Lucene search
+L

276 matches found

NVD
NVD
added 2025/04/23 5:16 p.m.38 views

CVE-2025-1520

PostHog ClickHouse Table Functions SQL Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

8CVSS0.00466EPSS
Exploits0References2
NVD
NVD
added 2025/04/23 5:16 p.m.8 views

CVE-2025-1521

PostHog slackincomingwebhook Server-Side Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists with...

7.1CVSS0.00589EPSS
Exploits0References2
NVD
NVD
added 2025/04/23 5:16 p.m.13 views

CVE-2025-1522

PostHog databaseschema Server-Side Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

7.1CVSS0.00583EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/04/23 4:45 p.m.7 views

CVE-2025-1522 PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability

PostHog databaseschema Server-Side Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

7.1CVSS6.1AI score0.00583EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/04/23 4:45 p.m.45 views

CVE-2025-1522 PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability

PostHog databaseschema Server-Side Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

7.1CVSS0.00583EPSS
Exploits0References2
CVE
CVE
added 2025/04/23 4:45 p.m.65 views

CVE-2025-1522

CVE-2025-1522 describes a server-side request forgery and information disclosure in PostHog related to the implementation of the database_schema method. The flaw stems from insufficient validation of a URI before accessing resources, enabling an attacker to disclose data within the service accoun...

7.1CVSS6.6AI score0.00583EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/04/23 4:45 p.m.11 views

CVE-2025-1522 PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability

PostHog databaseschema Server-Side Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

7.1CVSS7AI score0.00583EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/04/23 4:45 p.m.8 views

CVE-2025-1521 PostHog slack_incoming_webhook Server-Side Request Forgery Information Disclosure Vulnerability

PostHog slackincomingwebhook Server-Side Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists with...

7.1CVSS6.4AI score0.00589EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/04/23 4:45 p.m.47 views

CVE-2025-1521 PostHog slack_incoming_webhook Server-Side Request Forgery Information Disclosure Vulnerability

PostHog slackincomingwebhook Server-Side Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists with...

7.1CVSS0.00589EPSS
Exploits0References2
OSV
OSV
added 2025/04/23 4:45 p.m.8 views

CVE-2025-1521 PostHog slack_incoming_webhook Server-Side Request Forgery Information Disclosure Vulnerability

PostHog slackincomingwebhook Server-Side Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists with...

7.1CVSS6AI score0.00589EPSS
Exploits0References4
CVE
CVE
added 2025/04/23 4:45 p.m.71 views

CVE-2025-1521

CVE-2025-1521 concerns PostHog's slack_incoming_webhook processing. The vulnerability stems from inadequate validation of a URI before accessing resources, enabling a network-based SSRF that can disclose sensitive information and potentially execute code in the service account context. The initia...

7.1CVSS6.4AI score0.00589EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2025/04/23 4:45 p.m.65 views

CVE-2025-1520

Summary of CVE-2025-1520 : Affected product family is PostHog, specifically the ClickHouse Table Functions component. The vulnerability is a SQL injection leading to remote code execution, stemming from improper validation of a user-supplied string used to construct SQL queries within the SQL par...

8CVSS7.5AI score0.00466EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/04/23 4:45 p.m.46 views

CVE-2025-1520 PostHog ClickHouse Table Functions SQL Injection Remote Code Execution Vulnerability

PostHog ClickHouse Table Functions SQL Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

7.1CVSS0.00466EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/04/23 4:45 p.m.6 views

CVE-2025-1520 PostHog ClickHouse Table Functions SQL Injection Remote Code Execution Vulnerability

PostHog ClickHouse Table Functions SQL Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

7.1CVSS8.4AI score0.00466EPSS
Exploits0References2
OSV
OSV
added 2025/04/23 4:45 p.m.7 views

CVE-2025-1520 PostHog ClickHouse Table Functions SQL Injection Remote Code Execution Vulnerability

PostHog ClickHouse Table Functions SQL Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

7.1CVSS7.6AI score0.00466EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/04/23 12:0 a.m.5 views

PostHog 代码问题漏洞

PostHog is an all-in-one open source platform from PostHog Open Source. A code issue vulnerability exists in PostHog that stems from the lack of validation of the URI when the slackincomingwebhook parameter is processed, which could lead to server-side request forgery and information disclosure...

7.1CVSS6.8AI score0.00589EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/04/23 12:0 a.m.5 views

PostHog 代码问题漏洞

PostHog is an all-in-one open source platform from PostHog Open Source. A code issue vulnerability exists in PostHog that stems from the databaseschema method implementation not validating the URI, which could lead to server-side request forgery and information disclosure...

7.1CVSS6.8AI score0.00583EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/04/23 12:0 a.m.3 views

PostHog SQL注入漏洞

PostHog is an all-in-one open source platform from PostHog Open Source. PostHog suffers from a SQL injection vulnerability that stems from a SQL parser implementation that does not validate user input, which could lead to SQL injection and remote code execution...

8CVSS7.6AI score0.00466EPSS
Exploits0References2
Zero Day Initiative
Zero Day Initiative
added 2025/02/25 12:0 a.m.13 views

PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the databaseschema method. The issue results from the lack of proper...

7.1CVSS6AI score0.00583EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/25 12:0 a.m.8 views

PT-2025-7891 · Posthog · Posthog

Name of the Vulnerable Software and Affected Versions: PostHog affected versions not specified Description: The issue is related to a Server-Side Request Forgery SSRF and Information Disclosure vulnerability in the database schema of PostHog. Recommendations: At the moment, there is no informatio...

7.1CVSS6.5AI score0.00583EPSS
Exploits0References6
Rows per page
Query Builder