Lucene search
+L

164 matches found

nvd
nvd
added 2025/01/06 10:15 p.m.21 views

CVE-2025-21616

Plane is an open-source project management tool. A cross-site scripting XSS vulnerability has been identified in Plane versions prior to 0.23. The vulnerability allows authenticated users to upload SVG files containing malicious JavaScript code as profile images, which gets executed in victims'...

5.4CVSS0.00263EPSS
Exploits1References1
cvelist
cvelist
added 2025/01/06 9:22 p.m.28 views

CVE-2025-21616 Plane has a Cross-site scripting (XSS) via SVG image upload

Plane is an open-source project management tool. A cross-site scripting XSS vulnerability has been identified in Plane versions prior to 0.23. The vulnerability allows authenticated users to upload SVG files containing malicious JavaScript code as profile images, which gets executed in victims'...

5.4CVSS0.00263EPSS
Exploits1References1
osv
osv
added 2025/01/06 9:22 p.m.5 views

CVE-2025-21616 Plane has a Cross-site scripting (XSS) via SVG image upload

Plane is an open-source project management tool. A cross-site scripting XSS vulnerability has been identified in Plane versions prior to 0.23. The vulnerability allows authenticated users to upload SVG files containing malicious JavaScript code as profile images, which gets executed in victims'...

5.4CVSS5.9AI score0.00263EPSS
Exploits1References3
cnnvd
cnnvd
added 2024/12/26 12:0 a.m.2 views

1000 Projects Portfolio Management System MCA 注入漏洞

1000 Projects Portfolio Management System MCA is an open source portfolio management system from 1000 Projects. An injection vulnerability exists in 1000 Projects Portfolio Management System MCA version 1.0, which stems from a parameter q in the file /updatepersonaldetails.php that can lead to SQ...

9.8CVSS7.9AI score0.00735EPSS
Exploits1References5
ossf
ossf
added 2024/12/21 8:41 p.m.5 views

Malicious code in app-settings-template (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis eb5bad98414af86d07823241157507b0c2c71fb619cb487fb0a126587fa9ae8e The OpenSSF Package Analysis project identified 'app-settings-template' @ 1.0.0 npm as malicious. It is considered malicious because: - The...

6.9AI score
Exploits0
cvelist
cvelist
added 2024/11/18 11:53 a.m.28 views

CVE-2024-11319 Stored XSS in Open Source Project "django-cms"

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in django CMS Association django-cms allows Cross-Site Scripting XSS. This issue affects django-cms: 3.11.7, 3.11.8, 4.1.2, 4.1.3...

4.8CVSS0.00493EPSS
Exploits1References5
ossf
ossf
added 2024/11/15 8:35 a.m.6 views

Malicious code in libnpmpublishing (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 000ac1f9e3e24873823d90fa6c4785583e0f65c86d7c26847dd8819079f1e6e7 The OpenSSF Package Analysis project identified 'libnpmpublishing' @ 99.3.5 npm as malicious. It is considered malicious because: - The package...

6.9AI score
Exploits0
cnnvd
cnnvd
added 2024/11/13 12:0 a.m.16 views

Intel Neural Compressor 输入验证错误漏洞

Intel Neural Compressor is an open source project from Intel Corporation USA designed to help developers easily implement AI model optimization. An input validation error vulnerability exists in Intel Neural Compressor versions prior to v3.0, which stems from improper input validation. An attacke...

5.5CVSS6.5AI score0.00251EPSS
Exploits0References2
githubexploit
githubexploit
added 2024/08/23 1:43 p.m.919 views

Exploit for CVE-2024-42845

invesalius3vulnerabilities Intro The https://github.com/...

8CVSS7.6AI score0.02655EPSS
Exploits6
nvd
nvd
added 2024/07/10 12:15 p.m.12 views

CVE-2024-3799

Insecure handling of POST header parameter body included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which – when visited by a user – will send malicious requests to multiple hosts on the local network. If such a request reach...

8.7CVSS0.14573EPSS
Exploits0References3
nvd
nvd
added 2024/07/10 12:15 p.m.58 views

CVE-2024-3798

Insecure handling of GET header parameter file included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which – when visited by a user – will send malicious requests to multiple hosts on the local network. If such a request reache...

8.7CVSS0.00477EPSS
Exploits0References3
cve
cve
added 2024/07/10 11:59 a.m.61 views

CVE-2024-3799

CVE-2024-3799 describes an insecure handling of POST header body in Phoniebox that allows an attacker to craft a webpage which, when visited by a user, causes the user’s browser to send malicious requests to hosts on the local network, potentially triggering shell command execution on the vulnera...

8.7CVSS6.5AI score0.14573EPSS
Exploits0References3
cvelist
cvelist
added 2024/07/10 11:59 a.m.33 views

CVE-2024-3799 Shell command injection in Phoniebox

Insecure handling of POST header parameter body included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which – when visited by a user – will send malicious requests to multiple hosts on the local network. If such a request reach...

8.7CVSS0.14573EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2024/07/10 11:59 a.m.20 views

CVE-2024-3799 Shell command injection in Phoniebox

Insecure handling of POST header parameter body included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which – when visited by a user – will send malicious requests to multiple hosts on the local network. If such a request reach...

8.7CVSS6.8AI score0.14573EPSS
Exploits0References3
osv
osv
added 2024/07/10 11:59 a.m.24 views

CVE-2024-3798 Insecure handling of GET argument in Phoniebox

Insecure handling of GET header parameter file included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which – when visited by a user – will send malicious requests to multiple hosts on the local network. If such a request reache...

8.7CVSS5.9AI score0.00477EPSS
Exploits0References6
cvelist
cvelist
added 2024/07/10 11:59 a.m.50 views

CVE-2024-3798 Insecure handling of GET argument in Phoniebox

Insecure handling of GET header parameter file included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which – when visited by a user – will send malicious requests to multiple hosts on the local network. If such a request reache...

8.7CVSS0.00477EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2024/07/10 11:59 a.m.18 views

CVE-2024-3798 Insecure handling of GET argument in Phoniebox

Insecure handling of GET header parameter file included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which – when visited by a user – will send malicious requests to multiple hosts on the local network. If such a request reache...

8.7CVSS5.8AI score0.00477EPSS
Exploits0References3
cnnvd
cnnvd
added 2024/06/13 12:0 a.m.6 views

ALCASAR Security Vulnerabilities

ALCASAR is a free open source project from ALCASAR Open Source for managing Internet access on public, business or home networks. A security vulnerability exists in ALCASAR versions prior to 3.6.1 that stems from vulnerability to cross-site request forgery and remote code execution attacks...

9.6CVSS7.9AI score0.00352EPSS
Exploits0References3
cnnvd
cnnvd
added 2024/05/07 12:0 a.m.4 views

MP-SPDZ 安全漏洞

MP-SPDZ is a CSIRO Data61 Engineering & Design open source software for benchmarking various Secure Multiparty Computing MPC protocols in various security models. A security vulnerability exists in MP-SPDZ version v0.3.8. An attacker exploited the vulnerability to cause a denial of service on the...

7.5CVSS6.5AI score0.00681EPSS
Exploits1References2
cvelist
cvelist
added 2024/04/10 5:25 p.m.25 views

CVE-2024-31461 Plane Server-Side Request Forgery (SSRF) Vulnerability

Plane, an open-source project management tool, has a Server-Side Request Forgery SSRF vulnerability in versions prior to 0.17-dev. This issue may allow an attacker to send arbitrary requests from the server hosting the application, potentially leading to unauthorized access to internal systems. T...

9.1CVSS9.3AI score0.00667EPSS
Exploits0References6
Rows per page
Query Builder