API token in cleartext form. As a result, an attacker may perform unauthorized operations on the linked Github account...

6.8CVSS6.6AI score0.00094EPSS
Exploits0References2
OSV
OSV
added 2025/09/05 4:28 a.m.5 views

CVE-2025-58401

Obsidian GitHub Copilot Plugin versions prior to 1.1.7 store Github API token in cleartext form. As a result, an attacker may perform unauthorized operations on the linked Github account...

5.1CVSS6.8AI score0.00094EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/09/05 4:28 a.m.30 views

CVE-2025-58401

Obsidian GitHub Copilot Plugin versions prior to 1.1.7 store Github API token in cleartext form. As a result, an attacker may perform unauthorized operations on the linked Github account...

6.8CVSS0.00094EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/09/05 12:0 a.m.6 views

Obsidian GitHub Copilot Plugin 安全漏洞

Obsidian GitHub Copilot Plugin is a Github Copilot plugin by the individual developer Pierre-Adrien Vasseur. A security vulnerability exists in versions of Obsidian GitHub Copilot Plugin prior to 1.1.7, which stems from storing Github API tokens in clear-text form, which could lead to unauthorize...

6.8CVSS6.4AI score0.00094EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/05 12:0 a.m.10 views

PT-2025-36109

Name of the Vulnerable Software and Affected Versions: Obsidian GitHub Copilot Plugin versions prior to 1.1.7 Description: The Obsidian GitHub Copilot Plugin stores Github API tokens in cleartext form. This allows an attacker to perform unauthorized operations on the linked Github account...

6.8CVSS6.6AI score0.00094EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/08/21 12:26 a.m.11 views

CVE-2025-54336

In Plesk Obsidian 18.0.70, isAdminPasswordValid uses an == comparison. Thus, if the correct password is "0e" followed by any digit string, then an attacker can login with any other string that evaluates to 0.0 such as the 0e0 string. This occurs in admin/plib/LoginManager.php...

9.8CVSS7.3AI score0.00475EPSS
Exploits0References1
Rows per page
Query Builder