Lucene search
K

111 matches found

Cvelist
Cvelist
added 2025/03/20 10:11 a.m.10 views

CVE-2024-5752 Path Traversal in stitionai/devika

A path traversal vulnerability exists in stitionai/devika, specifically in the project creation functionality. In the affected version beacf6edaa205a5a5370525407a6db45137873b3, the project name is not validated, allowing an attacker to create a project with a crafted name that traverses...

9.1CVSS0.01436EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/20 10:11 a.m.7 views

CVE-2024-5752 Path Traversal in stitionai/devika

A path traversal vulnerability exists in stitionai/devika, specifically in the project creation functionality. In the affected version beacf6edaa205a5a5370525407a6db45137873b3, the project name is not validated, allowing an attacker to create a project with a crafted name that traverses...

9.1CVSS9.4AI score0.01436EPSS
Exploits0References2
CVE
CVE
added 2025/03/20 10:11 a.m.50 views

CVE-2024-5752

CVE-2024-5752: Path traversal in stitionai/devika . The vulnerability affects the project creation function of stitionai/devika, where the project name is not validated in version beacf6edaa205a5a5370525407a6db45137873b3, enabling crafted names that traverse directories. This can cause arbitrary ...

9.1CVSS7.7AI score0.01436EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.160 views

GitLab Authenticated File Read

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GitLab Authenticated File Read', 'Description' = %q GitLab version 16.0 contains a directory traversal for arbitrary file read as the gitlab-www...

10CVSS7AI score0.71641EPSS
Exploits5
OSV
OSV
added 2024/04/10 5:15 p.m.15 views

CVE-2024-1599

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

6.6AI score
Exploits0
CVE
CVE
added 2024/04/10 5:8 p.m.82 views

CVE-2024-1599

This CVE entry is rejected/not used and does not represent an active vulnerability.

5.3AI score
Exploits0
CNVD
CNVD
added 2024/03/22 12:0 a.m.3 views

Logic flaw vulnerability in KingPortal client development system of Beijing Asian Control Technology Development Co. Ltd (CNVD-2024-21043)

KingPortal client development system is a pure B/S architecture for industrial monitoring web-based configuration products, is the product of the fusion of big data visualization and industrial Internet technology. KingPortal client development system of Beijing Asian Control Technology Developme...

7AI score
Exploits0
Vulnrichment
Vulnrichment
added 2024/02/22 9:52 p.m.12 views

CVE-2024-26152 Label Studio vulnerable to Cross-site Scripting if `<Choices>` or `<Labels>` are used in labeling config

Summary On all Label Studio versions prior to 1.11.0, data imported via file upload feature is not properly sanitized prior to being rendered within a Choices or Labels tag, resulting in an XSS vulnerability. Details Need permission to use the "data import" function. This was reproduced on Label...

4.7CVSS4.8AI score0.02199EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2023/09/07 7:15 p.m.5 views

CVE-2023-37798

A stored cross-site scripting XSS vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the project title parameter...

5.4CVSS6.2AI score0.00346EPSS
Exploits1References4
NVD
NVD
added 2023/09/07 7:15 p.m.20 views

CVE-2023-37798

A stored cross-site scripting XSS vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the project title parameter...

5.4CVSS5.3AI score0.00346EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/09/07 12:0 a.m.10 views

CVE-2023-37798

A stored cross-site scripting XSS vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the project title parameter...

5.6AI score0.00346EPSS
Exploits1References1
Code423n4
Code423n4
added 2022/08/06 12:0 a.m.7 views

Possible to create projects with currency=address(0)

Lines of code Vulnerability details Impact Sometimes it is possible to create projects with currency=address0. Proof of Concept if you call createProject before the contract has been initialized, some areas of the Project service might be denied. Nowhere is it checked that the address is empty,...

6.8AI score
Exploits0
NVD
NVD
added 2022/06/29 6:15 p.m.16 views

CVE-2022-31032

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.58 authorizations are not properly verified when creating projects or trackers from projects marked as templates. Users can get access to information in those templa...

4.3CVSS0.0089EPSS
Exploits0References6
Prion
Prion
added 2022/06/29 6:15 p.m.18 views

Design/Logic Flaw

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.58 authorizations are not properly verified when creating projects or trackers from projects marked as templates. Users can get access to information in those templa...

4CVSS4.5AI score0.0089EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2022/06/29 5:45 p.m.17 views

CVE-2022-31032 Resources of private projects can be exposed in Tuleap

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.58 authorizations are not properly verified when creating projects or trackers from projects marked as templates. Users can get access to information in those templa...

4.3CVSS4.6AI score0.0089EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2022/06/29 12:0 a.m.6 views

PT-2022-20475 · Tuleap · Tuleap

Name of the Vulnerable Software and Affected Versions: Tuleap versions prior to 13.9.99.58 Description: The issue arises from improper verification of authorizations when creating projects or trackers from projects marked as templates. This allows users to access information in those template...

4.3CVSS4.3AI score0.0089EPSS
Exploits0References9
FreeBSD
FreeBSD
added 2021/09/30 12:0 a.m.41 views

Gitlab -- vulnerabilities

Gitlab reports: Stored XSS in merge request creation page Denial-of-service attack in Markdown parser Stored Cross-Site Scripting vulnerability in the GitLab Flavored Markdown DNS Rebinding vulnerability in Gitea importer Exposure of trigger tokens on project exports Improper access control for...

8.7CVSS1AI score0.01227EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2021/08/13 12:0 a.m.479 views

Easy-Mock 1.6.0 Remote Code Execution

Exploit Title: easy-mock 1.6.0 - Remote Code Execution RCE Authenticated Date: 12/08/2021 Exploit Author: LionTree Vendor Homepage: https://github.com/easy-mock Software Link: https://github.com/easy-mock/easy-mock Version: 1.5.0-1.6.0 Tested on: windows 10node v8.17.0 import requests import json...

7.4AI score
Exploits0
CNVD
CNVD
added 2021/07/28 12:0 a.m.24 views

OTRS Cross-Site Scripting Vulnerability (CNVD-2021-57225)

OTRS is an application of the German company OTRS. A cross-site scripting vulnerability exists in OTRS AG Time Accounting, which stems from the ability to inject malicious JS code into specific fields during the project creation screen. No details of the vulnerability are currently available...

5.4CVSS2.4AI score0.00603EPSS
Exploits0References1
OSV
OSV
added 2021/07/26 5:15 a.m.3 views

CVE-2021-21442

In the project create screen it's possible to inject malicious JS code to the certain fields. The code might be executed in the Reporting screen. This issue affects: OTRS AG Time Accounting: 7.0.x versions prior to 7.0.19...

5.4CVSS5.8AI score0.00603EPSS
Exploits0References1
Rows per page
Query Builder