Lucene search
+L

637 matches found

Vulnrichment
Vulnrichment
added 2026/04/13 3:56 p.m.3 views

CVE-2025-31991 HCL DevOps Velocity is susceptible to brute-force attacks

Rate Limiting for attempting a user login is not being properly enforced, making HCL DevOps Velocity susceptible to brute-force attacks past the unsuccessful login attempt limit. This vulnerability is fixed in 5.1.7...

6.8CVSS5.8AI score0.00228EPSS
Exploits0References1
CVE
CVE
added 2026/04/13 3:56 p.m.16 views

CVE-2025-31991

CVE-2025-31991 affects HCL DevOps Velocity. The rate-limiting on login attempts is not properly enforced, allowing brute-force attempts beyond the unsuccessful-login threshold. Multiple sources (NVD/ENISA/CVE list) confirm the issue and state that it is fixed in version 5.1.7. The impact is pract...

9.8CVSS5.8AI score0.00228EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.9 views

HCL DevOps Velocity 安全漏洞

HCL DevOps Velocity is a pipeline orchestration and management tool used by HCL Company in India. Versions of HCL DevOps Velocity prior to 5.1.7 contained security vulnerabilities. These vulnerabilities were due to improper implementation of rate-limiting mechanisms for login attempts, which coul...

6.8CVSS5.8AI score0.00228EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.7 views

PT-2026-32380

Name of the Vulnerable Software and Affected Versions HCL DevOps Velocity versions prior to 5.1.7 Description Rate limiting for user login attempts is not properly enforced, making the system susceptible to brute-force attacks that exceed the unsuccessful login attempt limit. Recommendations Upda...

9.8CVSS6.1AI score0.00228EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/11 1:21 a.m.5 views

CVE-2026-33229

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.4.8 and 17.10.1, an improperly protected scripting API allows any user with script right to bypass the sandboxing of the Velocity scripting API and execute, e.g., arbitrary Python...

9.8CVSS6AI score0.0054EPSS
Exploits1References1
NVD
NVD
added 2026/04/08 4:16 p.m.17 views

CVE-2026-33229

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.4.8 and 17.10.1, an improperly protected scripting API allows any user with script right to bypass the sandboxing of the Velocity scripting API and execute, e.g., arbitrary Python...

9.8CVSS0.0054EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/04/08 3:0 p.m.6 views

XWiki vulnerable to remote code execution with script right through unprotected Velocity scripting API

Impact An improperly protected scripting API allows any user with script right to bypass the sandboxing of the Velocity scripting API and execute, e.g., arbitrary Python scripts, allowing full access to the XWiki instance and thereby compromising the confidentiality, integrity and availability of...

9.8CVSS5.9AI score0.0054EPSS
Exploits1References6Affected Software2
EUVD
EUVD
added 2026/04/08 3:0 p.m.4 views

EUVD-2026-20478

XWiki vulnerable to remote code execution with script right through unprotected Velocity scripting API...

8.6CVSS6.5AI score0.0054EPSS
Exploits1References4
OSV
OSV
added 2026/04/08 3:0 p.m.4 views

GHSA-H259-74H5-4RH9 XWiki vulnerable to remote code execution with script right through unprotected Velocity scripting API

Impact An improperly protected scripting API allows any user with script right to bypass the sandboxing of the Velocity scripting API and execute, e.g., arbitrary Python scripts, allowing full access to the XWiki instance and thereby compromising the confidentiality, integrity and availability of...

8.6CVSS5.9AI score0.0054EPSS
Exploits1References6
CVE
CVE
added 2026/04/08 2:53 p.m.23 views

CVE-2026-33229

XWiki Platform is affected by a remote-code-execution vulnerability due to an improperly protected scripting API that lets users with script right bypass the Velocity sandbox and run arbitrary code (e.g., Python scripts). This can grant full access to the XWiki instance, compromising confidential...

9.8CVSS6.1AI score0.0054EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/08 2:53 p.m.7 views

CVE-2026-33229

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.4.8 and 17.10.1, an improperly protected scripting API allows any user with script right to bypass the sandboxing of the Velocity scripting API and execute, e.g., arbitrary Python...

8.6CVSS6.1AI score0.0054EPSS
Exploits1References5Affected Software3
Cvelist
Cvelist
added 2026/04/08 2:53 p.m.21 views

CVE-2026-33229 XWiki Platform affected by remote code execution with script right through unprotected Velocity scripting API

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.4.8 and 17.10.1, an improperly protected scripting API allows any user with script right to bypass the sandboxing of the Velocity scripting API and execute, e.g., arbitrary Python...

8.6CVSS0.0054EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/04/08 2:53 p.m.1 views

CVE-2026-33229 XWiki Platform affected by remote code execution with script right through unprotected Velocity scripting API

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.4.8 and 17.10.1, an improperly protected scripting API allows any user with script right to bypass the sandboxing of the Velocity scripting API and execute, e.g., arbitrary Python...

8.6CVSS6AI score0.0054EPSS
Exploits1References4
OSV
OSV
added 2026/04/08 2:53 p.m.4 views

CVE-2026-33229 XWiki Platform affected by remote code execution with script right through unprotected Velocity scripting API

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.4.8 and 17.10.1, an improperly protected scripting API allows any user with script right to bypass the sandboxing of the Velocity scripting API and execute, e.g., arbitrary Python...

8.6CVSS7.3AI score0.0054EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.11 views

XWiki Platform 安全漏洞

The XWiki Platform is an open-source wiki platform designed for creating web collaboration applications. Versions of the XWiki Platform prior to 17.4.8 and 17.10.1 contained security vulnerabilities. These vulnerabilities stemmed from inadequate protection of the script API, allowing users with...

9.8CVSS6AI score0.0054EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.4 views

PT-2026-31324

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.4.8 and 17.10.1, an improperly protected scripting API allows any user with script right to bypass the sandboxing of the Velocity scripting API and execute, e.g., arbitrary Python...

8.6CVSS6.1AI score0.0054EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/03/31 10:58 p.m.3 views

CVE-2026-28228

OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. Prior to versions 19.1.31, 20.1.18, and 20.2.5, an authenticated user with the Author role can inject Velocity directives into a reminder email template. When the reminder is processed...

8.8CVSS5.9AI score0.00414EPSS
Exploits0References1
NVD
NVD
added 2026/03/30 9:17 p.m.4 views

CVE-2026-28228

OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. Prior to versions 19.1.31, 20.1.18, and 20.2.5, an authenticated user with the Author role can inject Velocity directives into a reminder email template. When the reminder is processed...

8.8CVSS0.00414EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/30 8:31 p.m.24 views

CVE-2026-28228 OpenOLAT: Server-Side Template Injection (SSTI) in Velocity templates allows Remote Code Execution

OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. Prior to versions 19.1.31, 20.1.18, and 20.2.5, an authenticated user with the Author role can inject Velocity directives into a reminder email template. When the reminder is processed...

8.8CVSS0.00414EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/30 8:31 p.m.3 views

EUVD-2026-17201

OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. Prior to versions 19.1.31, 20.1.18, and 20.2.5, an authenticated user with the Author role can inject Velocity directives into a reminder email template. When the reminder is processed...

8.8CVSS5.9AI score0.00414EPSS
Exploits0References1
Rows per page
Query Builder