44 matches found
EUVD-2025-204305
An authentication bypass vulnerability exists in AnythingLLM v1.8.5 in via the /api/workspaces endpoint. The endpoint fails to implement proper authentication checks, allowing unauthenticated remote attackers to enumerate and retrieve detailed information about all configured workspaces. Exposed...
CVE-2025-63390
An authentication bypass vulnerability exists in AnythingLLM v1.8.5 in via the /api/workspaces endpoint. The endpoint fails to implement proper authentication checks, allowing unauthenticated remote attackers to enumerate and retrieve detailed information about all configured workspaces. Exposed...
PT-2025-52256
Name of the Vulnerable Software and Affected Versions AnythingLLM version 1.8.5 Description An authentication bypass allows unauthenticated remote attackers to enumerate and retrieve detailed information about all configured workspaces. The issue is due to missing authentication checks in the...
CVE-2025-63390
An authentication bypass vulnerability exists in AnythingLLM v1.8.5 in via the /api/workspaces endpoint. The endpoint fails to implement proper authentication checks, allowing unauthenticated remote attackers to enumerate and retrieve detailed information about all configured workspaces. Exposed...
EUVD-2022-47941
Malicious code in bioql PyPI...
EUVD-2022-47940
Malicious code in bioql PyPI...
EUVD-2022-47939
Malicious code in bioql PyPI...
CVE-2022-45016
A cross-site scripting XSS vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Footer field...
CVE-2022-45015
A cross-site scripting XSS vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results Footer field...
Scan Search settings
This plugin configures miscellaneous search variables for Nessus plugins. It does not perform any security checks but may disable or change the behavior of others. TRUSTED...
CVE-2022-45036
A cross-site scripting XSS vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results field...
CVE-2022-45036
A cross-site scripting XSS vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results field...
Cross site scripting
A cross-site scripting XSS vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results field...
WBCE CMS 跨站脚本漏洞
WBCE CMS is an open source content management system CMS based on PHP and MySQL. A security vulnerability exists in WBCE CMS v1.5.4, which stems from a cross-site scripting XSS vulnerability in the Search Settings module. The vulnerability can be exploited by an attacker to execute arbitrary web...
CVE-2022-45036
A cross-site scripting XSS vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results field...
WBCE CMS Results Footer Field Cross-Site Scripting Vulnerability
WBCE CMS is an open source content management system CMS based on PHP and MySQL. WBCE CMS v1.5.4 and its previous versions exist cross-site scripting vulnerability, the vulnerability stems from the Search Settings module in the Results Footer field of the user-supplied data lack of effective...
WBCE CMS Results Header Field Cross-Site Scripting Vulnerability
WBCE CMS is an open source content management system CMS based on PHP and MySQL. WBCE CMS v1.5.4 and its previous versions exist cross-site scripting vulnerability, the vulnerability stems from the Search Settings module in the Results Header field of the user-supplied data lack of effective...
WBCE CMS Cross-Site Scripting Vulnerability (CNVD-2022-86446)
WBCE CMS is an open source content management system CMS based on PHP and MySQL. A cross-site scripting vulnerability exists in WBCE CMS 1.5.4 and previous versions, which stems from the lack of effective filtering and escaping of user-supplied data in the Footer field of the Search Settings...
CVE-2022-45015
A cross-site scripting XSS vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results Footer field...
CVE-2022-45016
A cross-site scripting XSS vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Footer field...