Lucene search
+L

126 matches found

OSV
OSV
added 2025/07/22 12:0 a.m.5 views

CVE-2025-51458

SQL Injection in editorsqlrun and queryex in eosphoros-ai DB-GPT 0.7.0 allows remote attackers to execute arbitrary SQL statements via crafted input passed to the /v1/editor/sql/run or /v1/editor/chart/run endpoints, interacting with apieditorv1.editorsqlrun, editorchartrun, and...

6.5CVSS8.5AI score0.00325EPSS
Exploits2References4
CNNVD
CNNVD
added 2025/07/08 12:0 a.m.5 views

IBM OpenPages with Watson 安全漏洞

IBM OpenPages with Watson is an AI-powered financial risk analytics solution from International Business Machines IBM. The platform is based on AI technology to predict risk factors and minimize risk in financial activities by integrating, automatically identifying, measuring, monitoring,...

4.3CVSS6.2AI score0.00216EPSS
Exploits0References2
Gitee
Gitee
added 2025/06/25 11:17 p.m.104 views

metasploit-framework

This repository is an offensive tool for Metasploit Framework. The primary CVE ID is not explicitly mentioned, but it is likely related to the Metasploit Framework itself. The target product/service or framework is Metasploit Framework, a penetration testing platform. The vulnerability class/vect...

7.9AI score
Exploits0
CNNVD
CNNVD
added 2025/06/10 12:0 a.m.15 views

SAP Business Objects Business Intelligence Platform 代码问题漏洞

SAP Business Objects Business Intelligence Platform is a suite of business intelligence software and enterprise performance solutions from SAP, Germany. The product features report generation, analytics, and data visualization. A code issue vulnerability exists in SAP Business Objects Business...

5.3CVSS6.7AI score0.00222EPSS
Exploits0References4
FreeBSD
FreeBSD
added 2024/10/28 12:0 a.m.7 views

forgejo -- multiple vulnerabilities

Problem Description: Forgejo generates a token which is used to authenticate web endpoints that are only meant to be used internally, for instance when the SSH daemon is used to push a commit with Git. The verification of this token was not done in constant time and was susceptible to timing...

7.2AI score
Exploits0References3
CNNVD
CNNVD
added 2024/08/07 12:0 a.m.5 views

Jenkins 安全漏洞

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. A security vulnerability exists in Jenkins 2.470 and earlier and LTS 2.452.3 and earlier, which stems from a failure to...

6.3CVSS6.4AI score0.04263EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/07/08 12:0 a.m.4 views

Checkmk Security Vulnerabilities

Checkmk is an IT monitoring platform from Checkmk, Inc. Checkmk has a security vulnerability that originates from certain http endpoints that allow remote attackers to bypass authentication and access data...

9.8CVSS7.1AI score0.00525EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2024/04/06 12:0 a.m.2 views

VulnCheck KEV: CVE-2023-49785

NextChat, also known as ChatGPT-Next-Web, is a cross-platform chat user interface for use with ChatGPT. Versions 2.11.2 and prior are vulnerable to server-side request forgery and cross-site scripting. This vulnerability enables read access to internal HTTP endpoints but also write access using...

9.8CVSS7AI score0.83163EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/03/12 12:0 a.m.7 views

PT-2024-2488 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.19 and earlier Description: The issue exists due to inadequate protection of the web page structure, allowing a remote attacker to execute arbitrary code. This stored Cross-Site Scripting XSS vulnerabilit...

5.5CVSS6.3AI score0.00427EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/12/29 12:0 a.m.6 views

PT-2023-31797 · Zerobounce · Zerobounce Email Verification & Validation

Name of the Vulnerable Software and Affected Versions: ZeroBounce Email Verification & Validation versions 1.0.11 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting', which allows Stored XSS. This can b...

5.9CVSS5.8AI score0.00328EPSS
Exploits0References8
CNNVD
CNNVD
added 2023/12/12 12:0 a.m.6 views

ProLion CryptoSpike Security Vulnerability

ProLion CryptoSpike is ProLion's solution for detecting and combating suspicious activity. A security vulnerability exists in ProLion CryptoSpike version 3.0.15P2, which stems from incorrect user role checking in multiple REST API endpoints, allowing a low-privileged remote attacker to perform...

8.8CVSS7.1AI score0.00847EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/11/23 12:0 a.m.7 views

PT-2023-31114 · Unknown · Ironman Powershell Universal

Name of the Vulnerable Software and Affected Versions: Ironman PowerShell Universal versions 3.0.0 through 4.2.0 Description: The issue allows remote attackers to execute arbitrary commands via crafted HTTP requests if a param block is used, due to invalid sanitization of input strings. This is...

8.8CVSS9AI score0.02127EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/10/29 12:0 a.m.6 views

Peppermint Security Vulnerabilities

Peppermint is an open source ticket management system from Peppermint Labs. A security vulnerability exists in Peppermint Ticket Management version 0.2.4 and earlier versions. A remote attacker can exploit this vulnerability to read an arbitrary file via a...

5.3CVSS6.8AI score0.00658EPSS
Exploits1References3
PyPA
PyPA
added 2023/10/25 6:17 p.m.8 views

PYSEC-2023-220

Nautobot is a Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 2.0.x, certain REST API endpoints, in combination with the ?depth= query parameter, can expose hashed user passwords as stored in the database to...

6.5CVSS6.6AI score0.00529EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2023/10/03 12:0 a.m.4 views

cashIT Security Breach

cashIT is an old cell phone recycling website by cashIT India. cashIT suffers from a security vulnerability that stems from a database disclosure system settings, user accounts, etc. that can be triggered via HTTP endpoints exposed to the network...

7.5CVSS6.6AI score0.00472EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2023/06/15 9:3 a.m.5 views

plugin: missing permission checks in Blue Ocean Plugin

Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server...

6.5CVSS5.8AI score0.00835EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/05/16 12:0 a.m.13 views

PT-2023-24123 · Jenkins · Jenkins Azure Vm Agents Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Azure VM Agents Plugin versions 852.v8d35f0960a 43 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified Azure Cloud server using...

6.5CVSS6.3AI score0.00578EPSS
Exploits0References4
OSV
OSV
added 2023/04/18 5:15 p.m.5 views

CVE-2023-27976

A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause remote code execution when a valid user visits a malicious link provided through the web endpoints. Affected Products: EcoStruxure Control Expert V15.1 and above...

8.8CVSS7.7AI score0.00845EPSS
Exploits0References1
NVD
NVD
added 2023/04/18 5:15 p.m.28 views

CVE-2023-27976

A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause remote code execution when a valid user visits a malicious link provided through the web endpoints. Affected Products: EcoStruxure Control Expert V15.1 and above...

8.8CVSS8.9AI score0.00845EPSS
Exploits0References1
Prion
Prion
added 2023/04/18 5:15 p.m.16 views

Remote code execution

A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause remote code execution when a valid user visits a malicious link provided through the web endpoints. Affected Products: EcoStruxure Control Expert V15.1 and above...

6.8CVSS8.8AI score0.00845EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder