Lucene search
K

537 matches found

CNNVD
CNNVD
added 2024/07/30 12:0 a.m.3 views

mini-deep-assign 安全漏洞

mini-deep-assign is a library by Alexander Personal Developer. A security vulnerability exists in mini-deep-assign version v0.0.8. An attacker can exploit this vulnerability to execute arbitrary code or cause a denial of service and other impact via the assign method at /lib/index.js:91...

9.8CVSS7.7AI score0.00973EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2024/07/17 3:32 a.m.4 views

SUSE CVE-2024-40971

In the Linux kernel, the following vulnerability has been resolved: f2fs: remove clear SBINLINECRYPT flag in defaultoptions In f2fsremount, SBINLINECRYPT flag will be clear and re-set. If create new file or open file during this gap, these files will not use inlinecrypt. Worse case, it may lead t...

5.5CVSS6.7AI score0.003EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/07/11 3:22 a.m.4 views

Malicious code in sap-ans (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 039a7fc0556d340f2ad4abfec6c8573743803edbe7e104947364c0332716d7c5 The OpenSSF Package Analysis project identified 'sap-ans' @ 0.0.0 npm as malicious. It is considered malicious because: - The package communicat...

7.1AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/07/11 2:25 a.m.3 views

Malicious code in sap-authchildform (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 7050cc78b5ef30972e144f1f4e3f3af6bd67899aec66977a7395a0a35a529d4b The OpenSSF Package Analysis project identified 'sap-authchildform' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...

7.1AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/07/11 1:57 a.m.6 views

Malicious code in sap-allusers (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d5eacfc5bc68ef30f29755795ed8ff32a858d41764d8e98b1e3e4525fe339f04 The OpenSSF Package Analysis project identified 'sap-allusers' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...

7.1AI score
Exploits0
CNNVD
CNNVD
added 2024/07/04 12:0 a.m.4 views

Gogs Security Breach

Gogs Go Git Service is a self-service Git hosting service based on the Go language by the GOGS team, which supports creating and migrating public/private repositories, adding and deleting repository collaborators, and so on. A security vulnerability exists in Gogs version 0.13.0, which stems from...

9.9CVSS8.2AI score0.07258EPSS
Exploits3References6
Positive Technologies
Positive Technologies
added 2024/06/28 12:0 a.m.3 views

PT-2024-28049 · Hush Line · Hush Line

Name of the Vulnerable Software and Affected Versions: Hush Line versions prior to 0.1.0 Description: Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. There is a stored XSS in the Inbox. The input is displayed using the safe Jinja2 attribute,...

8.8CVSS6.2AI score0.00425EPSS
Exploits1References6
OSV
OSV
added 2024/06/24 8:44 p.m.1 views

GHSA-683X-4444-JXH8 Improper Restriction of XML External Entity Reference in org.cyclonedx:cyclonedx-core-java

Impact Before deserializing CycloneDX Bill of Materials in XML format, cyclonedx-core-java leverages XPath expressions to determine the schema version of the BOM. The DocumentBuilderFactory used to evaluate XPath expressions was not configured securely, making the library vulnerable to XML Extern...

7.5CVSS6.8AI score0.00589EPSS
Exploits0References5
OSV
OSV
added 2024/06/24 5:15 p.m.10 views

AZL-42928 CVE-2024-6104 affecting package prometheus for versions less than 2.37.0-14

go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7...

5.5CVSS6.6AI score0.00358EPSS
Exploits0References1
OSV
OSV
added 2024/06/04 12:31 p.m.3 views

GHSA-WF7F-8FXF-XFXC MLFlow unsafe deserialization

Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.5.0 or newer, enabling a maliciously uploaded PyTorch model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS7.4AI score0.00618EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/05/20 12:0 a.m.6 views

Blackprint 安全漏洞

Blackprint is a visual programming interface from Blackprint Open Source. A security vulnerability exists in blackprint version v.0.9.0, which originated from a vulnerability that allows attackers to execute arbitrary code via the utils.setDeepProperty function of engine.min.js...

9.8CVSS9.3AI score0.00782EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/05/16 12:0 a.m.3 views

PHP Shopping Cart SQL注入漏洞

PHP Shopping Cart is an open source shopping cart system by Phpjabbers. PHP Shopping Cart version 0.9 suffers from a SQL injection vulnerability that stems from the presence of a SQL injection vulnerability that allows an attacker to retrieve all information stored in the database by sending a...

9.8CVSS7.5AI score0.00408EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/05/06 12:0 a.m.2 views

wasm3 安全漏洞

wasm3 is the fastest WebAssembly interpreter, as well as the most versatile runtime. A security vulnerability exists in version v0.5.0 of wasm3, which originates from a segmentation error via the function PreserveRegisterIfOccupied in wasm3/source/m3compile.c. The vulnerability is caused by the...

7.5CVSS6.8AI score0.00627EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/05/01 12:0 a.m.5 views

PT-2024-21084 · Viewerjs · Viewerjs

Name of the Vulnerable Software and Affected Versions: ViewerJS version 0.5.8 Description: An issue was discovered in ViewerJS where a script from the component loads content via URL TAGs without properly sanitizing it, leading to both open redirection and out-of-band resource loading...

4.7CVSS6.9AI score0.00326EPSS
Exploits0References7
RustSec
RustSec
added 2024/04/03 12:0 p.m.6 views

Degradation of service in h2 servers with CONTINUATION Flood

An attacker can send a flood of CONTINUATION frames, causing h2 to process them indefinitely. This results in an increase in CPU usage. Tokio task budget helps prevent this from a complete denial-of-service, as the server can still respond to legitimate requests, albeit with increased latency. Mo...

7AI score
Exploits0Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2024/03/04 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-32849

Gerapy is a distributed crawler management framework. Prior to version 0.9.9, an authenticated user could execute arbitrary commands. This issue is fixed in version 0.9.9. There are no known workarounds...

9CVSS7.5AI score0.0765EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/02/21 12:0 a.m.4 views

PT-2024-18240 · Garo · Garo Wallbox Glb+ T2Ev7

Name of the Vulnerable Software and Affected Versions: GARO WALLBOX GLB+ T2EV7 version 0.5 Description: A problematic issue was found in the Software Update Handler component, affecting an unknown part of the file /index.jspsettings. The manipulation of the Reference argument leads to cross-site...

6.1CVSS6.5AI score0.00658EPSS
Exploits1References8
OSV
OSV
added 2024/02/20 1:15 a.m.5 views

CVE-2024-1647

Pyhtml2pdf version 0.0.6 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user...

7.5CVSS5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/02/15 7:12 a.m.5 views

Malicious code in rb-web-popup (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 04b85d0e4dc2479fa94e653c94a102e902b4154168a9797a2677ef30c1af062e The OpenSSF Package Analysis project identified 'rb-web-popup' @ 0.1.0 npm as malicious. It is considered malicious because: - The package...

6.9AI score
Exploits0
CNNVD
CNNVD
added 2024/02/05 12:0 a.m.4 views

Lotos WebServer Security Vulnerability

Lotos WebServer is a small but high-performance HTTP WebServer that follows the Reactor model and uses non-blocking IO and IO multiplexing epoll ET to handle concurrency. A security vulnerability exists in Lotos WebServer version v0.1.1, which was discovered to contain a memory reuse-after-freedo...

7.5CVSS7.1AI score0.00706EPSS
Exploits1References2
Rows per page
Query Builder