Lucene search
K

322 matches found

CNNVD
CNNVD
added 2025/09/24 12:0 a.m.5 views

datart 安全漏洞

datart is an open source data visualization open platform by running-elephant. A security vulnerability exists in datart version 1.0.0-rc.3, which stems from mishandling of configuration files and can lead to path traversal and remote code execution...

8.8CVSS7.6AI score0.01261EPSS
Exploits2References3
CNNVD
CNNVD
added 2025/09/24 12:0 a.m.11 views

datart 安全漏洞

datart is an open source data visualization open platform by running-elephant. A security vulnerability exists in datart version 1.0.0-rc.3, which stems from the POST /viz/image interface not strictly validating filenames, which could lead to a directory traversal attack...

7.1CVSS6.4AI score0.00582EPSS
Exploits2References3
CNNVD
CNNVD
added 2025/08/31 12:0 a.m.3 views

O2OA 安全漏洞

O2OA is an enterprise application development platform from O2OA Open Source. A security vulnerability exists in O2OA 10.0-410 and earlier versions, which originates from a cross-site scripting due to incorrect manipulation of the parameters name/alias/description in the file...

5.4CVSS4.3AI score0.00295EPSS
Exploits1References7
CNNVD
CNNVD
added 2025/08/29 12:0 a.m.4 views

O2OA 安全漏洞

O2OA is an enterprise application development platform from O2OA Open Source. A security vulnerability exists in O2OA version 10.0-410 and earlier, which originates from cross-site scripting due to incorrect manipulation of parameters in the file /xportalassembledesigner/jaxrs/widget...

5.4CVSS4.4AI score0.00245EPSS
Exploits1References7
CNNVD
CNNVD
added 2025/08/29 12:0 a.m.3 views

O2OA 安全漏洞

O2OA is an enterprise application development platform from O2OA Open Source. A security vulnerability exists in O2OA 10.0-410 and earlier versions, which originates from a cross-site scripting due to the incorrect operation of the parameter name/alias/description in the file...

5.4CVSS4.4AI score0.00245EPSS
Exploits1References7
CNNVD
CNNVD
added 2025/07/14 12:0 a.m.3 views

MeterSphere SQL注入漏洞

MeterSphere is MeterSphere's open source one-stop open source continuous testing platform. A SQL injection vulnerability exists in MeterSphere versions prior to 3.6.5-lts, which stems from insufficient validation of the sortField parameter and could lead to SQL injection...

9.8CVSS7.8AI score0.00357EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/07 12:0 a.m.4 views

dify 安全漏洞

dify is an open source LLM application development platform from LangGenius Open Source. A security vulnerability exists in versions 1.1.0 through 1.1.2 of dify, which stems from an uncleaned code node input that could lead to the execution of arbitrary code...

9.8CVSS9.4AI score0.00712EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/06/21 2:44 a.m.3 views

CVE-2025-52487 DNN.PLATFORM possibly allows bypass of IP Filters

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. In versions 7.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted request or proxy to be created that could bypass the design of DNN Login IP Filters allowing login attempts from IP...

8.8CVSS7AI score0.00294EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/21 12:0 a.m.3 views

DNN.PLATFORM 安全漏洞

DNN.PLATFORM is an open source web content management platform CMS from DNN Open Source. A security vulnerability exists in DNN.PLATFORM versions prior to 10.0.1, which stems from a specially crafted request bypassing an IP filter design that could lead to unauthorized logins...

8.8CVSS6.3AI score0.00294EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/17 10:34 p.m.5 views

CVE-2025-49149 Dify has XSS vulnerability

Dify is an open-source LLM app development platform. In version 1.2.0, there is insufficient filtering of user input by web applications. Attackers can use website vulnerabilities to inject malicious script code into web pages. This may result in a cross-site scripting XSS attack when a user...

5.3CVSS5.8AI score0.00231EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/06/17 10:34 p.m.8 views

CVE-2025-49149 Dify has XSS vulnerability

Dify is an open-source LLM app development platform. In version 1.2.0, there is insufficient filtering of user input by web applications. Attackers can use website vulnerabilities to inject malicious script code into web pages. This may result in a cross-site scripting XSS attack when a user...

5.3CVSS0.00231EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/06/17 12:0 a.m.3 views

dify 跨站脚本漏洞

dify is an open source LLM application development platform from LangGenius Open Source. A cross-site scripting vulnerability exists in dify version 1.2.0, which stems from insufficient user input filtering and could lead to cross-site scripting attacks...

6.1CVSS5.9AI score0.00231EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/23 10:47 a.m.13 views

CVE-2024-52008

Fides is an open-source privacy engineering platform. The user invite acceptance API endpoint lacks server-side password policy enforcement, allowing users to set arbitrarily weak passwords by bypassing client-side validation. While the UI enforces password complexity requirements, direct API cal...

8.8CVSS6.8AI score0.00536EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:27 a.m.7 views

CVE-2024-52593

Misskey is an open source, federated social media platform.In affected versions missing validation in NoteCreateService.insertNote, ApPersonService.createPerson, and ApPersonService.updatePerson allows an attacker to control the target of any "origin" links such as the "view on remote instance"...

5.1CVSS6.9AI score0.00357EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:26 a.m.5 views

CVE-2024-52590

Misskey is an open source, federated social media platform. In affected versions missing validation in ApRequestService.signedGet allows an attacker to create fake user profiles that appear to be from a different instance than the one where they actually exist. These profiles can be used to...

8.8CVSS6.8AI score0.00334EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:8 a.m.9 views

CVE-2023-38706

Discourse is an open-source discussion platform. Prior to version 3.1.1 of the stable branch and version 3.2.0.beta1 of the beta and tests-passed branches, a malicious user can create an unlimited number of drafts with very long draft keys which may end up exhausting the resources on the server...

6.5CVSS6.6AI score0.00638EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 4:8 a.m.12 views

CVE-2023-38494

MeterSphere is an open-source continuous testing platform. Prior to version 2.10.4 LTS, some interfaces of the Cloud version of MeterSphere do not have configuration permissions, and are sensitively leaked by attackers. Version 2.10.4 LTS contains a patch for this issue...

7.5CVSS6.8AI score0.00412EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:51 p.m.8 views

CVE-2022-41944

Discourse is an open-source discussion platform. In stable versions prior to 2.8.12 and beta or tests-passed versions prior to 2.9.0.beta.13, under certain conditions, a user can see notifications for topics they no longer have access to. If there is sensitive information in the topic title, it...

4.3CVSS6.4AI score0.00448EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:23 p.m.8 views

CVE-2021-29602

TensorFlow is an end-to-end open source platform for machine learning. The implementation of the DepthwiseConv TFLite operator is vulnerable to a division by zero...

5.5CVSS6.6AI score0.00189EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:7 p.m.6 views

CVE-2021-37703

Discourse is an open-source platform for community discussion. In Discourse before versions 2.7.8 and 2.8.0.beta5, a user's read state for a topic such as the last read post number and the notification level is exposed...

4.3CVSS6.8AI score0.00844EPSS
Exploits0References1
Rows per page
Query Builder