Lucene search
+L

108 matches found

CVE
CVE
added 2025/11/20 3:43 p.m.25 views

CVE-2025-62729

CVE-2025-62729 affects SOPlanning with a Stored XSS in the /status endpoint. An authenticated attacker can inject arbitrary HTML/JS that is rendered for multiple pages. Root cause described in connected Red Hat/ENISA/NVD entries; fixed in version 1.55. CVSS metrics indicate MEDIUM severity (3.1: ...

5.4CVSS5.4AI score0.00147EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/11/20 3:43 p.m.8 views

CVE-2025-62729 Stored XSS in SOPlanning

SOPlanning is vulnerable to Stored XSS in /status endpoint. Malicious attacker with an account can inject arbitrary HTML and JS into website, which will be rendered/executed when opening multiple pages. This issue was fixed in version 1.55...

5.1CVSS0.00147EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/20 3:43 p.m.1 views

CVE-2025-62293 Broken Access Control in SOPlanning

SOPlanning is vulnerable to Broken Access Control in /status endpoint. Due to lack of permission checks in Project Status functionality an authenticated attacker is able to add, edit and delete any status. This issue was fixed in version 1.55...

5.3CVSS6.4AI score0.00152EPSS
Exploits0References2
CVE
CVE
added 2025/11/20 3:43 p.m.20 views

CVE-2025-62293

SOPlanning is affected by Broken Access Control in the /status endpoint due to missing permission checks in Project Status functionality. An authenticated attacker can add, edit, or delete statuses. A fix is available in version 1.55. The CVE-entry is supported by Red Hat and EU vulnerability ref...

5.4CVSS6AI score0.00152EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2025/11/20 3:43 p.m.5 views

EUVD-2025-198311

SOPlanning is vulnerable to Broken Access Control in /status endpoint. Due to lack of permission checks in Project Status functionality an authenticated attacker is able to add, edit and delete any status. This issue was fixed in version 1.55...

5.3CVSS6.2AI score0.00152EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/20 3:43 p.m.11 views

CVE-2025-62293 Broken Access Control in SOPlanning

SOPlanning is vulnerable to Broken Access Control in /status endpoint. Due to lack of permission checks in Project Status functionality an authenticated attacker is able to add, edit and delete any status. This issue was fixed in version 1.55...

5.3CVSS0.00152EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/20 12:0 a.m.6 views

PT-2025-47598

Name of the Vulnerable Software and Affected Versions SOPlanning versions prior to 1.55 Description SOPlanning is susceptible to a Stored Cross-Site Scripting XSS issue within the /status endpoint. An attacker possessing an account can inject arbitrary HTML and JavaScript code into the website...

5.4CVSS5.4AI score0.00152EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/11/20 12:0 a.m.5 views

SOPlanning 安全漏洞

SOPlanning is a suite of online project management software from SOPlanning, Inc. A security vulnerability exists in SOPlanning versions prior to 1.55, which stems from a lack of permission checking in the /status endpoint that could lead to improper access control...

5.4CVSS6.2AI score0.00152EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/20 12:0 a.m.2 views

PT-2025-47593

Name of the Vulnerable Software and Affected Versions SOPlanning versions prior to 1.55 Description SOPlanning is susceptible to a Broken Access Control issue in the /status endpoint. Insufficient permission checks within the Project Status functionality allow an authenticated attacker to modify...

5.4CVSS6.4AI score0.00152EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/11/20 12:0 a.m.7 views

SOPlanning 跨站脚本漏洞

SOPlanning is a suite of online project management software from SOPlanning, Inc. A cross-site scripting vulnerability exists in SOPlanning versions prior to 1.55, which stems from the /status endpoint that does not properly clean inputs, and could lead to stored cross-site scripting...

5.4CVSS5.5AI score0.00152EPSS
Exploits0References2
Veracode
Veracode
added 2025/10/10 10:21 a.m.6 views

Sensitive Information Disclosure

github.com/runatlantis/atlantis is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the /status endpoint publicly exposing detailed version information, which allows an attacker to identify specific software versions and exploit known vulnerabilities to compromise the...

7.5CVSS6.6AI score0.00426EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-27088

Malicious code in bioql PyPI...

7.5CVSS6.2AI score0.00426EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2025/09/19 11:22 p.m.3 views

SUSE CVE-2025-58445

Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. All versions of Atlantis publicly expose detailed version information through its /status endpoint. This information disclosure could allow attackers to identify and target known...

7.5CVSS6.4AI score0.00426EPSS
Exploits1References2
OSV
OSV
added 2025/09/17 5:3 p.m.3 views

GO-2025-3940 Atlantis Exposes Service Version Publicly on /status API Endpoint in github.com/runatlantis/atlantis

Atlantis Exposes Service Version Publicly on /status API Endpoint in github.com/runatlantis/atlantis...

7.5CVSS7AI score0.00426EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/09/08 8:42 p.m.8 views

CVE-2025-58445

Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. All versions of Atlantis publicly expose detailed version information through its /status endpoint. This information disclosure could allow attackers to identify and target known...

7.5CVSS6.5AI score0.00426EPSS
Exploits1References1
NVD
NVD
added 2025/09/06 8:15 p.m.5 views

CVE-2025-58445

Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. All versions of Atlantis publicly expose detailed version information through its /status endpoint. This information disclosure could allow attackers to identify and target known...

7.5CVSS0.00426EPSS
Exploits1References1
CVE
CVE
added 2025/09/06 7:47 p.m.32 views

CVE-2025-58445

CVE-2025-58445 concerns the Atlantis self-hosted Go application. The connected document GO-2025-3940 describes Atlantis exposing the service version publicly via the "/status" API endpoint in github.com/runatlantis/atlantis. The Initial document states that this information disclosure could allow...

7.5CVSS5.9AI score0.00426EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/09/06 7:47 p.m.4 views

CVE-2025-58445 Atlantis Exposes Service Version Publicly on /status API Endpoint

Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. All versions of Atlantis publicly expose detailed version information through its /status endpoint. This information disclosure could allow attackers to identify and target known...

6.9CVSS5.9AI score0.00426EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/09/06 7:47 p.m.32 views

CVE-2025-58445 Atlantis Exposes Service Version Publicly on /status API Endpoint

Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. All versions of Atlantis publicly expose detailed version information through its /status endpoint. This information disclosure could allow attackers to identify and target known...

6.9CVSS0.00426EPSS
Exploits1References1
OSV
OSV
added 2025/09/06 7:47 p.m.4 views

CVE-2025-58445 Atlantis Exposes Service Version Publicly on /status API Endpoint

Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. All versions of Atlantis publicly expose detailed version information through its /status endpoint. This information disclosure could allow attackers to identify and target known...

6.9CVSS6.1AI score0.00426EPSS
Exploits1References3
Rows per page
Query Builder