Lucene search
K

137 matches found

CNNVD
CNNVD
added 2025/02/20 12:0 a.m.3 views

DocsGPT 安全漏洞

DocsGPT is a cutting edge open source solution from Arc53 Open Source. It simplifies the process of finding information in project documentation. A security vulnerability exists in DocsGPT versions 0.8.1 through 0.12.0 that stems from improper parsing of JSON data using the eval function. An...

9.3CVSS8.8AI score0.15099EPSS
Exploits3References6
Positive Technologies
Positive Technologies
added 2025/02/06 12:0 a.m.3 views

PT-2025-5828

Name of the Vulnerable Software and Affected Versions DocsGPT versions 0.8.1 through 0.12.0 Description A vulnerability has been found in DocsGPT that could result in Remote Code Execution RCE. Due to improper parsing of JSON data using eval, an unauthorized attacker could send arbitrary Python...

9.3CVSS9AI score0.15099EPSS
Exploits3References20
Vulnrichment
Vulnrichment
added 2024/11/27 9:28 p.m.11 views

CVE-2024-53260 Course Roster vulnerable to CSV Injection in Autolab

Autolab is a course management service that enables auto-graded programming assignments. A user can modify their first and or last name to include a valid excel / spreadsheet formula. When an instructor downloads their course's roster and opens, this name will then be evaluated as a formula. This...

6.8CVSS6.9AI score0.00462EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/27 9:28 p.m.46 views

CVE-2024-53260 Course Roster vulnerable to CSV Injection in Autolab

Autolab is a course management service that enables auto-graded programming assignments. A user can modify their first and or last name to include a valid excel / spreadsheet formula. When an instructor downloads their course's roster and opens, this name will then be evaluated as a formula. This...

6.8CVSS0.00462EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/11/27 12:0 a.m.4 views

PT-2024-35698 · Autolab · Autolab

Name of the Vulnerable Software and Affected Versions: Autolab affected versions not specified Description: Autolab is a course management service that enables auto-graded programming assignments. A user can modify their first and or last name to include a valid excel / spreadsheet formula. When ...

6.8CVSS7AI score0.00462EPSS
Exploits0References7
OSV
OSV
added 2024/10/24 7:10 a.m.128 views

BIT-GRAFANA-2023-5122 SSRF in CSV Datasource Plugin

Grafana is an open-source platform for monitoring and observability. The CSV datasource plugin is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing CSV data from a remote endpoint configured by an administrator. If this plugin was configured to send requests t...

5.3CVSS5AI score0.00509EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2024/08/07 12:0 a.m.5 views

The configuration vulnerability of Enable Client Autoupdate for the Remote Access End Point Control service of the SonicWall EPC software, which enables remote access to SonicWall SMA 100 network devices, allows a perpetrator to execute arbitrary code.

The vulnerability of the Enable Client Autoupdate configuration of the Remote Access End Point Control service provided by SonicWall NetExtender for remote access to SonicWall SMA 100 network devices is related to improper code generation. Exploiting this vulnerability could allow an attacker...

7.1CVSS8.2AI score0.01864EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/05/16 5:44 p.m.41 views

Denial of service of Minder Server with attacker-controlled REST endpoint

The Minder REST ingester is vulnerable to a denial of service attack via an attacker-controlled REST endpoint that can crash the Minder server. The REST ingester allows users to interact with REST endpoints to fetch data for rule evaluation. When fetching data with the REST ingester, Minder sends...

5.3CVSS7AI score0.00465EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/02/14 3:15 p.m.12 views

CVE-2023-5122

Grafana is an open-source platform for monitoring and observability. The CSV datasource plugin is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing CSV data from a remote endpoint configured by an administrator. If this plugin was configured to send requests t...

5.3CVSS5.9AI score0.00509EPSS
Exploits0References2
NVD
NVD
added 2024/02/14 3:15 p.m.32 views

CVE-2023-5122

Grafana is an open-source platform for monitoring and observability. The CSV datasource plugin is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing CSV data from a remote endpoint configured by an administrator. If this plugin was configured to send requests t...

5.3CVSS5.1AI score0.00509EPSS
Exploits0References2
Prion
Prion
added 2024/02/14 3:15 p.m.25 views

Path traversal

The JSON datasource plugin https://grafana.com/grafana/plugins/marcusolsson-json-datasource/ https://grafana.com/grafana/plugins/marcusolsson-json-datasource/ is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing JSON data from a remote endpoint including a...

6CVSS7.5AI score0.0077EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/02/14 3:6 p.m.17 views

CVE-2023-5123 Improper Path Sanitization in JSON Datasource Plugin

The JSON datasource plugin https://grafana.com/grafana/plugins/marcusolsson-json-datasource/ is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing JSON data from a remote endpoint including a specific sub-path configured by an administrator. Due to inadequate...

8CVSS8AI score0.0077EPSS
Exploits0References2
Grafana
Grafana
added 2024/02/14 12:0 a.m.10 views

SSRF in CSV Datasource Plugin

Grafana is an open-source platform for monitoring and observability. The CSV datasource plugin is a Grafana Labs maintained plugin that allows for retrieving and processing CSV data from a remote endpoint configured by an administrator. If this plugin was configured to send requests to a bare hos...

5.3CVSS5.8AI score0.00509EPSS
Exploits0
Grafana
Grafana
added 2024/02/14 12:0 a.m.13 views

Improper Path Sanitization in JSON Datasource Plugin

Grafana is an open-source platform for monitoring and observability. The JSON datasource plugin is a Grafana Labs maintained plugin that allows for retrieving and processing JSON data from a remote endpoint including a specific sub-path configured by an administrator. Due to inadequate sanitizati...

8CVSS5.9AI score0.0077EPSS
Exploits0
CNNVD
CNNVD
added 2024/02/14 12:0 a.m.5 views

Grafana Code Issue Vulnerability

Grafana is Grafana open source set of open source monitoring tools that provide a visual monitoring interface . The tool is primarily used to monitor and analyze Graphite, InfluxDB, and Prometheus, among others. Grafana has a security vulnerability that stems from a CSV datasource plugin that...

5.3CVSS6.9AI score0.00509EPSS
Exploits0References5
OSV
OSV
added 2024/01/17 8:15 a.m.4 views

CVE-2023-51734

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Identity parameter under Remote endpoint settings at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to th...

5.4CVSS5.9AI score
Exploits0References1
Prion
Prion
added 2024/01/17 8:15 a.m.15 views

Input validation

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Identity parameter under Remote endpoint settings at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to th...

4.9CVSS6.2AI score0.00358EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/01/17 7:13 a.m.36 views

CVE-2023-51734

CVE-2023-51734 affects Skyworth Router CM5100, version 4.1.1.24. The issue originates from insufficient validation of the Identity parameter in the web interface’s Remote endpoint settings, enabling a remote attacker to supply crafted input that can trigger a stored XSS vulnerability. The availab...

6.9CVSS5.3AI score0.00358EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/01/17 7:13 a.m.23 views

CVE-2023-51734 Stored Cross Site Scripting Vulnerability in Skyworth Router

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Identity parameter under Remote endpoint settings at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to th...

6.9CVSS6.6AI score0.00358EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/01/17 7:13 a.m.16 views

CVE-2023-51734 Stored Cross Site Scripting Vulnerability in Skyworth Router

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Identity parameter under Remote endpoint settings at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to th...

6.9CVSS6.2AI score0.00358EPSS
Exploits0References1
Rows per page
Query Builder