126 matches found
CVE-2025-51458
SQL Injection in editorsqlrun and queryex in eosphoros-ai DB-GPT 0.7.0 allows remote attackers to execute arbitrary SQL statements via crafted input passed to the /v1/editor/sql/run or /v1/editor/chart/run endpoints, interacting with apieditorv1.editorsqlrun, editorchartrun, and...
IBM OpenPages with Watson 安全漏洞
IBM OpenPages with Watson is an AI-powered financial risk analytics solution from International Business Machines IBM. The platform is based on AI technology to predict risk factors and minimize risk in financial activities by integrating, automatically identifying, measuring, monitoring,...
metasploit-framework
This repository is an offensive tool for Metasploit Framework. The primary CVE ID is not explicitly mentioned, but it is likely related to the Metasploit Framework itself. The target product/service or framework is Metasploit Framework, a penetration testing platform. The vulnerability class/vect...
SAP Business Objects Business Intelligence Platform 代码问题漏洞
SAP Business Objects Business Intelligence Platform is a suite of business intelligence software and enterprise performance solutions from SAP, Germany. The product features report generation, analytics, and data visualization. A code issue vulnerability exists in SAP Business Objects Business...
forgejo -- multiple vulnerabilities
Problem Description: Forgejo generates a token which is used to authenticate web endpoints that are only meant to be used internally, for instance when the SSH daemon is used to push a commit with Git. The verification of this token was not done in constant time and was susceptible to timing...
Jenkins 安全漏洞
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. A security vulnerability exists in Jenkins 2.470 and earlier and LTS 2.452.3 and earlier, which stems from a failure to...
Checkmk Security Vulnerabilities
Checkmk is an IT monitoring platform from Checkmk, Inc. Checkmk has a security vulnerability that originates from certain http endpoints that allow remote attackers to bypass authentication and access data...
VulnCheck KEV: CVE-2023-49785
NextChat, also known as ChatGPT-Next-Web, is a cross-platform chat user interface for use with ChatGPT. Versions 2.11.2 and prior are vulnerable to server-side request forgery and cross-site scripting. This vulnerability enables read access to internal HTTP endpoints but also write access using...
PT-2024-2488 · Adobe · Experience Manager
Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.19 and earlier Description: The issue exists due to inadequate protection of the web page structure, allowing a remote attacker to execute arbitrary code. This stored Cross-Site Scripting XSS vulnerabilit...
PT-2023-31797 · Zerobounce · Zerobounce Email Verification & Validation
Name of the Vulnerable Software and Affected Versions: ZeroBounce Email Verification & Validation versions 1.0.11 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting', which allows Stored XSS. This can b...
ProLion CryptoSpike Security Vulnerability
ProLion CryptoSpike is ProLion's solution for detecting and combating suspicious activity. A security vulnerability exists in ProLion CryptoSpike version 3.0.15P2, which stems from incorrect user role checking in multiple REST API endpoints, allowing a low-privileged remote attacker to perform...
PT-2023-31114 · Unknown · Ironman Powershell Universal
Name of the Vulnerable Software and Affected Versions: Ironman PowerShell Universal versions 3.0.0 through 4.2.0 Description: The issue allows remote attackers to execute arbitrary commands via crafted HTTP requests if a param block is used, due to invalid sanitization of input strings. This is...
Peppermint Security Vulnerabilities
Peppermint is an open source ticket management system from Peppermint Labs. A security vulnerability exists in Peppermint Ticket Management version 0.2.4 and earlier versions. A remote attacker can exploit this vulnerability to read an arbitrary file via a...
PYSEC-2023-220
Nautobot is a Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 2.0.x, certain REST API endpoints, in combination with the ?depth= query parameter, can expose hashed user passwords as stored in the database to...
cashIT Security Breach
cashIT is an old cell phone recycling website by cashIT India. cashIT suffers from a security vulnerability that stems from a database disclosure system settings, user accounts, etc. that can be triggered via HTTP endpoints exposed to the network...
plugin: missing permission checks in Blue Ocean Plugin
Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server...
PT-2023-24123 · Jenkins · Jenkins Azure Vm Agents Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Azure VM Agents Plugin versions 852.v8d35f0960a 43 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified Azure Cloud server using...
CVE-2023-27976
A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause remote code execution when a valid user visits a malicious link provided through the web endpoints. Affected Products: EcoStruxure Control Expert V15.1 and above...
CVE-2023-27976
A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause remote code execution when a valid user visits a malicious link provided through the web endpoints. Affected Products: EcoStruxure Control Expert V15.1 and above...
Remote code execution
A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause remote code execution when a valid user visits a malicious link provided through the web endpoints. Affected Products: EcoStruxure Control Expert V15.1 and above...