CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

127 matches found

Stash < 0.26.0 - SQL Injection

Stash up to v0.25.1 was discovered to contain a SQL injection vulnerability via the sort parameter. id: CVE-2024-32231 info: name: Stash Stash" tags: cve,cve2024,stash,sqli,vuln http: - raw: - | POST /graphql HTTP/1.1 Host: Hostname Content-type: application/json...

6.3CVSS5.8AI score0.02638EPSS

Exploits0References5

OSV•added 2025/12/30 1:16 p.m.•0 views

UBUNTU-CVE-2023-54210

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Avoid use-after-free in dbg for hciremoveadvmonitor KASAN reports that there's a use-after-free in hciremoveadvmonitor. Trawling through the disassembly, you can see that the complaint is from the access in...

5.7AI score0.0002EPSS

Exploits0References6

EUVD•added 2025/10/07 12:30 a.m.•0 views

EUVD-2008-4066

Malware in sbrugna...

7.5CVSS6.4AI score0.02259EPSS

Exploits1References5

EUVD•added 2025/10/07 12:30 a.m.•0 views

EUVD-2008-4570

Malware in sbrugna...

7.5CVSS6.4AI score0.00414EPSS

Exploits1References5

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2015-2090

Malware in sbrugna...

5.6CVSS5.7AI score0.00041EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2008-4065

Malware in sbrugna...

6.8CVSS6.4AI score0.01336EPSS

Exploits0References9

OSV•added 2025/09/22 9:7 a.m.•2 views

SUSE-SU-2025:20721-1 Security update for git

This update for git fixes the following issues: - Update to 2.51.0 - UI, Workflows & Features - Userdiff patterns for the R language have been added. - Documentation for "git send-email" has been updated with a bit more credential helper and OAuth information. - "git cat-file --batch" learns to...

9.8CVSS8.1AI score0.01141EPSS

Exploits11References22

SUSE Linux•added 2025/09/22 8:52 a.m.•3 views

Security update for git

This update for git fixes the following issues: Update to 2.51.0 UI, Workflows & Features Userdiff patterns for the R language have been added. Documentation for "git send-email" has been updated with a bit more credential helper and OAuth information. "git cat-file --batch" learns to understand...

8.6CVSS8.4AI score0.01141EPSS

Exploits11References42

Vulnrichment•added 2025/06/10 11:19 p.m.•19 views

CVE-2024-7457 macOS Stash network-management utility: Unauthorized Manipulation of System Network Preferences

The ws.stash.app.mac.daemon.helper tool contains a vulnerability caused by an incorrect use of macOS’s authorization model. Instead of validating the client's authorization reference, the helper invokes AuthorizationCopyRights using its own privileged context root, effectively authorizing itself...

7.8CVSS7AI score0.00086EPSS

Exploits0References1

Cvelist•added 2025/06/10 11:19 p.m.•22 views

CVE-2024-7457 macOS Stash network-management utility: Unauthorized Manipulation of System Network Preferences

7.8CVSS0.00086EPSS

Exploits0References1

CVE•added 2025/06/10 11:19 p.m.•53 views

CVE-2024-7457

The CVE-2024-7457 entry concerns ws.stash.app.mac.daemon.helper on macOS. Affected component is the ws.stash.app.mac.daemon.helper, which improperly uses macOS AuthorizationCopyRights() with its own privileged context (root) instead of validating the client’s authorization reference. This allows ...

7.8CVSS7.5AI score0.00086EPSS

Exploits0References1

CNNVD•added 2025/06/10 12:0 a.m.•0 views

Stash ws.stash.app.mac.daemon.helper 安全漏洞

Stash ws.stash.app.mac.daemon.helper is a system agent component for macOS by Stash. A security vulnerability exists in Stash ws.stash.app.mac.daemon.helper, which stems from an incorrect use of the macOS authorization model, and could allow an unauthorized client to invoke privileged operations...

7.8CVSS6.5AI score0.00086EPSS

Exploits0References2

RedhatCVE•added 2025/05/23 10:4 a.m.•4 views

CVE-2024-32231

Stash up to v0.25.1 was discovered to contain a SQL injection vulnerability via the sort parameter...

6.3CVSS8.2AI score0.02638EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 11:13 p.m.•3 views

CVE-2022-34198

Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier does not escape the name and description of Stash Branch parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS5.4AI score0.16751EPSS

Exploits0References1

Krebs on Security•added 2024/09/26 2:54 p.m.•16 views

U.S. Indicts 2 Top Russian Hackers, Sanctions Cryptex

The United States today unveiled sanctions and indictments against the alleged proprietor of Joker 's Stash, a now-defunct cybercrime store that peddled tens of millions of payment cards stolen in some of the largest data breaches of the past decade. The government also indicted and sanctioned a...

6.8AI score

Exploits0

Veracode•added 2024/08/19 7:7 a.m.•9 views

SQL Injection

github.com/stashapp/stash is vulnerable to SQL Injection. The vulnerability is caused due to not validating the values provided in the sort parameter while executing SQL query. This can lead to attacker retrieving data from database or can change values in the database tables...

6.3CVSS7.2AI score0.02638EPSS

Exploits0References6Affected Software1

OSV•added 2024/08/15 6:31 p.m.•10 views

GHSA-75JF-52JG-QQH4 SQL injection in github.com/stashapp/stash

Stash up to v0.25.1 was discovered to contain a SQL injection vulnerability via the sort parameter...

9.1CVSS6.5AI score0.02638EPSS

Exploits0References6