Lucene search
K

36 matches found

NVD
NVD
added 2025/08/15 3:15 p.m.11 views

CVE-2025-54466

Improper Control of Generation of Code 'Code Injection' vulnerability leading to a possible RCE in Apache OFBiz scrum plugin. This issue affects Apache OFBiz: before 24.09.02 only when the scrum plugin is used. Even unauthenticated attackers can exploit this vulnerability. Users are recommended t...

9.8CVSS0.13995EPSS
Exploits0References6
CVE
CVE
added 2025/08/15 2:13 p.m.23 views

CVE-2025-54466

CVE-2025-54466 involves an RCE in the Apache OFBiz Scrum plugin caused by improper control of code generation. Affected: Apache OFBiz versions prior to 24.09.02 when the Scrum plugin is used. Exploitation can be performed by unauthenticated attackers, potentially enabling remote code execution. R...

9.8CVSS6.8AI score0.13995EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2025/08/15 2:13 p.m.4 views

CVE-2025-54466 Apache OFBiz: RCE Vulnerability in scrum plugin

Improper Control of Generation of Code 'Code Injection' vulnerability leading to a possible RCE in Apache OFBiz scrum plugin. This issue affects Apache OFBiz: before 24.09.02 only when the scrum plugin is used. Even unauthenticated attackers can exploit this vulnerability. Users are recommended t...

7.4AI score0.13995EPSS
Exploits0References5
OSV
OSV
added 2025/08/15 2:13 p.m.5 views

CVE-2025-54466 Apache OFBiz: RCE Vulnerability in scrum plugin

Improper Control of Generation of Code 'Code Injection' vulnerability leading to a possible RCE in Apache OFBiz scrum plugin. This issue affects Apache OFBiz: before 24.09.02 only when the scrum plugin is used. Even unauthenticated attackers can exploit this vulnerability. Users are recommended t...

6.3CVSS6AI score0.13995EPSS
Exploits0References8
Cvelist
Cvelist
added 2025/08/15 2:13 p.m.59 views

CVE-2025-54466 Apache OFBiz: RCE Vulnerability in scrum plugin

Improper Control of Generation of Code 'Code Injection' vulnerability leading to a possible RCE in Apache OFBiz scrum plugin. This issue affects Apache OFBiz: before 24.09.02 only when the scrum plugin is used. Even unauthenticated attackers can exploit this vulnerability. Users are recommended t...

0.13995EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.2 views

Malicious code in test-mlw2-hoven-scrum (npm)

The package test-mlw2-hoven-scrum was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.1 views

MAL-2025-35537 Malicious code in test-mlw2-hoven-scrum (npm)

The package test-mlw2-hoven-scrum was found to contain malicious code...

7.2AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/08/05 12:0 a.m.8 views

PT-2025-31969 · Apache +1 · Apache Ofbiz +2

Name of the Vulnerable Software and Affected Versions: Apache OFBiz versions prior to 24.09.02 Description: This issue involves improper control of code generation 'Code Injection' in the scrum plugin of Apache OFBiz, potentially leading to Remote Code Execution RCE. Unauthenticated attackers can...

9.8CVSS7.3AI score0.13995EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2024/11/25 12:0 a.m.5 views

PT-2024-35774 · Taiga · Taiga

Name of the Vulnerable Software and Affected Versions: Taiga version 8.6.1 Description: A Client-Side Template Injection CSTI issue in the /project/new/scrum component allows remote attackers to execute arbitrary code by injecting a malicious payload within the new project details. Recommendation...

8CVSS8AI score0.00708EPSS
Exploits0References4
0day.today
0day.today
added 2019/03/07 12:0 a.m.40 views

Kados R10 GreenBee - Multiple SQL Injection Vulnerability

Exploit for php platform in category web applications =========================================================================================== Exploit Title: Kados R10 GreenBee - 'menulev1' SQL Injection Dork: N/A Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://www.kados.info/ Softwar...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2019/03/07 12:0 a.m.38 views

Kados R10 GreenBee SQL Injection

=========================================================================================== Exploit Title: Kados R10 GreenBee - 'menulev1' SQL Injection Dork: N/A Date: 06-03-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://www.kados.info/ Software Link:...

0.3AI score
Exploits0
Information Security Automation
Information Security Automation
added 2019/01/10 9:49 p.m.161 views

Managing JIRA Scrum Sprints using API

Atlassian Jira is a great tool for organizing Agile processes, especially Scrum. But managing Scrum Sprints manually using Jira web GUI maybe time consuming and annoying. So, I decided to automate some routine operations using JIRA API and Python. The API calls are described on the official page ...

0.4AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2018/05/24 3:0 p.m.34 views

Want better apps? You need a (agile security) hero!

If weve learned anything from the rise of Marvel Cinematic Universe, its that good things tend to happen when heroes intervene. For securing new applications, this metaphor is a useful one because security isnt always top-of-mind for scrum teams, nor is it always conducive to meeting aggressive...

7.1AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2017/12/27 3:0 p.m.32 views

VIDEO: Carbon Black’s Agile Transformation

In 2017, our product team went through a major "Agile Transformation." All employees adopted this new way of working to establish better collaboration within and across teams. We’ve restructured our teams to be smaller and more cross-functional. We’ve hired Agile Coaches and Scrum Masters to keep...

6.9AI score
Exploits0
Atlassian
Atlassian
added 2016/10/25 7:44 a.m.47 views

XSRF Security Token Missing when clicking on Contact an administrator

h3. Summary Clicking on the "Contact an administrator to perform this action." results in XSRF Security Token Missing. Tested with : Chrome Version 54.0.2840.59 64-bit Firefox 49.0 h3. Steps to Reproduce Configure Outgoing Mail Enable Contact Administrators Form from General Configurations Create...

0.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2016/10/25 7:44 a.m.29 views

XSRF Security Token Missing when clicking on Contact an administrator

h3. Summary Clicking on the "Contact an administrator to perform this action." results in XSRF Security Token Missing. Tested with : Chrome Version 54.0.2840.59 64-bit Firefox 49.0 h3. Steps to Reproduce Configure Outgoing Mail Enable Contact Administrators Form from General Configurations Create...

0.2AI score
Exploits0Affected Software1
Rows per page
Query Builder