Lucene search
K

384 matches found

cve
cve
added 2024/12/13 6:0 p.m.63 views

CVE-2024-55890

D‑Tale (Python package for Visualizing Pandas objects) prior to v3.16.1 is vulnerable to remote code execution when hosted publicly. The issue stems from the update-settings endpoint allowing an attacker to modify the enable_custom_filters flag, enabling arbitrary code execution on the server. Th...

6.9CVSS7.3AI score0.01063EPSS
In wildExploits0References3
osv
osv
added 2024/12/09 8:42 p.m.42 views

GHSA-C2PC-G5QF-RFRF league/commonmark's quadratic complexity bugs may lead to a denial of service

Impact Several polynomial time complexity issues in league/commonmark may lead to unbounded resource exhaustion and subsequent denial of service. Malicious users could trigger that inefficient code with carefully crafted Markdown inputs that are specifically designed to ensure the worst-case...

7.5CVSS7.5AI score
Exploits0References11
github
github
added 2024/12/09 8:42 p.m.93 views

league/commonmark's quadratic complexity bugs may lead to a denial of service

Impact Several polynomial time complexity issues in league/commonmark may lead to unbounded resource exhaustion and subsequent denial of service. Malicious users could trigger that inefficient code with carefully crafted Markdown inputs that are specifically designed to ensure the worst-case...

7.5AI score
Exploits0References11Affected Software1
redhatcve
redhatcve
added 2024/11/11 12:30 p.m.14 views

CVE-2024-11079

A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within...

5.5CVSS8.1AI score0.00502EPSS
Exploits0References3
osv
osv
added 2024/11/01 5:15 p.m.7 views

CVE-2024-41744

IBM CICS TX Standard 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...

8.8CVSS5.7AI score0.00193EPSS
Exploits0References1
github
github
added 2024/10/22 5:50 p.m.18 views

Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section

Impact This can be leveraged to gain access to higher-privilege endpoints, e.g. if you get a user with admin privileges to run the code, you can potentially elevate all users and grant them admin privileges or access protected content. Patches Will be patched in 14.3.1 and 15.0.0. Workarounds...

8.7CVSS7AI score0.00326EPSS
Exploits0References3Affected Software2
nvd
nvd
added 2024/10/22 4:15 p.m.36 views

CVE-2024-47819

Umbraco, a free and open source .NET content management system, has a cross-site scripting vulnerability starting in version 14.0.0 and prior to versions 14.3.1 and 15.0.0. This can be leveraged to gain access to higher-privilege endpoints, e.g. if you get a user with admin privileges to run the...

8.7CVSS0.00326EPSS
Exploits0References1
cvelist
cvelist
added 2024/10/22 3:25 p.m.46 views

CVE-2024-47819 Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section

Umbraco, a free and open source .NET content management system, has a cross-site scripting vulnerability starting in version 14.0.0 and prior to versions 14.3.1 and 15.0.0. This can be leveraged to gain access to higher-privilege endpoints, e.g. if you get a user with admin privileges to run the...

4.2CVSS0.00326EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2024/10/22 3:25 p.m.11 views

CVE-2024-47819 Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section

Umbraco, a free and open source .NET content management system, has a cross-site scripting vulnerability starting in version 14.0.0 and prior to versions 14.3.1 and 15.0.0. This can be leveraged to gain access to higher-privilege endpoints, e.g. if you get a user with admin privileges to run the...

4.2CVSS6.7AI score0.00326EPSS
Exploits0References1
cnnvd
cnnvd
added 2024/10/15 12:0 a.m.5 views

IBM Watson Studio Local 跨站请求伪造漏洞

IBM Watson Studio Local is a suite of collaborative data processing solutions from International Business Machines IBM. The product includes features such as data analysis, data visualization, data cleansing and streaming data extraction. A cross-site request forgery vulnerability exists in IBM...

8.8CVSS6.6AI score0.00168EPSS
Exploits0References2
cve
cve
added 2024/09/17 6:37 p.m.79 views

CVE-2024-45537

Apache Druid CVE-2024-45537 describes a vulnerability where an authenticated user can bypass authorization by sending a specially crafted MySQL JDBC connection string that includes properties not on the allow list, enabling access to read data from other databases via JDBC. The issue stems from i...

6.5CVSS6.9AI score0.00626EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2024/09/10 12:0 a.m.8 views

PT-2024-31697

Name of the Vulnerable Software and Affected Versions: D-Tale versions prior to 3.14.1 Description: D-Tale is a visualizer for Pandas data structures. Users hosting D-Tale publicly can be vulnerable to remote code execution, allowing attackers to run malicious code on the server. The issue is...

9.8CVSS6.3AI score0.00741EPSS
Exploits0References14
nvd
nvd
added 2024/08/20 11:15 p.m.33 views

CVE-2024-22281

UNSUPPORTED WHEN ASSIGNED The Apache Helix Front UI component contained a hard-coded secret, allowing an attacker to spoof sessions by generating their own fake cookies. This issue affects Apache Helix Front UI: all versions. As this project is retired, we do not plan to release a version that...

7.5CVSS0.00726EPSS
Exploits0References2
cvelist
cvelist
added 2024/08/20 10:11 p.m.30 views

CVE-2024-22281 Apache Helix Front (UI): Helix front hard-coded secret in the express-session

UNSUPPORTED WHEN ASSIGNED The Apache Helix Front UI component contained a hard-coded secret, allowing an attacker to spoof sessions by generating their own fake cookies. This issue affects Apache Helix Front UI: all versions. As this project is retired, we do not plan to release a version that...

0.00726EPSS
Exploits0References1
nvd
nvd
added 2024/08/05 10:15 a.m.34 views

CVE-2024-36448

UNSUPPORTED WHEN ASSIGNED Server-Side Request Forgery SSRF vulnerability in Apache IoTDB Workbench. This issue affects Apache IoTDB Workbench: from 0.13.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restri...

7.3CVSS0.007EPSS
Exploits0References2
github
github
added 2024/07/29 4:44 p.m.14 views

tgstation-server's DreamMaker environment files outside the deployment directory can be compiled and ran by insufficiently permissioned users

Impact What kind of vulnerability is it? Who is impacted? Low permission users using the "Set .dme Path" privilege could potentially set malicious .dme files existing on the host machine to be compiled and executed. These .dme files could be uploaded via tgstation-server requiring a separate,...

9.9CVSS8.2AI score0.0121EPSS
Exploits0References5Affected Software2
ptsecurity
ptsecurity
added 2024/07/11 12:0 a.m.3 views

PT-2024-36330 · WordPress · Bible Text Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: The Bible Text WordPress plugin versions 0.2 and earlier Description: The issue is related to the lack of validation and escaping of some shortcode attributes in the plugin, which could allow users with the contributor role and above to perfo...

5.4CVSS6AI score0.00312EPSS
Exploits1References8
nvd
nvd
added 2024/06/12 2:15 p.m.34 views

CVE-2024-36263

UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: all versions. As this project is retired, we do not plan to release a version that fixes thi...

8.1CVSS0.00963EPSS
Exploits1References3
vulnrichment
vulnrichment
added 2024/06/12 2:12 p.m.16 views

CVE-2024-36265 Apache Submarine Server Core: authorization bypass

UNSUPPORTED WHEN ASSIGNED Incorrect Authorization vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: from 0.8.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or...

9.5AI score0.00733EPSS
Exploits0References2
nvd
nvd
added 2024/05/23 9:15 a.m.35 views

CVE-2024-32969

vantage6 is an open-source infrastructure for privacy preserving analysis. Collaboration administrators can add extra organizations to their collaboration that can extend their influence. For example, organizations that they include can then create new users for which they know the passwords, and...

2.7CVSS3.5AI score0.00316EPSS
Exploits0References2
Rows per page
Query Builder