Lucene search
K

155 matches found

CVE
CVE
added 2025/08/12 2:5 a.m.29 views

CVE-2025-42943

CVE-2025-42943 affects SAP GUI for Windows. The vulnerability involves leakage of NTLM hashes when UNC paths are used with certain ABAP frontend services, triggered by user-side execution of SAP GUI for Windows. The underlying issue is exposure of credentials during automatic NTLM authentication,...

4.5CVSS7.3AI score0.00308EPSS
Exploits0References2
OSV
OSV
added 2025/07/21 7:52 p.m.10 views

GHSA-PJJ3-J5J6-QJ27 HAX CMS NodeJS Application Has Improper Error Handling That Leads to Denial of Service

Summary The HAX CMS NodeJS application crashes when an authenticated attacker provides an API request lacking required URL parameters. This vulnerability affects the listFiles and saveFiles endpoints. Details This vulnerability exists because the application does not properly handle exceptions...

7.1CVSS6AI score0.00388EPSS
Exploits0References6
GithubExploit
GithubExploit
added 2025/07/18 4:56 p.m.523 views

Exploit for CVE-2025-7783

form-data boundary randomness vulnerability CVE-2025-7783 L...

9.4CVSS6.6AI score0.01735EPSS
Exploits1
Veracode
Veracode
added 2025/07/18 5:46 a.m.5 views

Arbitrary Code Injection

pyLoad-ng is vulnerable to Arbitrary Code Injection. The vulnerability is due to unsafe JavaScript evaluation caused by insecure CAPTCHA processing logic that allows unauthenticated remote attackers to execute arbitrary code in the client browser and potentially on the backend server...

9.8CVSS7.3AI score0.01144EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2025/06/09 9:15 p.m.11 views

CVE-2025-49141

HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.3, the gitImportSite functionality obtains a URL string from a POST request and insufficiently validates user input. The setremote function later passes this input into procopen, yielding OS...

8.8CVSS0.01496EPSS
Exploits1References2
OSV
OSV
added 2025/06/09 8:30 p.m.5 views

GHSA-G4CF-PP4X-HQGW HaxCMS-PHP Command Injection Vulnerability

Summary The 'gitImportSite' functionality obtains a URL string from a POST request and insufficiently validates user input. The ’setremote’ function later passes this input into ’procopen’, yielding OS command injection. Details The vulnerability exists in the logic of the ’gitImportSite’ functio...

8.5CVSS8.2AI score0.01496EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/23 4:46 a.m.13 views

CVE-2023-41337

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. In version 2.3.0-beta2 and prior, when h2o is configured to listen to multiple addresses or ports with each of them using different backend servers managed by multiple entities, a malicious backend entity that also has the...

6.7CVSS6.6AI score0.00181EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:39 p.m.7 views

CVE-2020-5889

On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, in BIG-IP APM portal access, a specially crafted HTTP request can lead to reflected XSS after the BIG-IP APM system rewrites the HTTP response from the untrusted backend server and sends it to the client...

5.4CVSS6AI score0.0072EPSS
Exploits0References1
Citrix
Citrix
added 2025/05/12 12:0 a.m.12 views

NetScaler Appending random strings in http POST method causing "500 Internal Error"

The NetScaler appends some random string to POST request sent to the backend server, This results in failure, “HTTP 500 Internal error” to be specific...

7AI score
Exploits0
Citrix
Citrix
added 2025/04/16 12:0 a.m.12 views

Netscaler-14.1- How NetScaler handles expect:100 continue header

When NetScaler gets an HTTP request that includes the Expect: 100-Continue header, it sends a 100 Continue response back to the client. This step is important because NetScaler’s Application Firewall needs to review the full request—including the body—before passing it on to the backend server...

7.1AI score
Exploits0
CNVD
CNVD
added 2025/03/27 12:0 a.m.2 views

GPT Academic Command Injection Vulnerability

GPT Academic is an interface that provides pragmatic interactions for LLM grand language models such as GPT/GLM. GPT Academic suffers from a command injection vulnerability that stems from a security issue with the CodeInterpreter plugin, which can be exploited by an attacker to achieve Remote Co...

8.8CVSS7.9AI score0.01348EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/22 12:16 p.m.7 views

CVE-2024-10950

In binary-husky/gptacademic version = 3.83, the plugin CodeInterpreter is vulnerable to code injection caused by prompt injection. The root cause is the execution of user-provided prompts that generate untrusted code without a sandbox, allowing the execution of parts of the LLM-generated code. Th...

8.8CVSS8.4AI score0.01348EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/22 11:24 a.m.7 views

CVE-2024-8489

A vulnerability in modelscope/agentscope, specifically in the AgentScope Studio backend server, allows for Cross-Site Request Forgery CSRF due to overly permissive CORS headers. This issue affects the latest commit on the main branch 21161fe. The vulnerability permits an attacker to access all...

8.8CVSS7AI score0.00214EPSS
Exploits0References1
NVD
NVD
added 2025/03/20 10:15 a.m.8 views

CVE-2024-8489

A vulnerability in modelscope/agentscope, specifically in the AgentScope Studio backend server, allows for Cross-Site Request Forgery CSRF due to overly permissive CORS headers. This issue affects the latest commit on the main branch 21161fe. The vulnerability permits an attacker to access all...

8.8CVSS0.00214EPSS
Exploits0References1
OSV
OSV
added 2025/03/20 10:10 a.m.4 views

CVE-2024-10950 Code Injection in binary-husky/gpt_academic

In binary-husky/gptacademic version = 3.83, the plugin CodeInterpreter is vulnerable to code injection caused by prompt injection. The root cause is the execution of user-provided prompts that generate untrusted code without a sandbox, allowing the execution of parts of the LLM-generated code. Th...

8.8CVSS7.8AI score0.01348EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/03/20 10:9 a.m.12 views

CVE-2024-8489 CSRF due to overly permissive CORS headers in modelscope/agentscope

A vulnerability in modelscope/agentscope, specifically in the AgentScope Studio backend server, allows for Cross-Site Request Forgery CSRF due to overly permissive CORS headers. This issue affects the latest commit on the main branch 21161fe. The vulnerability permits an attacker to access all...

8.8CVSS0.00214EPSS
Exploits0References1
CVE
CVE
added 2025/03/07 3:36 p.m.82 views

CVE-2025-27518

CVE-2025-27518 affects Cognita (the RAG framework) backend server. The issue is an insecure CORS configuration that allows arbitrary websites to send cross-site requests to the Cognita application. Root cause: misconfigured CORS on the backend. Reported impact is that cross-origin requests could ...

6.9CVSS6.8AI score0.00457EPSS
Exploits0References3
OSV
OSV
added 2025/02/17 7:10 p.m.10 views

BIT-GITLAB-2025-1212 Exposure of Sensitive System Information to an Unauthorized Control Sphere in GitLab

An information disclosure vulnerability in GitLab CE/EE affecting all versions from 8.3 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to send a crafted request to a backend server to reveal sensitive information...

7.5CVSS4.1AI score0.00367EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2025/02/12 3:2 p.m.3 views

CVE-2025-1212

Removed by vendor...

7.5CVSS5.8AI score0.00367EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2025/01/13 12:0 a.m.15 views

Qlik Sense HTTP Tunneling Vulnerability

Qlik Sense contains an HTTP tunneling vulnerability that allows an attacker to escalate privileges and execute HTTP requests on the backend server hosting the software...

9.9CVSS7.4AI score0.24676EPSS
In wildExploits0
Rows per page
Query Builder