Lucene search
+L

385 matches found

vulnrichment
vulnrichment
added 2025/03/22 12:23 p.m.14 views

CVE-2025-26796 Apache Oozie: XSS in Oozie Web Console

UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Oozie. This issue affects Apache Oozie: all versions. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended t...

7.1AI score0.00466EPSS
Exploits0References1
osv
osv
added 2025/03/17 10:15 p.m.8 views

AZL-58844 CVE-2024-40635 affecting package moby-containerd for versions less than 1.6.26-11

containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a UID:GID larger than the maximum 32-bit signed integer can cause an overflow condition where the container ultimately runs as roo...

7.8CVSS6.6AI score0.00275EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/03/13 8:33 a.m.12 views

CVE-2025-27407

A flaw was found in graphql-ruby. In affected versions of graphq-ruby, loading a malicious schema definition in the GraphQL::Schema.fromintrospection or the GraphQL::Schema::Loader.load can cause remote code execution. Any system that loads a schema by JSON from an untrusted source is vulnerable,...

8.5CVSS7.2AI score0.02865EPSS
Exploits2References12
vulnrichment
vulnrichment
added 2025/03/12 6:30 p.m.10 views

CVE-2025-0115 PAN-OS: Authenticated Admin File Read Vulnerability in PAN-OS CLI

A vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated admin on the PAN-OS CLI to read arbitrary files. The attacker must have network access to the management interface web, SSH, console, or telnet and successfully authenticate to exploit this issue. You can greatly...

6.8CVSS6.5AI score0.00176EPSS
Exploits0References1
osv
osv
added 2025/02/06 12:15 a.m.3 views

CVE-2024-49795

IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...

4.3CVSS6.3AI score0.00142EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/02/05 11:12 a.m.10 views

CVE-2024-21642

D-Tale is a visualizer for Pandas data structures. Users hosting versions D-Tale prior to 3.9.0 publicly can be vulnerable to server-side request forgery SSRF, allowing attackers to access files on the server. Users should upgrade to version 3.9.0, where the Load From the Web input is turned off ...

7.5CVSS6.7AI score0.00711EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/02/04 12:0 a.m.4 views

IBM Security Verify Access 跨站请求伪造漏洞

IBM Security Verify Access ISAM is a service from International Business Machines IBM that improves user access security. The service enables secure and simple access to platforms such as web, mobile, IoT and cloud technologies through the use of risk-based access, single sign-on, integrated acce...

6.5CVSS6.6AI score0.002EPSS
Exploits0References1
osv
osv
added 2025/01/31 4:15 p.m.3 views

CVE-2023-38739

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...

8.8CVSS5.7AI score0.00162EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/01/31 12:0 a.m.4 views

IBM Sterling B2B Integrator 跨站请求伪造漏洞

IBM Sterling B2B Integrator is a suite of software from International Business Machines IBM that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. IBM Sterling B2B Integrator suffe...

8.8CVSS6.6AI score0.00162EPSS
Exploits0References1
cve
cve
added 2025/01/14 6:59 p.m.100 views

CVE-2024-49375

CVE-2024-49375 affects Rasa (Open Source and Pro). Remote Code Execution is possible when a malicious model is loaded into a Rasa instance via the HTTP API, with API enabled (--enable-api) and depending on authentication configuration. Unauthenticated RCE requires no auth and is more severe; auth...

9CVSS9.3AI score0.00895EPSS
Exploits0References1
osv
osv
added 2024/12/23 8:38 p.m.12 views

GHSA-9PP6-WQ8C-3W2C Gogs allows argument injection during the previewing of changes

Impact Unprivileged user accounts can write to arbitrary files on the filesystem. We could demonstrate its exploitation to force a re-installation of the instance, granting administrator rights. It allows accessing and altering any user's code hosted on the same instance. Patches Unintended Git...

9.9CVSS9.5AI score0.1718EPSS
Exploits1References4
github
github
added 2024/12/23 8:38 p.m.15 views

Gogs allows argument injection during the previewing of changes

Impact Unprivileged user accounts can write to arbitrary files on the filesystem. We could demonstrate its exploitation to force a re-installation of the instance, granting administrator rights. It allows accessing and altering any user's code hosted on the same instance. Patches Unintended Git...

9.9CVSS7AI score0.1718EPSS
Exploits1References4Affected Software1
osv
osv
added 2024/12/23 8:38 p.m.15 views

GHSA-CCQV-43VM-4F3W Gogs allows deletion of internal files

Impact Unprivileged user accounts can execute arbitrary commands on the Gogs instance with the privileges of the account specified by RUNUSER in the configuration. It allows attackers to access and alter any users' code hosted on the same instance. Patches Deletion of .git files has been prohibit...

9.9CVSS9.8AI score0.50697EPSS
Exploits0References4
osv
osv
added 2024/12/23 5:53 p.m.21 views

GHSA-R7J8-5H9C-F6FX Remote Command Execution in file editing in gogs

Impact The malicious user is able to commit and edit a crafted symlink file to a repository to gain SSH access to the server. Patches Editing symlink while changing the file name has been prohibited via the repository web editor https://github.com/gogs/gogs/pull/7857. Users should upgrade to 0.13...

9.8CVSS9.6AI score0.00837EPSS
Exploits1References6
github
github
added 2024/12/23 5:53 p.m.19 views

Remote Command Execution in file editing in gogs

Impact The malicious user is able to commit and edit a crafted symlink file to a repository to gain SSH access to the server. Patches Editing symlink while changing the file name has been prohibited via the repository web editor https://github.com/gogs/gogs/pull/7857. Users should upgrade to 0.13...

9.8CVSS9.6AI score0.00837EPSS
Exploits1References6Affected Software1
github
github
added 2024/12/13 8:36 p.m.18 views

D-Tale allows Remote Code Execution through the Custom Filter Input

Impact Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Patches Users should upgrade to version 3.16.1 where the update-settings endpoint blocks the ability for users to update the enablecustomfilters flag. You can fi...

6.9CVSS7.6AI score0.01063EPSS
Exploits0References5Affected Software1
nvd
nvd
added 2024/12/13 6:15 p.m.16 views

CVE-2024-55890

D-Tale is a visualizer for pandas data structures. Prior to version 3.16.1, users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Users should upgrade to version 3.16.1 where the update-settings endpoint blocks the ability...

6.9CVSS0.01063EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2024/12/13 6:0 p.m.19 views

CVE-2024-55890 D-Tale allows Remote Code Execution through the Custom Filter Input

D-Tale is a visualizer for pandas data structures. Prior to version 3.16.1, users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Users should upgrade to version 3.16.1 where the update-settings endpoint blocks the ability...

6.9CVSS7.7AI score0.01063EPSS
Exploits0References3
cve
cve
added 2024/12/13 6:0 p.m.63 views

CVE-2024-55890

D‑Tale (Python package for Visualizing Pandas objects) prior to v3.16.1 is vulnerable to remote code execution when hosted publicly. The issue stems from the update-settings endpoint allowing an attacker to modify the enable_custom_filters flag, enabling arbitrary code execution on the server. Th...

6.9CVSS7.3AI score0.01063EPSS
In wildExploits0References3
osv
osv
added 2024/12/13 6:0 p.m.13 views

CVE-2024-55890 D-Tale allows Remote Code Execution through the Custom Filter Input

D-Tale is a visualizer for pandas data structures. Prior to version 3.16.1, users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Users should upgrade to version 3.16.1 where the update-settings endpoint blocks the ability...

6.9CVSS7.8AI score0.01063EPSS
Exploits0References5
Rows per page
Query Builder