Lucene search
K

20 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/02 6:16 a.m.6 views

CVE-2025-15597

A vulnerability has been found in Dataease SQLBot up to 1.4.0. This affects an unknown function of the file backend/apps/system/api/assistant.py of the component API Endpoint. Such manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been...

6.5CVSS6.1AI score0.0055EPSS
Exploits1References16Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/26 4:15 a.m.6 views

CVE-2026-27641

Flask-Reuploaded provides file uploads for Flask. A critical path traversal and extension bypass vulnerability in versions prior to 1.5.0 allows remote attackers to achieve arbitrary file write and remote code execution through Server-Side Template Injection SSTI. Flask-Reuploaded has been patche...

9.8CVSS6.5AI score0.01046EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/02/25 3:54 a.m.4 views

CVE-2026-27641

Flask-Reuploaded provides file uploads for Flask. A critical path traversal and extension bypass vulnerability in versions prior to 1.5.0 allows remote attackers to achieve arbitrary file write and remote code execution through Server-Side Template Injection SSTI. Flask-Reuploaded has been patche...

9.8CVSS6.5AI score0.01046EPSS
Exploits1References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/23 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-24117

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rekor is a software supply chain transparency log. In versions 1.4.3 and below, attackers can trigger SSRF to arbitrary internal services because...

5.3CVSS7.3AI score0.00332EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-25621

Malicious code in bioql PyPI...

5.4CVSS6.3AI score0.01084EPSS
Exploits0References3
OSV
OSV
added 2025/08/22 7:15 p.m.1 views

DEBIAN-CVE-2025-54813

Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using JSONLayout, not all payload bytes are properly escaped. If an attacker-supplied message contains certain non-printable characters, these will be passed along in the message and written out as part of the JSON...

7.5CVSS5.3AI score0.01211EPSS
Exploits0References1
NVD
NVD
added 2025/08/22 7:15 p.m.4 views

CVE-2025-54812

Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using HTMLLayout, logger names are not properly escaped when writing out to the HTML file. If untrusted data is used to retrieve the name of a logger, an attacker could theoretically inject HTML or Javascript in order t...

5.4CVSS0.01084EPSS
Exploits0References5
OSV
OSV
added 2025/08/22 7:15 p.m.1 views

DEBIAN-CVE-2025-54812

Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using HTMLLayout, logger names are not properly escaped when writing out to the HTML file. If untrusted data is used to retrieve the name of a logger, an attacker could theoretically inject HTML or Javascript in order t...

5.4CVSS5.2AI score0.01084EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/22 6:46 p.m.7 views

CVE-2025-54812 Apache Log4cxx: Improper HTML escaping in HTMLLayout

Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using HTMLLayout, logger names are not properly escaped when writing out to the HTML file. If untrusted data is used to retrieve the name of a logger, an attacker could theoretically inject HTML or Javascript in order t...

2.1CVSS0.01084EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/08/22 6:45 p.m.8 views

CVE-2025-54813 Apache Log4cxx: Improper escaping with JSONLayout

Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using JSONLayout, not all payload bytes are properly escaped. If an attacker-supplied message contains certain non-printable characters, these will be passed along in the message and written out as part of the JSON...

6.3CVSS0.01211EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/07/10 12:0 a.m.3 views

PT-2025-32576 · WordPress · Mattermost Confluence Plugin

Name of the Vulnerable Software and Affected Versions: Mattermost Confluence Plugin versions prior to 1.5.0 Description: The Mattermost Confluence Plugin is susceptible to a denial-of-service issue. Attackers can crash the plugin by repeatedly sending invalid request bodies to the update channel...

7.8CVSS7.2AI score0.00335EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2025/07/10 12:0 a.m.2 views

PT-2025-32583 · Mattermost · Mattermost Confluence Plugin

Name of the Vulnerable Software and Affected Versions: Mattermost Confluence Plugin versions prior to 1.5.0 Description: The Mattermost Confluence Plugin does not properly handle unexpected request bodies. This allows attackers to crash the plugin by repeatedly sending requests with invalid bodie...

7.8CVSS7.2AI score0.00335EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2025/07/10 12:0 a.m.4 views

PT-2025-32577 · Mattermost · Mattermost Confluence Plugin

Name of the Vulnerable Software and Affected Versions: Mattermost Confluence Plugin versions prior to 1.5.0 Description: The Mattermost Confluence Plugin does not properly handle unexpected request bodies. Attackers can exploit this to crash the plugin by repeatedly sending invalid requests to th...

5.9CVSS7.2AI score0.00283EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2025/07/10 12:0 a.m.6 views

PT-2025-32584 · Mattermost · Mattermost Confluence Plugin

Name of the Vulnerable Software and Affected Versions: Mattermost Confluence Plugin versions prior to 1.5.0 Description: The Mattermost Confluence Plugin does not verify user access to a channel, allowing attackers to create channel subscriptions without proper authorization via an API call to th...

4CVSS7.1AI score0.00197EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2025/07/10 12:0 a.m.5 views

PT-2025-32582 · Mattermost · Mattermost Confluence Plugin

Name of the Vulnerable Software and Affected Versions: Mattermost Confluence Plugin versions prior to 1.5.0 Description: The Mattermost Confluence Plugin does not enforce authentication for users accessing the Mattermost instance. This allows unauthenticated attackers to modify channel...

7.2CVSS7.5AI score0.00239EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2025/07/10 12:0 a.m.7 views

PT-2025-32579 · Mattermost · Mattermost Confluence Plugin

Name of the Vulnerable Software and Affected Versions: Mattermost Confluence Plugin versions prior to 1.5.0 Description: The Mattermost Confluence Plugin does not verify user access to a channel, enabling attackers to create channel subscriptions without authorization through an API call to the...

4CVSS7.1AI score0.00196EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.5 views

PT-2025-34481

Name of the Vulnerable Software and Affected Versions: Apache Log4cxx versions prior to 1.5.0 Description: Apache Log4cxx contains an Improper Output Neutralization for Logs issue. When using HTMLLayout, logger names are not properly escaped when writing to an HTML file. If untrusted data is used...

7.5CVSS5.3AI score0.01211EPSS
Exploits0References20
Positive Technologies
Positive Technologies
added 2024/07/13 12:0 a.m.9 views

PT-2024-4766 · Apache · Apache Linkis

Name of the Vulnerable Software and Affected Versions: Apache Linkis version 1.4.0 Description: The issue is related to the lack of effective filtering of parameters in the DataSource Manager Module of Apache Linkis, allowing an attacker to configure malicious Mysql JDBC parameters and trigger...

7.1CVSS7.1AI score0.00728EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2023/07/10 12:0 a.m.5 views

PT-2023-25264 · Unknown · Easyappointments

Name of the Vulnerable Software and Affected Versions: easyappointments versions prior to 1.5.0 Description: The issue is related to an Open Redirect in the GitHub repository alextselegidis/easyappointments. Recommendations: For versions prior to 1.5.0, update to version 1.5.0 or later to resolve...

6.3CVSS6.8AI score0.00434EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/03/29 12:0 a.m.4 views

PT-2022-18837 · Jenkins · Jenkins Rocketchat Notifier Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins RocketChat Notifier Plugin versions 1.4.10 and earlier Description: A missing permission check in the Jenkins RocketChat Notifier Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using...

4.3CVSS4.4AI score0.00714EPSS
Exploits0References9
Rows per page
Query Builder