Lucene search
+L

21 matches found

drupal
drupal
added 2026/06/24 12:0 a.m.7 views

AI (Artificial Intelligence) - Moderately critical - Information Disclosure / Cross-site Scripting - SA-CONTRIB-2026-054

The module and certain submodules AI Automators, AI Translate, AI API Explorer, AI Content Suggestions provide the ability to use an LLM to generate HTML or Markdown and preview it in a browser. Under certain circumstances, rendering of this HTML can lead to Cross Site Scripting, or exposing secr...

6.1CVSS5.9AI score0.00181EPSS
Exploits0References4
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-0061

Malicious code in bioql PyPI...

5.3CVSS5.4AI score0.00464EPSS
Exploits0References4
osv
osv
added 2024/09/13 7:47 p.m.27 views

RHBA-2019:1570 Red Hat Bug Fix Advisory: ovirt-engine-api-explorer bug fix and enhancement update for RHV 4.3.4

Bulletin has no description...

6.1CVSS6.5AI score0.87218EPSS
Exploits6References21
osv
osv
added 2024/09/13 3:7 p.m.18 views

RHBA-2019:1076 Red Hat Bug Fix Advisory: ovirt-engine-api-explorer bug fix and enhancement update for RHV 4.3

Bulletin has no description...

6.1CVSS6.8AI score0.0404EPSS
Exploits2References15
prion
prion
added 2023/08/25 1:15 a.m.10 views

Authentication flaw

Datasette is an open source multi-tool for exploring and publishing data. This bug affects Datasette instances running a Datasette 1.0 alpha - 1.0a0, 1.0a1, 1.0a2 or 1.0a3 - in an online accessible location but with authentication enabled using a plugin such as datasette-auth-passwords. The /-/ap...

5CVSS5.2AI score0.00464EPSS
Exploits0References2Affected Software1
osv
osv
added 2023/08/25 1:15 a.m.19 views

PYSEC-2023-154

Datasette is an open source multi-tool for exploring and publishing data. This bug affects Datasette instances running a Datasette 1.0 alpha - 1.0a0, 1.0a1, 1.0a2 or 1.0a3 - in an online accessible location but with authentication enabled using a plugin such as datasette-auth-passwords. The /-/ap...

5.3CVSS6.1AI score0.00464EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2023/08/25 12:18 a.m.12 views

CVE-2023-40570 Datasette 1.0 alpha series leaks names of databases and tables to unauthenticated users

Datasette is an open source multi-tool for exploring and publishing data. This bug affects Datasette instances running a Datasette 1.0 alpha - 1.0a0, 1.0a1, 1.0a2 or 1.0a3 - in an online accessible location but with authentication enabled using a plugin such as datasette-auth-passwords. The /-/ap...

5.3CVSS6.9AI score0.00464EPSS
Exploits0References2
cve
cve
added 2023/08/25 12:18 a.m.2520 views

CVE-2023-40570

Summary: CVE-2023-40570 affects Datasette 1.0 alpha to 1.0a3 with authentication enabled. The /-/api API explorer endpoint could disclose the names of databases and tables to unauthenticated users, without exposing contents. The issue is mitigated in Datasette 1.0a4, which blocks the API explorer...

5.3CVSS5.2AI score0.00464EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2023/08/25 12:18 a.m.39 views

CVE-2023-40570 Datasette 1.0 alpha series leaks names of databases and tables to unauthenticated users

Datasette is an open source multi-tool for exploring and publishing data. This bug affects Datasette instances running a Datasette 1.0 alpha - 1.0a0, 1.0a1, 1.0a2 or 1.0a3 - in an online accessible location but with authentication enabled using a plugin such as datasette-auth-passwords. The /-/ap...

5.3CVSS5.5AI score0.00464EPSS
Exploits0References2
osv
osv
added 2023/08/22 6:6 p.m.29 views

GHSA-7CH3-7PP7-7CPQ Datasette 1.0 alpha series leaks names of databases and tables to unauthenticated users

Impact This bug affects Datasette instances running a Datasette 1.0 alpha - 1.0a0, 1.0a1, 1.0a2 or 1.0a3 - in an online accessible location but with authentication enabled using a plugin such as datasette-auth-passwords. The /-/api API explorer endpoint could reveal the names of both databases an...

5.3CVSS5.2AI score0.00464EPSS
Exploits0References5
ossf
ossf
added 2022/06/20 8:13 p.m.5 views

Malicious code in asana-api-explorer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2bd31cc93d32eb43f77dc893e6c6cb020b5118808483c3e5e8d3ee4cf66b9cf6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
osv
osv
added 2022/06/20 8:13 p.m.7 views

MAL-2022-1129 Malicious code in asana-api-explorer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2bd31cc93d32eb43f77dc893e6c6cb020b5118808483c3e5e8d3ee4cf66b9cf6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
nvd
nvd
added 2020/05/20 2:15 p.m.22 views

CVE-2020-3956

VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4 do not properly handle input leading to a code injection vulnerability. An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to...

8.8CVSS8.9AI score0.211EPSS
Exploits11References4
prion
prion
added 2020/05/20 2:15 p.m.23 views

Remote code execution

VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4 do not properly handle input leading to a code injection vulnerability. An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to...

6.5CVSS8.8AI score0.211EPSS
Exploits11References4Affected Software1
cvelist
cvelist
added 2020/05/20 1:30 p.m.26 views

CVE-2020-3956

VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4 do not properly handle input leading to a code injection vulnerability. An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to...

8.9AI score0.211EPSS
Exploits11References4
attackerkb
attackerkb
added 2020/05/20 12:0 a.m.59 views

CVE-2020-3956: VMware Cloud Director Code Injection Vulnerability

VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4 do not properly handle input leading to a code injection vulnerability. An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to...

8.8CVSS9.1AI score0.211EPSS
Exploits11References4
redhat
redhat
added 2019/06/20 2:47 p.m.9 views

Moderate: Red Hat Bug Fix Advisory: ovirt-engine-api-explorer bug fix and enhancement update for RHV 4.3.4

Updated ovirt-engine-api-explorer packages that fix several bugs and add various enhancements are now available. The ovirt-engine-api-explorer package provides a web application for exploring the oVirt API documentation...

6.1CVSS6.8AI score0.87218EPSS
Exploits6References1
redhat
redhat
added 2019/05/08 12:47 p.m.8 views

Moderate: Red Hat Bug Fix Advisory: ovirt-engine-api-explorer bug fix and enhancement update for RHV 4.3

Updated ovirt-engine-api-explorer packages that fix several bugs and add various enhancements are now available. The ovirt-engine-api-explorer package provides a web application for exploring the oVirt API documentation...

6.1CVSS6.6AI score0.0404EPSS
Exploits2References1
osv
osv
added 2018/03/29 1:29 p.m.5 views

CVE-2018-6588

CA API Developer Portal 3.5 up to and including 3.5 CR5 has a reflected cross-site scripting vulnerability related to the apiExplorer...

6.1CVSS5.7AI score0.00915EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2018/03/29 12:0 a.m.4 views

PT-2018-17652 · Ca · Ca Api Developer Portal

Name of the Vulnerable Software and Affected Versions: CA API Developer Portal versions 3.5 up to and including 3.5 CR5 Description: The issue is related to a reflected cross-site scripting vulnerability in the apiExplorer. Recommendations: For CA API Developer Portal versions 3.5 up to and...

6.1CVSS5.9AI score0.00915EPSS
Exploits0References3
Rows per page
Query Builder