Lucene search
+L

7 matches found

osv
osv
added 2026/07/02 7:3 p.m.3 views

GHSA-QCR8-X557-7CP3 @asymmetric-effort/specifyjs: Production console warnings may leak internal framework state

Finding Location: core/src/core/scheduler.ts:23, core/src/hooks/dispatcher.ts:100, core/src/client/graphql.ts:71 Several console.warn calls are not gated behind DEV and will fire in production builds, potentially exposing internal framework state such as queue sizes, component names, and query...

6.9CVSS5.8AI score
Exploits0References3
cnnvd
cnnvd
added 2026/04/14 12:0 a.m.11 views

Autodesk Fusion 跨站脚本漏洞

Autodesk Fusion is a data management software platform developed by Autodesk, Inc. in the United States. Autodesk Fusion has a cross-site scripting vulnerability, which stems from malicious HTML payloads in component names. This vulnerability may lead to stored-xss attacks, allowing attackers to...

7.1CVSS6AI score0.00204EPSS
Exploits0References3
euvd
euvd
added 2025/12/09 6:30 p.m.5 views

EUVD-2025-201864

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Do not share the name pointer between components By sharing 'name' directly, tearing down components may lead to use-after-free errors. Duplicate the name to avoid that. At the same time, update the order of...

6AI score0.00188EPSS
Exploits0References3
nvd
nvd
added 2025/10/07 7:15 p.m.7 views

CVE-2025-61776

Dependency-Track is a component analysis platform that allows organizations to identify and reduce risk in the software supply chain. Prior to version 4.13.5, Dependency-Track may send credentials meant for a private NuGet repository to api.nuget.org via the HTTP Authorization header, and may...

4.7CVSS0.0026EPSS
Exploits0References2
cvelist
cvelist
added 2025/10/07 6:57 p.m.10 views

CVE-2025-61776 Dependency-Track possibly discloses private NuGet repository credentials to api.nuget.org

Dependency-Track is a component analysis platform that allows organizations to identify and reduce risk in the software supply chain. Prior to version 4.13.5, Dependency-Track may send credentials meant for a private NuGet repository to api.nuget.org via the HTTP Authorization header, and may...

4.7CVSS0.0026EPSS
Exploits0References2
cnnvd
cnnvd
added 2025/10/07 12:0 a.m.5 views

Dependency-Track 安全漏洞

Dependency-Track is Dependency-Track's open source suite of intelligent supply chain component analysis platforms for identifying third-party component risks. A security vulnerability exists in Dependency-Track versions prior to 4.13.5, which stems from the possibility of sending private NuGet...

4.7CVSS6.6AI score0.0026EPSS
Exploits0References3
cnvd
cnvd
added 2018/06/15 12:0 a.m.4 views

Open-AudIT Professional Cross-Site Scripting Vulnerability

Open-AudIT Professional is a network discovery and auditing program. The program intelligently scans networks and network devices and provides status reports. A cross-site scripting vulnerability exists in Open-AudIT Professional version 2.1.1. A remote attacker can exploit this vulnerability to...

5.4CVSS5.1AI score0.01179EPSS
Exploits5References1
Rows per page
Query Builder