Lucene search
K

40 matches found

ossf
ossf
added 2026/06/26 3:45 p.m.10 views

Malicious code in react-dynammic-table-component (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d47aff9bb18dcd61350fa86e19d97ddee5ee7c5bdf7f0adea4a685e89d58fa4f [email protected] declares a preinstall lifecycle script node dist/setup.js that runs automatically on npm install. The script...

5.8AI score
Exploits0References1
nessus
nessus
added 2026/06/24 12:0 a.m.9 views

RHEL 9 : Red Hat Ansible Automation Platform 2.6 Product Security Update (Critical) (RHSA-2026:28377)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:28377 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can...

9.6CVSS6AI score0.0037EPSS
Exploits0References5
redhat
redhat
added 2026/06/23 6:53 p.m.9 views

Critical: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Product Security Update

An update is now available for Red Hat Ansible Automation Platform 2.5 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

9.6CVSS5.9AI score0.0037EPSS
Exploits0References2
cve
cve
added 2026/06/19 1:12 p.m.29 views

CVE-2026-44915

CVE-2026-44915 is an Open Redirect vulnerability in Apache APISIX related to the cas-auth plugin in its default configuration. The issue affects Apache APISIX versions 3.0.0 through 3.16.0 and could enable phishing and credential theft. Apache recommends upgrading to version 3.17.0, which contain...

6.1CVSS5.8AI score0.004EPSS
Exploits0References2Affected Software1
cnnvd
cnnvd
added 2026/05/05 12:0 a.m.10 views

Twenty 代码问题漏洞

Twenty is an open-source CRM platform developed by Twenty. Versions of Twenty 1.18.0 and earlier have code vulnerabilities. These vulnerabilities stem from a flaw in the SSRF protection mechanism, which can be bypassed by IPv6 addresses mapped via IPv4. The Node.js URL parser standardizes IPv6...

8.3CVSS5.9AI score0.0024EPSS
Exploits0References2
cvelist
cvelist
added 2026/04/09 8:54 p.m.23 views

CVE-2023-54360 Joomla JLex Review 6.0.1 Reflected XSS via review_id Parameter

Joomla JLex Review 6.0.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the reviewid URL parameter. Attackers can craft malicious links containing JavaScript payloads that execute in victims' browsers when clicked, enablin...

6.1CVSS0.00194EPSS
Exploits0References4
cve
cve
added 2026/03/25 6:6 p.m.22 views

CVE-2026-33720

n8n (open source workflow automation) has a vulnerability in pre-2.8.0 where setting N8N_SKIP_AUTH_ON_OAUTH_CALLBACK=true causes the OAuth callback to skip ownership verification of the OAuth state. An attacker can trick a victim into completing an OAuth flow for a credential the attacker control...

6.3CVSS5.8AI score0.0018EPSS
Exploits0References1Affected Software1
redhatcve
redhatcve
added 2026/02/27 10:14 a.m.5 views

CVE-2026-1693

The OAuth grant type Resource Owner Password Credentials ROPC flow is still used by the werbservices used by the WebVue, WebScheduler, TouchVue and Snapvue features of PcVue in version 12.0.0 through 16.3.3 included despite being deprecated. It might allow a remote attacker to steal user...

7.5CVSS6AI score0.00314EPSS
Exploits0References1
cve
cve
added 2026/02/27 12:0 a.m.30 views

CVE-2025-69437

PublicCMS v5.202506.d and earlier are exposed to a stored XSS flaw in the Pdf handling path. Uploaded PDFs can carry JavaScript payloads that bypass backend checks in CmsFileUtils.java and when viewed by a user can trigger the embedded payload, potentially enabling credential theft and arbitrary ...

8.7CVSS6AI score0.00345EPSS
Exploits1References1Affected Software1
nvd
nvd
added 2026/02/26 8:16 a.m.10 views

CVE-2026-1693

The OAuth grant type Resource Owner Password Credentials ROPC flow is still used by the werbservices used by the WebVue, WebScheduler, TouchVue and Snapvue features of PcVue in version 12.0.0 through 16.3.3 included despite being deprecated. It might allow a remote attacker to steal user...

7.5CVSS0.00314EPSS
Exploits0References1
nvd
nvd
added 2026/02/03 6:16 p.m.9 views

CVE-2020-37115

GUnet OpenEclass 1.7.3 stores user credentials in plaintext, allowing administrators to view all registered users' usernames and passwords without encryption. This vulnerability exposes sensitive information and increases the risk of credential theft and unauthorized access...

7.1CVSS0.00263EPSS
Exploits1References4
attackerkb
attackerkb
added 2026/02/03 4:52 p.m.8 views

CVE-2020-37115

GUnet OpenEclass 1.7.3 stores user credentials in plaintext, allowing administrators to view all registered users' usernames and passwords without encryption. This vulnerability exposes sensitive information and increases the risk of credential theft and unauthorized access...

7.1CVSS5.3AI score0.00263EPSS
Exploits1References4
osv
osv
added 2026/01/15 1:16 p.m.5 views

CVE-2026-22912

Improper validation of a login parameter may allow attackers to redirect users to malicious websites after authentication. This can lead to various risk including stealing credentials from unsuspecting users...

6.1CVSS5.8AI score0.00324EPSS
Exploits0References6
attackerkb
attackerkb
added 2026/01/15 1:3 p.m.3 views

CVE-2026-22912

Improper validation of a login parameter may allow attackers to redirect users to malicious websites after authentication. This can lead to various risk including stealing credentials from unsuspecting users...

6.1CVSS5.5AI score0.00324EPSS
Exploits0References7
vulnrichment
vulnrichment
added 2026/01/15 1:3 p.m.3 views

CVE-2026-22912

Improper validation of a login parameter may allow attackers to redirect users to malicious websites after authentication. This can lead to various risk including stealing credentials from unsuspecting users...

4.3CVSS6.4AI score0.00324EPSS
Exploits0References6
cnnvd
cnnvd
added 2025/11/07 12:0 a.m.3 views

IBM Db2 安全漏洞

IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. An information disclosure vulnerability exists in IBM Db2 that stems from the clpplus command exposing...

4.6CVSS5.8AI score0.00168EPSS
Exploits0References2
cve
cve
added 2025/10/09 9:10 p.m.21 views

CVE-2016-15047

CVE-2016-15047 (AVTECH CloudSetup.cgi): Authenticated OS command injection via the exefile parameter in CloudSetup.cgi. The parameter is passed to system command execution without proper validation/whitelisting, enabling an authenticated attacker to run arbitrary commands as root and potentially ...

8.7CVSS7.4AI score0.03946EPSS
Exploits0References6
vulnrichment
vulnrichment
added 2025/10/07 11:14 p.m.5 views

CVE-2025-61998 OPEXUS FOIAXpress stored XSS via Hyperlink Manager

OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to inject JavaScript or other content as a URL within the Technical Support Hyperlink Manager. Injected content is executed in the context of other users when they click the malicious link. Successful exploitation allows the...

4.8CVSS6.3AI score0.00225EPSS
Exploits0References3
euvd
euvd
added 2025/10/07 12:30 a.m.18 views

EUVD-2009-2503

Malware in sbrugna...

6.9CVSS6.2AI score0.01262EPSS
Exploits1References4
euvd
euvd
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-0014

Malware in sbrugna...

9.8CVSS9.3AI score0.02166EPSS
Exploits0References7
Rows per page
Query Builder