Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 10:50 a.m.7 views

CVE-2022-42745

CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. This is possible because the application is vulnerable to XXE...

7.5CVSS6.9AI score0.00804EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2020-30162

Malware in sbrugna...

8.8CVSS8.6AI score0.00598EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-45813

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00969EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/05/22 11:50 p.m.6 views

CVE-2022-42750

CandidATS version 3.0.0 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the files uploaded by the user...

8.8CVSS7AI score0.00969EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:43 p.m.6 views

CVE-2020-9341

CandidATS 2.1.0 is vulnerable to CSRF that allows for an administrator account to be added via the index.php?m=settings=addUser URI...

8.8CVSS6.9AI score0.00598EPSS
Exploits1References1
OSV
OSV
added 2022/11/03 8:15 p.m.3 views

CVE-2022-42746

CandidATS version 3.0.0 on 'indexFile' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks...

6.1CVSS5.9AI score
Exploits0References2
Prion
Prion
added 2022/11/03 8:15 p.m.23 views

Cross site scripting

CandidATS version 3.0.0 on 'sortDirection' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks...

5.8CVSS6AI score0.01071EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/11/03 12:0 a.m.4 views

PT-2022-26535 · Candidats · Candidats

Name of the Vulnerable Software and Affected Versions: CandidATS version 3.0.0 Description: The issue allows an external attacker to read arbitrary files from the server due to the application being vulnerable to XXE. Recommendations: For CandidATS version 3.0.0, consider restricting access to...

7.5CVSS7.4AI score0.00804EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2022/11/03 12:0 a.m.7 views

CVE-2022-42744

CandidATS version 3.0.0 allows an external attacker to perform CRUD operations on the application databases. This is possible because the application does not correctly validate the entriesPerPage parameter against SQLi attacks...

9.5AI score0.01197EPSS
Exploits1References2
Rows per page
Query Builder