Lucene search
+L

123 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-25903

Malicious code in bioql PyPI...

5.8CVSS6.6AI score0.00363EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-46019

Malicious code in bioql PyPI...

9.6CVSS9.2AI score0.00821EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-6212

Malicious code in bioql PyPI...

7.5CVSS7.4AI score0.01298EPSS
Exploits0References25
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-30323

Malicious code in bioql PyPI...

5.3CVSS6.4AI score0.00351EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2022-29036

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.02634EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.11 views

EUVD-2024-54411

Malicious code in bioql PyPI...

2.6CVSS6.6AI score0.00353EPSS
Exploits1References3
Snyk
Snyk
added 2025/09/04 11:45 a.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the dataAddonlayouts and dataAddonlayoutsexcept parameters in the /apprain/developer/addons/update/dialogs process. An attacker can execute arbitrary scripts in the context of a user's browser by submitting...

5.4CVSS5.6AI score0.00162EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2025/09/04 4:49 a.m.5 views

Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client application calls mbedtls_ssl_set_hostname.

...

5.4CVSS7AI score0.00184EPSS
Exploits0
CVE
CVE
added 2025/08/27 12:0 a.m.21 views

CVE-2025-56694

The CVE-2025-56694 affects lumasoft fotoShare Cloud (version 2025-03-13). The vulnerability is a client-side password validation issue (CWE-602) that could allow unauthenticated attackers to view password-protected photo albums. Root cause appears to be improper client-side validation. CVSS v3.1 ...

5.8CVSS6.8AI score0.00363EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/07/27 4:14 p.m.17 views

CVE-2016-15046

A client-side remote code execution vulnerability exists in Hanwha Techwin Smart Security Manager SSM versions 1.32 and 1.4, due to improper restrictions on the PUT method exposed by the bundled Apache ActiveMQ instance running on port 8161. An attacker can exploit this flaw through a Cross-Origi...

8.6CVSS7.5AI score0.00921EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/25 3:53 p.m.11 views

CVE-2016-15046 Hanwha Techwin SSM 1.32 & 1.4 ActiveMQ File Upload RCE

A client-side remote code execution vulnerability exists in Hanwha Techwin Smart Security Manager SSM versions 1.32 and 1.4, due to improper restrictions on the PUT method exposed by the bundled Apache ActiveMQ instance running on port 8161. An attacker can exploit this flaw through a Cross-Origi...

8.6CVSS7.5AI score0.00921EPSS
Exploits0References6
CVE
CVE
added 2025/07/25 3:52 p.m.26 views

CVE-2025-34114

CVE-2025-34114 affects OpenBlow whistleblowing platform. The vulnerability is a client-side misconfiguration due to missing critical HTTP response headers: Content-Security-Policy, Referrer-Policy, Permissions-Policy, Cross-Origin-Embedder-Policy, and Cross-Origin-Resource-Policy across multiple ...

8.4CVSS5.8AI score0.00162EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/07/25 12:0 a.m.7 views

PT-2025-31212 · Apache +1 · Apache Activemq +1

Name of the Vulnerable Software and Affected Versions: Hanwha Techwin Smart Security Manager SSM versions 1.32 and 1.4 Description: A client-side remote code execution issue exists due to improper restrictions on the PUT method exposed by the bundled Apache ActiveMQ instance running on port 8161...

8.6CVSS7.4AI score0.00921EPSS
Exploits0References8
OSV
OSV
added 2025/07/15 8:15 p.m.11 views

UBUNTU-CVE-2025-30749

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1;...

8.1CVSS6.7AI score0.01058EPSS
Exploits1References10
Veracode
Veracode
added 2025/07/11 4:50 a.m.6 views

Sensitive Information Exposure

docusaurus-plugin-content-gists is vulnerable to Sensitive Information Exposure. The vulnerability is due to improper handling of configuration options that include GitHub Personal Access Tokens, which are inadvertently embedded into client-side JavaScript bundles during the production build,...

10CVSS6AI score0.01842EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/07/09 9:8 p.m.2 views

CVE-2025-53624 docusaurus-plugin-content-gists Exposes GitHub Personal Access Token

The Docusaurus gists plugin adds a page to your Docusaurus instance, displaying all public gists of a GitHub user. docusaurus-plugin-content-gists versions prior to 4.0.0 are vulnerable to exposing GitHub Personal Access Tokens in production build artifacts when passed through plugin configuratio...

10CVSS6.8AI score0.01842EPSS
Exploits0References2
Debian
Debian
added 2025/05/29 7:18 a.m.11 views

[SECURITY] [DLA 4187-1] varnish security update

Debian LTS Advisory DLA-4187-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany May 28, 2025 https://wiki.debian.org/LTS Package : varnish Version : 6.5.1-1+deb11u5 CVE ID : CVE-2025-47905 A client-side desync vulnerability can be triggered in Varnish, a...

5.4CVSS6.3AI score0.00328EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 1:21 a.m.8 views

CVE-2022-21826

Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the request's Content-Length header and leaves the POST body on the TCP/TLS socket. This body ends up prefixing the next HTTP request sent down...

5.4CVSS6.6AI score0.45229EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/22 8:39 p.m.12 views

CVE-2025-48373 Schule Has Client-Side Role-Based Access Control (RBAC) Bypass Vulnerability

Schule is open-source school management system software. The application relies on client-side JavaScript index.js to redirect users to different panels based on their role. Prior to version 1.0.1, this implementation poses a serious security risk because it assumes that the value of data.role is...

8.7CVSS6.5AI score0.00334EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/22 8:39 p.m.23 views

CVE-2025-48373 Schule Has Client-Side Role-Based Access Control (RBAC) Bypass Vulnerability

Schule is open-source school management system software. The application relies on client-side JavaScript index.js to redirect users to different panels based on their role. Prior to version 1.0.1, this implementation poses a serious security risk because it assumes that the value of data.role is...

8.7CVSS0.00334EPSS
Exploits0References2
Rows per page
Query Builder