Lucene search
K

9 matches found

OSV
OSV
added 2026/01/16 3:49 p.m.4 views

GHSA-M3C4-PRHW-MRX6 Deno has an incomplete fix for command-injection prevention on Windows — case-insensitive extension bypass

Summary A prior patch aimed to block spawning Windows batch/shell files by returning an error when a spawned path’s extension matched .bat or .cmd. That check performs a case-sensitive comparison against lowercase literals and therefore can be bypassed when the extension uses alternate casing for...

8.1CVSS7.1AI score0.00619EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-0362

Malicious code in bioql PyPI...

5.4CVSS5.5AI score0.00741EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/04/09 12:0 a.m.4 views

PT-2025-15979 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 17.1 through 17.8.6 GitLab EE versions 17.9 through 17.9.5 GitLab EE versions 17.10 through 17.10.3 Description: An issue has been discovered in GitLab EE that allows attackers to perform targeted searches with sensitive...

7.5CVSS5.9AI score0.00317EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2025/03/31 12:0 a.m.7 views

PT-2025-13799 · Unknown · Tuleap Enterprise Edition +1

Name of the Vulnerable Software and Affected Versions: Tuleap Community Edition versions prior to 16.5.99.1742812323 Tuleap Enterprise Edition versions prior to 16.5-6 and 16.4-10 Description: The issue allows an attacker to access release notes content or information via the FRS REST endpoints...

5.3CVSS6.2AI score0.0035EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2024/11/18 12:0 a.m.12 views

PT-2024-8746 · Siemens · Tecnomatix Plant Simulation +1

Name of the Vulnerable Software and Affected Versions: Teamcenter Visualization versions prior to V14.2.0.14 Teamcenter Visualization versions prior to V14.3.0.12 Teamcenter Visualization versions prior to V2312.0008 Teamcenter Visualization versions prior to V2406.0005 Tecnomatix Plant Simulatio...

7.8CVSS7.5AI score0.00272EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/05/23 12:0 a.m.8 views

PT-2024-4134 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 13.2.4 through 16.10.5 GitLab versions 16.11 through 16.11.2 GitLab versions 17.0 through 17.0.0 Description: An authorization issue exists where an authenticated attacker could utilize a crafted naming convention to bypass...

4.4CVSS6.7AI score0.00275EPSS
Exploits1References14
Positive Technologies
Positive Technologies
added 2024/04/12 12:0 a.m.6 views

PT-2024-23876 · WordPress · Webtoffee Wordpress Comments Import & Export

Name of the Vulnerable Software and Affected Versions: WebToffee WordPress Comments Import & Export versions 2.3.5 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended action...

4.3CVSS9.3AI score0.00227EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/03/09 12:0 a.m.9 views

PT-2023-14190 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 15.1 through 15.7.7 GitLab EE versions 15.8 through 15.8.3 GitLab EE versions 15.9 through 15.9.1 Description: An issue has been discovered in GitLab EE. If a group with SAML SSO enabled is transferred to a new namespace as...

7.3CVSS6.8AI score0.00744EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2021/08/16 12:0 a.m.11 views

PT-2021-6615 · Node.Js +6 · Node.Js +6

Name of the Vulnerable Software and Affected Versions: Node.js versions prior to 16.6.0 Node.js versions prior to 14.17.4 Node.js versions prior to 12.22.4 Description: The issue is related to the Node.js dns library, which lacks proper input validation of host names returned by Domain Name...

10CVSS7.2AI score0.77766EPSS
Exploits29References240
Rows per page
Query Builder