Lucene search
K

537 matches found

OSV
OSV
added 2025/04/27 8:15 p.m.3 views

DEBIAN-CVE-2025-46688

quickjs-ng through 0.9.0 has an incorrect size calculation in JSReadBigInt for a BigInt, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected...

8.4CVSS6.2AI score0.00271EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/04/19 12:0 a.m.3 views

VSCode-Diana 安全漏洞

VSCode-Diana is a VSCode plugin that provides basic language support for DianaScript by the individual developer Taine Zhao. A security vulnerability exists in VSCode-Diana version 0.0.1, which stems from an injection issue in the Jinja2 template handling component in the file Gen.py...

5.3CVSS5.7AI score0.0019EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/04/17 3:16 p.m.5 views

CVE-2025-39437 WordPress Anthologize plugin <= 0.8.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Boone Gorges Anthologize allows Cross Site Request Forgery. This issue affects Anthologize: from n/a through 0.8.3...

4.3CVSS6.9AI score0.0014EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/16 12:0 a.m.4 views

whoogle-search 安全漏洞

whoogle-search is an application from the personal developer Ben Busby. Self-hosted, ad-free, privacy-respecting meta-search engine. A security vulnerability exists in whoogle-search version v0.9.0, which stems from the /models/config.py component that allows execution of arbitrary code via a...

7.3CVSS7.2AI score0.00465EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/04/09 12:0 a.m.3 views

PT-2025-15748 · Unknown · More Mime Type Filters

Name of the Vulnerable Software and Affected Versions: More Mime Type Filters versions 0.3 and earlier Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows for Stored XSS attacks. Recommendations: For...

7.1CVSS7.1AI score0.00374EPSS
Exploits0References4
OSV
OSV
added 2025/04/06 10:15 p.m.5 views

CVE-2025-3323

A vulnerability classified as critical was found in godcheese/code-projects Nimrod 0.8. Affected by this vulnerability is the function searchAllByName of the file ViewMenuCategoryRestController.java. The manipulation of the argument Name leads to sql injection. The attack can be launched remotely...

8.8CVSS5.8AI score0.00468EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/04/01 8:58 p.m.3 views

CVE-2025-31462 WordPress CGM Event Calendar <= 0.8.5 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in rzfarrell CGM Event Calendar allows Reflected XSS. This issue affects CGM Event Calendar: from n/a through 0.8.5...

7.1CVSS6.9AI score0.00338EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/01 12:0 a.m.2 views

WordPress plugin Posten 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS6.5AI score0.00308EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/03/28 10:1 p.m.5 views

WordPress So-Called Air Quotes plugin <= 0.1 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Avraham Shemesh in WordPress Plugin So-Called Air Quotes versions = 0.1...

7.3CVSS7.1AI score0.00458EPSS
Exploits0References1Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/03/28 1:5 p.m.7 views

Malicious code in 0-8 (PyPI)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2025/03/27 11:15 p.m.4 views

CVE-2025-2888

During a snapshot rollback, the client incorrectly caches the timestamp metadata. If the client checks the cache when attempting to perform the next update, the update timestamp validation will fail, preventing the next update until the cache is cleared. Users should upgrade to tough version 0.20...

4.5CVSS7.1AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/03/22 12:26 p.m.10 views

CVE-2024-12215

In kedro-org/kedro version 0.19.8, the pullpackage API function allows users to download and extract micro packages from the Internet. However, the function projectwheelmetadata within the code path can execute the setup.py file inside the tar file, leading to remote code execution RCE by running...

8.8CVSS8.3AI score0.00986EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/22 12:9 p.m.7 views

CVE-2024-10831

In eosphoros-ai/db-gpt version 0.6.0, the endpoint for uploading files is vulnerable to absolute path traversal. This vulnerability allows an attacker to upload arbitrary files to arbitrary locations on the target server. The issue arises because the filekey and docfile.filename parameters are...

9.1CVSS7AI score0.00769EPSS
Exploits1References1
OSV
OSV
added 2025/03/20 12:32 p.m.6 views

GHSA-GJ27-76GQ-5V3P Open WebUI stored cross-site scripting (XSS) vulnerability

A stored cross-site scripting XSS vulnerability exists in open-webui/open-webui version 0.3.8. The vulnerability is present in the /api/v1/models/add endpoint, where the model description field is improperly sanitized before being rendered in chat. This allows an attacker to inject malicious...

8.4CVSS6.1AI score0.00889EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2025/03/20 12:32 p.m.8 views

Open WebUI denial of service through endpoint for converting markdown

In version 0.3.8 of open-webui, an endpoint for converting markdown to HTML is exposed without authentication. A maliciously crafted markdown payload can cause the server to spend excessive time converting it, leading to a denial of service. The server becomes unresponsive to other requests until...

7.5CVSS6.6AI score0.00811EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.4 views

LlamaIndex SQL注入漏洞

LlamaIndex is a data framework for LLM applications from LlamaIndex open source. A SQL injection vulnerability exists in LlamaIndex v0.12.3 and earlier versions, which stems from an unvalidated SQL query and could lead to a SQL injection attack...

10CVSS9.2AI score0.01311EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.3 views

feast 访问控制错误漏洞

feast is an AI/ML open source function library from Feast Open Source. An access control error vulnerability exists in feast version 0.40.0, which stems from a misconfiguration of CORS and could lead to the disclosure of sensitive information...

7.4CVSS7.2AI score0.00283EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.2 views

SuperAGI 路径遍历漏洞

SuperAGI is an open source infrastructure application from SuperAGI Open Source. It is used to build components, tools, frameworks and models to implement open source AGI. A path traversal vulnerability exists in SuperAGI version 0.0.14, which stems from path traversal in the file upload...

8.8CVSS9.1AI score0.01332EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.4 views

dify 代码问题漏洞

dify is an open source LLM application development platform from LangGenius Open Source. A code issue vulnerability exists in version 0.10.1 of dify, which stems from an unvalidated URL and could lead to a server-side request forgery attack...

6.5CVSS6.5AI score0.0061EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.4 views

DB-GPT 安全漏洞

DB-GPT is an AWEL and agent-based AI native data application development framework open-sourced by eosphoros. A security vulnerability exists in DB-GPT version 0.6.0, which stems from an arbitrary file write vulnerability in the RAG-knowledge endpoint, which allows an attacker to write a file to ...

9.1CVSS9.1AI score0.00593EPSS
Exploits1References1
Rows per page
Query Builder