Lucene search
K

8 matches found

Positive Technologies
Positive Technologies
added 2026/01/02 12:0 a.m.6 views

PT-2026-1101

Name of the Vulnerable Software and Affected Versions Plane versions prior to 1.2.0 Description Plane is an open-source project management tool. A guest user, lacking the necessary permissions, could access the /api/workspaces/:slug/members/ endpoint and list users within a workspace they have...

4.3CVSS6.6AI score0.00162EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/04 12:0 a.m.5 views

PT-2025-45045

Name of the Vulnerable Software and Affected Versions Galette versions 1.1.5.2 and below Description Galette is a membership management web application for non profit organizations. Versions 1.1.5.2 and below are susceptible to Cross-site Scripting through the Document Type functionality...

5.3CVSS6.4AI score0.00177EPSS
Exploits0References3
Snyk
Snyk
added 2025/11/01 6:53 a.m.3 views

Exposure of Sensitive Information

Overview zpdatafetch is an A package for fetching data from Zwiftpower and Zwiftracing.app Affected versions of this package are vulnerable to Exposure of Sensitive Information via several improper security practices, including logging of credentials in stdout, a lack of certificated validation,...

7.1CVSS6.9AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/11/30 12:0 a.m.5 views

PT-2024-35899 · Elementor · Codeless Cowidgets – Elementor Addons

Name of the Vulnerable Software and Affected Versions: Codeless Cowidgets – Elementor Addons versions prior to 1.2.0 Description: The issue is related to improper neutralization of input during web page generation, which allows for stored Cross-site Scripting XSS. This enables attackers to inject...

6.5CVSS6.6AI score0.00284EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/01/16 12:0 a.m.5 views

PT-2024-12437 · WordPress · Lana Shortcodes

Name of the Vulnerable Software and Affected Versions: The Lana Shortcodes WordPress plugin versions prior to 1.2.0 Description: The issue allows users with the contributor role and above to perform Stored Cross-Site Scripting attacks due to the plugin not validating and escaping some of its...

5.4CVSS5.9AI score0.00485EPSS
Exploits2References5
Positive Technologies
Positive Technologies
added 2022/06/24 12:0 a.m.4 views

PT-2022-20363 · Pypi · Pyesasky

Name of the Vulnerable Software and Affected Versions: pyesasky versions prior to 1.2.0 Description: The pyesasky for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. Recommendations: For versions prior to 1.2.0, update to version 1.2.0 or later to...

9.8CVSS9.4AI score0.01988EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2021/07/09 12:0 a.m.6 views

PT-2021-21141 · Unknown · Grpc Swift

Name of the Vulnerable Software and Affected Versions: gRPC Swift versions 1.1.0 through 1.1.1 Description: The issue is related to mismanaged state in the GRPCWebToHTTP2ServerCodec.swift file, allowing remote attackers to cause a denial of service by sending malformed requests. Affected gRPC Swi...

7.5CVSS7.2AI score0.02082EPSS
Exploits0References7
Snyk
Snyk
added 2013/06/21 9:0 p.m.3 views

Cross-site Scripting (XSS)

Overview angularjs is a Affected versions of this package are vulnerable to Cross-site Scripting XSS. Concatenating expressions makes it hard to reason about whether some combination of concatenated values are unsafe to use and could easily lead to XSS. By requiring that a single expression be us...

5.4CVSS6AI score
Exploits0References2
Rows per page
Query Builder