Lucene search
K

70 matches found

Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.11 views

PT-2025-51976

Name of the Vulnerable Software and Affected Versions Zed versions prior to 0.218.2-pre Description The Zed IDE is susceptible to arbitrary code execution through maliciously crafted Model Context Protocol MCP configurations. These configurations, found in the settings.json file within a project’...

7.7CVSS7.7AI score0.00252EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.6 views

PT-2025-51975

Name of the Vulnerable Software and Affected Versions Zed versions prior to 0.218.2-pre Description The Zed IDE is susceptible to arbitrary code execution. The IDE loads Language Server Protocol LSP configurations from the settings.json file within a project’s .zed subdirectory. A malicious LSP...

7.7CVSS8AI score0.0027EPSS
Exploits1References6
GithubExploit
GithubExploit
added 2025/12/13 3:49 p.m.142 views

MicrosoftAmplifierPoC

Microsoft Amplifier RCE PoC Proof of concept demonstrating re...

8.2AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-46330

Malicious code in bioql PyPI...

4.9CVSS6.3AI score0.00544EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-42218

Malicious code in bioql PyPI...

7.1CVSS6.6AI score0.00333EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.12 views

EUVD-2021-28340

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00836EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-12309

Malicious code in bioql PyPI...

5.3CVSS5.4AI score0.00786EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2022-2230

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Stored Cross-Site Scripting vulnerability in the project settings page in GitLab CE/EE affecting all versions from 14.4 prior to 14.10.5, 15.0 prior to 15.0.4...

8.1CVSS6.7AI score0.5624EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 3:31 a.m.8 views

CVE-2023-3964

An issue has been discovered in GitLab affecting all versions starting from 13.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for users to access composer packages on public projects that have package registry disable...

4.3CVSS6.5AI score0.00456EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 1:9 a.m.6 views

CVE-2024-46881

Develocity formerly Gradle Enterprise before 2024.1.8 has Incorrect Access Control. Project-level access control configuration was introduced in Enterprise Config schema version 8. Migration functionality from schema version 8 to versions 9 and 10 in affected vulnerable versions does not include...

7.1CVSS6.6AI score0.00333EPSS
Exploits0
NVD
NVD
added 2025/01/26 7:15 a.m.11 views

CVE-2024-46881

Develocity formerly Gradle Enterprise before 2024.1.8 has Incorrect Access Control. Project-level access control configuration was introduced in Enterprise Config schema version 8. Migration functionality from schema version 8 to versions 9 and 10 in affected vulnerable versions does not include...

7.1CVSS0.00333EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/26 12:0 a.m.7 views

PT-2025-2749 · Unknown · Develocity

Name of the Vulnerable Software and Affected Versions: Develocity versions 2023.3.X through 2023.4.X Develocity versions 2023.3.X through 2024.1.7 Develocity versions 2023.4.X through 2024.1.7 Develocity versions prior to 2024.1.8 Description: The issue arises from incorrect access control in...

7.1CVSS7.1AI score0.00333EPSS
Exploits0References9
CVE
CVE
added 2025/01/26 12:0 a.m.54 views

CVE-2024-46881

The CVE-2024-46881 issue in Develocity (Gradle Enterprise) stems from an incorrect access-control migration. Enterprise Config schema v8 introduced project-level access control; when upgrading to schemas 9/10, the projects section may be omitted, causing all project settings to reset to defaults ...

7.1CVSS6.7AI score0.00333EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/26 12:0 a.m.14 views

CVE-2024-46881

Develocity formerly Gradle Enterprise before 2024.1.8 has Incorrect Access Control. Project-level access control configuration was introduced in Enterprise Config schema version 8. Migration functionality from schema version 8 to versions 9 and 10 in affected vulnerable versions does not include...

7.1CVSS0.00333EPSS
Exploits0References1
NVD
NVD
added 2024/12/09 5:15 p.m.11 views

CVE-2023-43962

Cross Site Scripting vulnerability in Xunrui CMS Public Edition v.4.6.1 allows a remote attacker to execute arbitrary code via the project name function in the project settings tab...

4.8CVSS0.00329EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/09 12:0 a.m.4 views

XunRui CMS 安全漏洞

XunRui CMS Xunrui CMS is China Xunrui Xunrui company's set of open source content management system CMS. A cross-site scripting vulnerability exists in XunRui CMS v4.6.1, which stems from the lack of effective filtering and escaping of user-supplied data, and can be exploited by a remote attacker...

4.8CVSS6.9AI score0.00329EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/09 12:0 a.m.10 views

CVE-2023-43962

Cross Site Scripting vulnerability in Xunrui CMS Public Edition v.4.6.1 allows a remote attacker to execute arbitrary code via the project name function in the project settings tab...

7.3AI score0.00329EPSS
Exploits0References1
CVE
CVE
added 2024/12/09 12:0 a.m.56 views

CVE-2023-43962

Xunrui CMS Public Edition v4.6.1 is affected by a Cross Site Scripting vulnerability. The flaw enables a remote attacker to execute arbitrary code via the project name function in the project settings tab. The Red Hat, CNVD, CNVD, NVD, CIRCL, and CVE listings consistently describe the same issue....

4.8CVSS7.3AI score0.00329EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/08/09 12:0 a.m.5 views

The configuration of the JetBrains Space module “Project Settings” exposes vulnerabilities. This vulnerability relates to the connections in the system for continuous integration and delivery of applications (CI/CD). The JetBrains TeamCity allows attackers to gain unauthorized access to protected information.

The vulnerability of the JetBrains Space module’s Project Settings | Connections system for continuous integration and delivery of applications is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain...

4CVSS5.5AI score0.00328EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/06/06 6:15 p.m.16 views

CVE-2024-5127

In lunary-ai/lunary versions 1.2.2 through 1.2.25, an improper access control vulnerability allows users on the Free plan to invite other members and assign them any role, including those intended for Paid and Enterprise plans only. This issue arises due to insufficient backend validation of role...

5.4CVSS6.7AI score0.00298EPSS
Exploits1References2
Rows per page
Query Builder