Lucene search
+L

193 matches found

euvd
euvd
added 2025/10/03 8:7 p.m.9 views

EUVD-2021-8628

Malicious code in bioql PyPI...

10CVSS9.2AI score0.01198EPSS
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2021-8630

Malicious code in bioql PyPI...

9.6CVSS8.6AI score0.01502EPSS
Exploits0References1
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2021-8626

Malicious code in bioql PyPI...

10CVSS9.2AI score0.54494EPSS
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.4 views

EUVD-2021-8627

Malicious code in bioql PyPI...

10CVSS9.1AI score0.01494EPSS
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2021-8629

Malicious code in bioql PyPI...

8.6CVSS8AI score0.49051EPSS
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-40893

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.01189EPSS
Exploits1References2
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-41745

Malicious code in bioql PyPI...

9.9CVSS8.9AI score0.01712EPSS
Exploits1References3
euvd
euvd
added 2025/10/03 8:7 p.m.30 views

EUVD-2023-28821

Malicious code in bioql PyPI...

8.8CVSS8.5AI score0.00713EPSS
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-41744

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.01822EPSS
Exploits1References4
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-41746

Malicious code in bioql PyPI...

5.4CVSS5.7AI score0.0075EPSS
Exploits1References3
bdu_fstec
bdu_fstec
added 2025/06/03 12:0 a.m.9 views

The vulnerability of the OneDev collaborative development platform, related to insufficient protection of service data, allows a hacker to read arbitrary files.

The vulnerability of the OneDev collaborative development platform is related to insufficient protection for service data. Exploiting this vulnerability allows a remote attacker to read arbitrary files...

7.8CVSS7.9AI score0.24822EPSS
Exploits1References6Affected Software1
redhatcve
redhatcve
added 2025/05/23 8:8 a.m.9 views

CVE-2024-45309

OneDev is a Git server with CI/CD, kanban, and packages. A vulnerability in versions prior to 11.0.9 allows unauthenticated users to read arbitrary files accessible by the OneDev server process. This issue has been fixed in version 11.0.9...

8.7CVSS6.8AI score0.24822EPSS
Exploits1
redhatcve
redhatcve
added 2025/05/23 1:57 a.m.14 views

CVE-2023-24828

Onedev is a self-hosted Git Server with CI/CD and Kanban. In versions prior to 7.9.12 the algorithm used to generate access token and password reset keys was not cryptographically secure. Existing normal users or everyone if it allows self-registration may exploit this to elevate privilege to...

8.8CVSS6.8AI score0.00713EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 10:11 p.m.6 views

CVE-2022-39207

Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. During CI/CD builds, it is possible to save build artifacts for later retrieval. They can be accessed through OneDev's web UI after the successful run of a build. These artifact files are served by the webserver in the same...

5.4CVSS6.5AI score0.0075EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/22 9:32 p.m.8 views

CVE-2021-21250

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which may lead to arbitrary file read. When BuildSpec is provided in XML format, the spec is processed by XmlBuildSpecMigrator.migratebuildSpecString; which processes the XML document withou...

7.7CVSS6.8AI score0.00932EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 9:31 p.m.8 views

CVE-2021-21245

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data request.getInputStream to a user specified location request.getHeader"File-Name". This issue may lead to arbitrary file upload which can be used to upload a WebShell to...

10CVSS6.9AI score0.01198EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 9:31 p.m.11 views

CVE-2021-21247

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the application's BasePage registers an AJAX event listener AbstractPostAjaxBehavior in all pages other than the login page. This listener decodes and deserializes the data query parameter. We can access this listener by...

9.6CVSS6.9AI score0.01502EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 9:30 p.m.9 views

CVE-2021-21246

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the REST UserResource endpoint performs a security check to make sure that only administrators can list user details. However for the /users/id endpoint there are no security checks enforced so it is possible to retrieve...

8.6CVSS7.1AI score0.49051EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 9:30 p.m.5 views

CVE-2021-21242

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the Attachment-Support header. This Servlet does not enforce any authentication or...

10CVSS8AI score0.74191EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 7:45 p.m.8 views

CVE-2021-32651

OneDev is a development operations platform. If the LDAP external authentication mechanism is enabled in OneDev versions 4.4.1 and prior, an attacker can manipulate a user search filter to send forged queries to the application and explore the LDAP tree using Blind LDAP Injection techniques. The...

4.3CVSS7.3AI score0.01073EPSS
Exploits1References1
Rows per page
Query Builder