Lucene search
K

178 matches found

OSV
OSV
added 2024/12/10 9:15 a.m.6 views

CVE-2024-45709

SolarWinds Web Help Desk was susceptible to a local file read vulnerability. This vulnerability requires the software be installed on Linux and configured to use non-default development/test mode making exposure to the vulnerability very limited...

5.5CVSS5.8AI score0.00498EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/10 8:20 a.m.12 views

CVE-2024-45709 SolarWinds Web Help Desk Local File Read Vulnerability

SolarWinds Web Help Desk was susceptible to a local file read vulnerability. This vulnerability requires the software be installed on Linux and configured to use non-default development/test mode making exposure to the vulnerability very limited...

5.3CVSS6.8AI score0.00498EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/10 8:20 a.m.28 views

CVE-2024-45709 SolarWinds Web Help Desk Local File Read Vulnerability

SolarWinds Web Help Desk was susceptible to a local file read vulnerability. This vulnerability requires the software be installed on Linux and configured to use non-default development/test mode making exposure to the vulnerability very limited...

5.3CVSS0.00498EPSS
Exploits0References2
OSV
OSV
added 2024/12/02 5:26 p.m.1 views

GHSA-9R9M-FFP6-9X4V vue-i18n has cross-site scripting vulnerability with prototype pollution

Vulnerability type XSS Description vue-i18n can be passed locale messages to createI18n or useI18n. we can then translate them using t and $t. vue-i18n has its own syntax for local messages, and uses a message compiler to generate AST. In order to maximize the performance of the translation...

5.3CVSS5.9AI score0.00647EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/11/29 6:32 p.m.20 views

CVE-2024-52809 Cross-site Scripting vulnerability with prototype pollution in vue-i18n

vue-i18n is an internationalization plugin for Vue.js. In affected versions vue-i18n can be passed locale messages to createI18n or useI18n. When locale message ASTs are generated in development mode there is a possibility of Cross-site Scripting attack. This issue has been addressed in versions...

5.3CVSS0.00647EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/11/29 12:0 a.m.5 views

PT-2024-35457 · Vue-I18N · Vue-I18N

Name of the Vulnerable Software and Affected Versions: vue-i18n versions prior to 9.14.2 vue-i18n versions prior to 10.0.5 Description: The issue concerns a Cross-site Scripting XSS attack possibility in vue-i18n, an internationalization plugin for Vue.js. This occurs when locale message ASTs are...

5.3CVSS6.5AI score0.00647EPSS
Exploits0References10
CNNVD
CNNVD
added 2024/11/29 12:0 a.m.4 views

vue-i18n 跨站脚本漏洞

vue-i18n is an application from intlify open source. A cross-site scripting vulnerability exists in vue-i18n, which stems from the fact that vue-i18n can pass locale information to createI18n or useI18n. When generating a locale information AST in development mode, this could lead to a cross-site...

5.3CVSS5.7AI score0.00647EPSS
Exploits0References3
OSV
OSV
added 2024/06/12 2:50 p.m.29 views

CVE-2024-31217 @strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling

Strapi is an open-source content management system. Prior to version 4.22.0, a denial-of-service vulnerability is present in the media upload process causing the server to crash without restarting, affecting either development and production environments. Usually, errors in the application cause ...

5.3CVSS6.5AI score0.00736EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/05/28 12:0 a.m.3 views

PT-2024-40358 · Silverstripe · Silverstripe

Name of the Vulnerable Software and Affected Versions: SilverStripe versions 3.7 through 4.x Description: The issue potentially discloses database connection details when SilverStripe is run in dev mode using the mysqli database driver. To mitigate this, sensitive parts of the connection...

6.5CVSS6.8AI score
Exploits0References7
RedhatCVE
RedhatCVE
added 2023/12/05 6:56 p.m.26 views

CVE-2022-29361

Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body. NOTE: the vendor's position is that this behavior can only occur in unsupported configurations...

9.8CVSS9.3AI score0.07663EPSS
Exploits0References4
OSV
OSV
added 2023/10/04 5:15 p.m.4 views

CVE-2023-20235

A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability exists because Docke...

8.8CVSS5.8AI score0.00509EPSS
Exploits0References1
Veracode
Veracode
added 2023/06/21 10:25 a.m.21 views

Information Exposure

gatsby is vulnerable to Information Exposure. The vulnerability exists due to a lack of local file validation in file-code-frame or original-stack-frame, which allows an attacker to access sensitive information in the system if gatsby is run in development mode...

5.3CVSS6.2AI score0.0091EPSS
Exploits1References5Affected Software1
RedHat Linux
RedHat Linux
added 2023/06/15 9:19 a.m.7 views

angular: XSS vulnerability

A flaw was found in the angular/core package. Affected versions of this package are vulnerable to Cross-site scripting XSS in development, with Server-side rendering SSR enabled...

5.4CVSS5.7AI score0.01053EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/06/15 12:0 a.m.9 views

CVE-2023-21142

In multiple files, there is a possible way to access traces in the dev mode due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12...

5.8AI score0.00083EPSS
Exploits0References1
Hacker One
Hacker One
added 2023/02/15 10:7 a.m.7 views

Malwarebytes: Rails Debug Mode Enabled On ( https://44.208.145.207/testrail/files.md5 )

Summary: A Ruby on Rails web application running in development mode was identified on a Malwarebytes server. The application exposed sensitive system information, including details about middleware components and application root paths, which should not be accessible in a production environment...

7AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 4:17 a.m.6 views

SUSE CVE-2019-5420

A remote code execution vulnerability in development mode Rails 5.2.2.1, 6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit...

8.1CVSS8.2AI score0.92144EPSS
Exploits13References9
SUSE CVE
SUSE CVE
added 2023/02/15 4:1 a.m.2 views

SUSE CVE-2020-8264

In actionpack gem = 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed in another page a specially crafted URL which can allow the attacker to execute JavaScript in the context of the local application. This...

6.1CVSS6.1AI score0.70717EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:26 a.m.2 views

SUSE CVE-2022-29361

Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body. NOTE: the vendor's position is that this behavior can only occur in unsupported configurations...

9.8CVSS9.3AI score0.07663EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/05/25 1:15 a.m.3 views

CVE-2022-29361

Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body. NOTE: the vendor's position is that this behavior can only occur in unsupported configurations...

9.8CVSS7.2AI score0.07663EPSS
Exploits0References3
OSV
OSV
added 2022/05/25 1:15 a.m.10 views

CVE-2022-29361

Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body. NOTE: the vendor's position is that this behavior can only occur in unsupported configurations...

9.8CVSS9.3AI score
Exploits0References2
Rows per page
Query Builder