Lucene search
+L

10078 matches found

Nuclei
Nuclei
added 18 hours ago17 views

Label Studio < 1.16.0 - Cross-Site Scripting

Label Studio prior to version 1.16.0 contains a cross-site scripting caused by rendering unsanitized user-provided HTML in the /projects/upload-example endpoint, letting attackers execute arbitrary JavaScript via crafted labelconfig in a GET request, exploit requires victims to visit malicious UR...

6.1CVSS5.2AI score0.0185EPSS
Exploits2References2
Nuclei
Nuclei
added 18 hours ago104 views

Label Studio - Sensitive Information Exposure

An attacker can construct a filter chain to filter tasks based on sensitive fields for all user accounts on the platform by exploiting Django's Object Relational Mapper ORM. Since the results of query can be manipulated by the ORM filter, an attacker can leak these sensitive fields character by...

7.5CVSS6.7AI score0.04055EPSS
Exploits3References3
Nuclei
Nuclei
added 18 hours ago147 views

Label Studio - Cross-Site Scripting

Versions prior to 1.9.2 have a cross-site scripting XSS vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website. id: CVE-2023-47115 info: name: Label Studio - Cross-Site Scripting author: isaca...

7.1CVSS5.9AI score0.01448EPSS
Exploits1References5
Nuclei
Nuclei
added 18 hours ago81 views

Joomla! Component Jphone 1.0 Alpha 3 - Local File Inclusion

A directory traversal vulnerability in jphone.php in the JPhone comjphone component 1.0 Alpha 3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-3426 info: name: Joomla! Component Jphone 1.0...

7.5CVSS5.8AI score0.1385EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday348 views

Wavemaker Studio 6.6 - Local File Inclusion/Server-Side Request Forgery

WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value in com/wavemaker/studio/StudioService.java, leading to disclosure of local files and server-side request forgery. id: CVE-2019-8982 info: name: Wavemaker Studio 6.6 - Local File Inclusion/Server-Side Request...

9.6CVSS8.4AI score0.25563EPSS
Exploits1References5
NVD
NVD
added 2 days ago9 views

CVE-2026-12715

Missing Authorization in Google Cloud Firebase Studio versions prior to 2026-04-15 on Google Cloud Platform allows an attacker to download other users' deployed source code and access sensitive data via unauthorized GCS URL signing requests. This vulnerability was patched on 15 April 2026, and no...

8.5CVSS0.00207EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago8 views

EUVD-2026-45187

Missing Authorization in Google Cloud Firebase Studio versions prior to 2026-04-15 on Google Cloud Platform allows an attacker to download other users' deployed source code and access sensitive data via unauthorized GCS URL signing requests. This vulnerability was patched on 15 April 2026, and no...

8.5CVSS5.4AI score0.00207EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago38 views

CVE-2026-12715 Missing Authorization in Firebase Studio allows Cross-Tenant Source Code Theft

Missing Authorization in Google Cloud Firebase Studio versions prior to 2026-04-15 on Google Cloud Platform allows an attacker to download other users' deployed source code and access sensitive data via unauthorized GCS URL signing requests. This vulnerability was patched on 15 April 2026, and no...

8.5CVSS0.00207EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2 days ago9 views

CVE-2026-12715 Missing Authorization in Firebase Studio allows Cross-Tenant Source Code Theft

Missing Authorization in Google Cloud Firebase Studio versions prior to 2026-04-15 on Google Cloud Platform allows an attacker to download other users' deployed source code and access sensitive data via unauthorized GCS URL signing requests. This vulnerability was patched on 15 April 2026, and no...

8.5CVSS5.5AI score0.00207EPSS
Exploits0References1
CVE
CVE
added 2 days ago13 views

CVE-2026-12715

CVE-2026-12715 describes a missing authorization flaw in Google Cloud Firebase Studio for versions prior to 2026-04-15, enabling an attacker to download other users’ deployed source code and access sensitive data via unauthorized Google Cloud Storage URL signing requests. The issue has a high imp...

8.5CVSS5.5AI score0.00207EPSS
Exploits0References1
Nuclei
Nuclei
added 2 days ago31 views

SawtoothSoftware Lighthouse Studio < 9.16.14 - Pre-Auth Remote Code Execution

A pre-authentication remote code execution vulnerability exists in Sawtooth Software’s Lighthouse Studio versions prior to 9.16.14. The issue arises from the unsafe use of the eval function within the Perl CGI component ciwweb.pl, where attacker-supplied input inside hidRandomACARAT is directly...

10CVSS9.7AI score0.4942EPSS
Exploits4References3
Positive Technologies
Positive Technologies
added 2 days ago12 views

PT-2026-60778

Missing Authorization in Google Cloud Firebase Studio versions prior to 2026-04-15 on Google Cloud Platform allows an attacker to download other users' deployed source code and access sensitive data via unauthorized GCS URL signing requests. This vulnerability was patched on 15 April 2026, and no...

8.5CVSS5.4AI score0.00207EPSS
Exploits0References2
NVD
NVD
added 4 days ago10 views

CVE-2026-40501

Cherry Studio versions 1.2.2 through 1.9.12, fixed in commit 1518530, contain a remote code execution vulnerability in SearchService that allows remote attackers to execute arbitrary code by delivering malicious JavaScript through controlled search provider content loaded into an Electron...

8.8CVSS0.00438EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-44747

Cherry Studio versions 1.2.2 through 1.9.12, fixed in commit 1518530, contain a remote code execution vulnerability in SearchService that allows remote attackers to execute arbitrary code by delivering malicious JavaScript through controlled search provider content loaded into an Electron...

8.8CVSS6.7AI score0.00438EPSS
Exploits0References3
CVE
CVE
added 4 days ago8 views

CVE-2026-40501

Cherry Studio versions 1.2.2–1.9.12 contain a remote code execution vulnerability in the SearchService due to a nodeIntegration misconfiguration. When an Electron BrowserWindow is created with nodeIntegration enabled and contextIsolation disabled, control over search provider content (provided by...

8.8CVSS6.7AI score0.00438EPSS
Exploits0References3
OSV
OSV
added 4 days ago4 views

CVE-2026-40501 Cherry Studio RCE via SearchService nodeIntegration Misconfiguration

Cherry Studio versions 1.2.2 through 1.9.12, fixed in commit 1518530, contain a remote code execution vulnerability in SearchService that allows remote attackers to execute arbitrary code by delivering malicious JavaScript through controlled search provider content loaded into an Electron...

8.6CVSS6.7AI score0.00438EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 4 days ago6 views

Vulnerability of .NET and Microsoft Visual Studio software platforms, related to deserialization mechanism flaws, allows attackers to execute arbitrary code.

The vulnerability of .NET and Microsoft Visual Studio software platforms is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

7.8CVSS6.3AI score0.00939EPSS
Exploits0References2Affected Software3
NVD
NVD
added 5 days ago4 views

CVE-2026-47305

Protection mechanism failure in Visual Studio allows an unauthorized attacker to execute code locally...

7.8CVSS0.00335EPSS
Exploits0References1
CVE
CVE
added 5 days ago12 views

CVE-2026-47305

Technical details such as affected products, component versions, root cause, and mitigation are not publicly available in the provided documents. Monitor for updates from MSRC and NCSC advisories.

7.8CVSS6.1AI score0.00335EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 5 days ago48 views

CVE-2026-47305 Visual Studio Remote Code Execution Vulnerability

...

7.8CVSS0.00335EPSS
Exploits0References1
Rows per page
Query Builder