Lucene search
+L

317 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-29647

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.02743EPSS
Exploits2References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-50653

Malicious code in bioql PyPI...

7.8CVSS7.6AI score0.00253EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2025-19763

Malicious code in bioql PyPI...

6.8CVSS6.5AI score0.00233EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/09/26 12:52 a.m.17 views

CVE-2025-29157

An issue in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via accessing a non-existent endpoint/cart, the server returns a 404-error page exposing sensitive information including the Servlet name default and server version...

6.5CVSS7.8AI score0.00495EPSS
Exploits1References1
OSV
OSV
added 2025/09/25 7:15 p.m.5 views

CVE-2025-29157

An issue in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via accessing a non-existent endpoint/cart, the server returns a 404-error page exposing sensitive information including the Servlet name default and server version...

6.5CVSS6.1AI score0.00495EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/09/25 12:0 a.m.3 views

CVE-2025-29157

An issue in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via accessing a non-existent endpoint/cart, the server returns a 404-error page exposing sensitive information including the Servlet name default and server version...

7.4AI score0.00495EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/09/25 12:0 a.m.19 views

PT-2025-39440

Name of the Vulnerable Software and Affected Versions petstore version 1.0.7 Description An issue allows a remote attacker to execute arbitrary code by accessing a non-existent endpoint /cart. The server responds with a 404-error page that reveals sensitive information, including the Servlet name...

6.5CVSS7.4AI score0.00495EPSS
Exploits1References8
CVE
CVE
added 2025/09/25 12:0 a.m.23 views

CVE-2025-29157

CVE-2025-29157 concerns the Swagger Petstore sample (version 1.0.7). The issue occurs when an attacker accesses a non-existent endpoint like /cart, causing the server to return a 404 error page that reveals sensitive information, including the servlet name (default) and server version. The descri...

6.5CVSS7.4AI score0.00495EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2025/09/25 12:0 a.m.15 views

CVE-2025-29157

An issue in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via accessing a non-existent endpoint/cart, the server returns a 404-error page exposing sensitive information including the Servlet name default and server version...

0.00495EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/09/19 12:0 a.m.13 views

CVE-2025-56869

Directory traversal vulnerability in Sync In server thru 1.1.1 allowing authenticated attackers to gain read and write access to the system via FilesManager.saveMultipart function in backend/src/applications/files/services/files-manager.service.ts, and FilesManager.compress function in...

0.00691EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/09/18 8:29 p.m.8 views

CVE-2025-34183

Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains a vulnerability in its server-side logging mechanism that allows unauthenticated remote attackers to retrieve plaintext credentials from exposed .log files. This flaw enables full authentication bypass and system compromise through credential...

9.3CVSS7.3AI score0.00655EPSS
Exploits2References1
Cvelist
Cvelist
added 2025/09/18 3:15 p.m.16 views

CVE-2025-36146 IBM watsonx.data information disclosure

IBM Lakehouse watsonx.data 2.2 could allow an authenticated user to obtain sensitive server component version information which could aid in further attacks against the system...

4.3CVSS0.00214EPSS
Exploits0References1
CVE
CVE
added 2025/09/18 3:15 p.m.23 views

CVE-2025-36146

IBM Lakehouse (watsonx.data 2.2) contains an information disclosure vulnerability where an authenticated user could obtain sensitive server component version information from stack traces. The issue stems from CWE-209 and is documented in IBM’s Security Bulletin (CVE-2025-36146). Impact is limite...

4.3CVSS5.8AI score0.00214EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/09/17 5:3 p.m.5 views

GO-2025-3960 Mattermost Open Redirect vulnerability in github.com/mattermost/mattermost-server

Mattermost Open Redirect vulnerability in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners,...

6.1CVSS6.8AI score0.00161EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2025/09/16 7:45 p.m.5 views

CVE-2025-34186

Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a vulnerability in its authentication mechanism. Unsanitized input is passed to a system call for authentication, allowing attackers to inject special characters and manipulate command parsing. Because the binary interprets non-zero exit...

9.8CVSS5.8AI score0.00822EPSS
Exploits2References4
CVE
CVE
added 2025/09/16 7:39 p.m.26 views

CVE-2025-34183

Ilevia EVE X1 Server (≤ 4.7.18.0.eden) contains a server-side logging flaw that allows unauthenticated remote attackers to read plaintext credentials from exposed .log files, enabling full authentication bypass and potential system compromise via credential reuse. Additional risk factors in the r...

9.3CVSS6.9AI score0.00655EPSS
Exploits2References4Affected Software1
OSV
OSV
added 2025/08/29 2:52 p.m.4 views

GO-2025-3901 Mattermost Fails to Validate File Paths in github.com/mattermost/mattermost-server

Mattermost Fails to Validate File Paths in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners,...

6.8CVSS6.9AI score0.00461EPSS
Exploits0References3
OSV
OSV
added 2025/08/29 2:52 p.m.5 views

GO-2025-3911 Mattermost has Potential Server Crash due to Unvalidated Import Data in github.com/mattermost/mattermost-server

Mattermost has Potential Server Crash due to Unvalidated Import Data in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports...

4.9CVSS6.9AI score0.00299EPSS
Exploits0References3
NVD
NVD
added 2025/08/22 6:15 p.m.26 views

CVE-2025-52085

An SQL injection vulnerability in Yoosee application v6.32.4 allows authenticated users to inject arbitrary SQL queries via a request to a backend API endpoint. Successful exploitation enables extraction of sensitive database information, including but not limited to, the database server banner a...

8.8CVSS0.00471EPSS
Exploits1References2
NVD
NVD
added 2025/08/20 4:15 p.m.13 views

CVE-2011-10020

Kaillera Server version 0.86 is vulnerable to a denial-of-service condition triggered by sending a malformed UDP packet after the initial handshake. Once a client sends a valid HELLO0.83 packet and receives a response, any subsequent malformed packet causes the server to crash and become...

8.7CVSS0.0085EPSS
Exploits0References4
Rows per page
Query Builder