Lucene search
K

171 matches found

CNNVD
CNNVD
added 2025/05/21 12:0 a.m.4 views

GitHub Desktop 信息泄露漏洞

GitHub Desktop is a GitHub desktop version of GitHub Desktop open source. An information disclosure vulnerability exists in versions prior to GitHub Desktop 3.4.20-beta3, which stems from an attempt by Git to access a network share that could lead to information disclosure...

3.3CVSS5.9AI score0.00154EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/02 3:15 p.m.8 views

CVE-2025-32376

Discourse is an open-source discussion platform. Prior to versions 3.4.3 on the stable branch and 3.5.0.beta3 on the beta branch, the users limit for a DM can be bypassed, thus giving the ability to potentially create a DM with every user from a site in it. This issue has been patched in stable...

4.8CVSS6.6AI score0.00216EPSS
Exploits0References1
OSV
OSV
added 2025/01/09 7:14 p.m.4 views

CVE-2024-13261 Acquia DAM - Moderately critical - Cross Site Request Forgery, Denial of Service - SA-CONTRIB-2024-025

Cross-Site Request Forgery CSRF vulnerability in Drupal Acquia DAM allows Cross Site Request Forgery.This issue affects Acquia DAM: from 0.0.0 before 1.0.13, from 1.1.0 before 1.1.0-beta3...

3.5CVSS5.9AI score0.0014EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/01/09 12:0 a.m.5 views

Drupal 安全漏洞

Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal Acquia DAM version 1.0.13, prior to versions 1.1.0 through 1.1.0-beta3, which stems from the inclusion of a cross-site request forgery vulnerability...

3.5CVSS6.6AI score0.0014EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.8 views

PT-2025-35217 · Appneta +1 · Tcpreplay +1

Name of the Vulnerable Software and Affected Versions: appneta tcpreplay version 4.5.1 Description: A security issue has been identified in the calc sleep time function within the send packets.c file. Manipulation of this function can lead to a divide by zero error. Exploitation requires local...

4.8CVSS3.8AI score0.00225EPSS
Exploits1References15
NVD
NVD
added 2024/07/30 3:15 p.m.29 views

CVE-2024-37165

Discourse is an open source discussion platform. Prior to 3.2.3 and 3.3.0.beta3, improperly sanitized Onebox data could lead to an XSS vulnerability in some situations. This vulnerability only affects Discourse instances which have disabled the default Content Security Policy. This vulnerability ...

6.3CVSS0.00364EPSS
Exploits0References3
CVE
CVE
added 2024/07/30 2:10 p.m.57 views

CVE-2024-37165

Discourse has an XSS vulnerability (CVE-2024-37165) arising from improperly sanitized Onebox data. Affected: Discourse versions before 3.2.3 and before 3.3.0.beta3, particularly when the default Content Security Policy is disabled. Impact is XSS under those conditions; fixed in Discourse 3.2.3 an...

6.3CVSS6AI score0.00364EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/07/30 12:0 a.m.6 views

PT-2024-27349 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.2.3 Discourse versions prior to 3.3.0.beta3 Description: The issue arises from improperly sanitized Onebox data, which could lead to an XSS vulnerability in certain situations. This vulnerability only affects...

6.3CVSS6.2AI score0.00364EPSS
Exploits0References11
OSV
OSV
added 2024/07/09 8:43 a.m.23 views

BIT-DISCOURSE-2024-36113 Discourse missing authorization checks for suspending admins/moderators

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch, version 3.3.0.beta3 on the beta branch, and version 3.3.0.beta4-dev on the tests-passed branch, a rogue staff user could suspend other staff users preventing them from logging in to the site. The issue i...

6.5CVSS5.6AI score0.00418EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2024/07/03 9:20 p.m.33 views

CVE-2024-36113

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch, version 3.3.0.beta3 on the beta branch, and version 3.3.0.beta4-dev on the tests-passed branch, a rogue staff user could suspend other staff users preventing them from logging in to the site. The issue i...

6.5CVSS6.8AI score0.00418EPSS
Exploits0References6
NVD
NVD
added 2024/07/03 7:15 p.m.47 views

CVE-2024-36113

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch, version 3.3.0.beta3 on the beta branch, and version 3.3.0.beta4-dev on the tests-passed branch, a rogue staff user could suspend other staff users preventing them from logging in to the site. The issue i...

6.5CVSS0.00418EPSS
Exploits0References3
NVD
NVD
added 2024/07/03 7:15 p.m.45 views

CVE-2024-35234

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta3 on the tests-passed branch, an attacker can execute arbitrary JavaScript on users’ browsers by posting a specific URL containing maliciously crafted meta tags. This issue only...

6.1CVSS0.00333EPSS
Exploits0References3
OSV
OSV
added 2024/07/03 7:7 p.m.33 views

CVE-2024-36113 Discourse missing authorization checks for suspending admins/moderators

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch, version 3.3.0.beta3 on the beta branch, and version 3.3.0.beta4-dev on the tests-passed branch, a rogue staff user could suspend other staff users preventing them from logging in to the site. The issue i...

4.9CVSS6.5AI score0.00418EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/07/03 7:7 p.m.19 views

CVE-2024-36113 Discourse missing authorization checks for suspending admins/moderators

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch, version 3.3.0.beta3 on the beta branch, and version 3.3.0.beta4-dev on the tests-passed branch, a rogue staff user could suspend other staff users preventing them from logging in to the site. The issue i...

4.9CVSS6.6AI score0.00418EPSS
Exploits0References3
OSV
OSV
added 2024/07/03 6:23 p.m.30 views

CVE-2024-35234 Discourse vulnerable to stored-dom XSS via Facebook Oneboxes

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta3 on the tests-passed branch, an attacker can execute arbitrary JavaScript on users’ browsers by posting a specific URL containing maliciously crafted meta tags. This issue only...

4.2CVSS7AI score0.00333EPSS
Exploits0References5
CVE
CVE
added 2024/07/03 6:23 p.m.65 views

CVE-2024-35234

CVE-2024-35234 affects Discourse. Multiple sources document a stored DOM XSS where an attacker can execute arbitrary JavaScript in users’ browsers by visiting a URL containing malicious meta tags, applicable to installations with CSP disabled. Patched in Discourse releases: 3.2.3 (stable) and 3.3...

6.1CVSS5.6AI score0.00333EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/07/03 6:23 p.m.42 views

CVE-2024-35234 Discourse vulnerable to stored-dom XSS via Facebook Oneboxes

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta3 on the tests-passed branch, an attacker can execute arbitrary JavaScript on users’ browsers by posting a specific URL containing maliciously crafted meta tags. This issue only...

4.2CVSS0.00333EPSS
Exploits0References3
NVD
NVD
added 2024/07/03 6:15 p.m.31 views

CVE-2024-35227

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta3 on the tests-passed branch, Oneboxing against a carefully crafted malicious URL can reduce the availability of a Discourse instance. The problem has been patched in version 3.2.3 o...

7.5CVSS0.0059EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/07/03 5:39 p.m.40 views

CVE-2024-35227 Discourse vulnerable to DoS through Onebox

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta3 on the tests-passed branch, Oneboxing against a carefully crafted malicious URL can reduce the availability of a Discourse instance. The problem has been patched in version 3.2.3 o...

7.5CVSS0.0059EPSS
Exploits0References3
CVE
CVE
added 2024/07/03 5:39 p.m.80 views

CVE-2024-35227

CVE-2024-35227 affects Discourse (open-source discussion platform). The issue arises from Oneboxing a carefully crafted malicious URL, which can degrade availability (DoS). Affected versions: prior to 3.2.3 on the stable branch and 3.3.0.beta3 on the tests-passed branch. Remediation: patched in 3...

7.5CVSS7.4AI score0.0059EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder