Lucene search
K

4421 matches found

Veracode
Veracode
added 2021/06/04 5:48 a.m.18 views

Information Disclosure

@backstage/techdocs-common is vulnerable to information disclosure. An attacker is able bypass sanitization by uploading documentation content with malicious scripts that would normally be sanitized by the TechDocs frontend, but by tricking a user to visit the content via the TechDocs API, the...

8.1CVSS2.2AI score0.01269EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2021/06/04 2:6 a.m.18 views

Cross-site Scripting (XSS)

Backstage is vulnerable to cross-site scripting. An attacker is able to inject malicious script by embedding the script within an object element of uploaded documentation content, allowing the malicious script to get executed when the same documentation page is visited or the malicious object...

7.3CVSS2.6AI score0.01209EPSS
Exploits0References4Affected Software1
Packet Storm
Packet Storm
added 2021/06/04 12:0 a.m.433 views

Monstra CMS 3.0.4 Remote Code Execution

Exploit Title: Monstra CMS 3.0.4 - Remote Code Execution Authenticated Date: 03.06.2021 Exploit Author: Ron Jost hacker5preme Vendor Homepage: https://monstra.org/ Software Link: https://monstra.org/monstra-3.0.4.zip Version: 3.0.4 Tested on: Ubuntu 20.04 CVE: CVE-2018-6383 Documentation:...

6.5CVSS0.3AI score0.63926EPSS
Exploits8
CVE
CVE
added 2021/06/03 10:0 p.m.95 views

CVE-2021-32662

In CVE-2021-32662, the npm package @backstage/techdocs-common (versions before 0.6.3) is affected by a path traversal vulnerability via mkdocs.yml: an attacker who can modify docs_dir in the documentation source and access the TechDocs backend could read sensitive files from the build environment...

6.5CVSS6.2AI score0.0128EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2021/06/03 10:0 p.m.18 views

CVE-2021-32662 TechDocs mkdocs.yml path traversal

Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. In @backstage/techdocs-common versions prior to 0.6.3, a malicious actor could read sensitive files from the environment where TechDocs documentation is buil...

6.5CVSS6.4AI score0.0128EPSS
Exploits0References3
Fedora
Fedora
added 2021/06/03 1:1 a.m.60 views

[SECURITY] Fedora 33 Update: python-pillow-7.2.0-6.fc33

Python image processing library, fork of the Python Imaging Library PIL This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are four subpackages: tk tk interface, qt PIL image wrapper for Qt , devel developme...

9.1CVSS1.4AI score0.02876EPSS
Exploits0
Circl
Circl
added 2021/06/03 12:39 a.m.18 views

CVE-2020-11978

creationtimestamp| type| source ---|---|--- 2021-06-03 00:39:25+00:00| seen| https://t.me/pwnwikizhchannel/579 2023-06-14 21:10:04+00:00| seen| MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123 2023-09-18 22:16:38+00:00| seen|...

8.8CVSS7.3AI score0.99118EPSS
In wildExploits9References8
Code423n4
Code423n4
added 2021/06/02 12:0 a.m.3 views

Violation of implicit constraints in batched operations may break protocol assumptions

Handle 0xRajeev Vulnerability details Impact The Ladle batching of operations is a complex task as noted by the project lead which has implicit constraints on what operations can be bundled together in a batch, which operations can/have-to appear how many times and in what order/sequence etc. Som...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2021/06/02 12:0 a.m.216 views

GetSimple CMS 3.3.4 - Information Disclosure

Exploit Title: GetSimple CMS 3.3.4 - Information Disclosure Date 01.06.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: http://get-simple.info/ Software Link: https://github.com/GetSimpleCMS/GetSimpleCMS/archive/refs/tags/v3.3.4.zip Version: 3.3.4 CVE: CVE-2014-8722 Documentation:...

7.5CVSS7AI score0.14374EPSS
Exploits4
OSV
OSV
added 2021/05/27 12:15 a.m.1 views

DEBIAN-CVE-2021-3509

A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS.The...

6.1CVSS6.6AI score0.017EPSS
Exploits1References1
OSV
OSV
added 2021/05/27 12:15 a.m.1 views

UBUNTU-CVE-2021-3509

A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS.The...

6.1CVSS6.6AI score0.017EPSS
Exploits1References5
Packet Storm
Packet Storm
added 2021/05/27 12:0 a.m.212 views

CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded System Passwords

KL-001-2021-003: CommScope Ruckus IoT Controller Hard-coded System Passwords Title: CommScope Ruckus IoT Controller Hard-coded System Passwords Advisory ID: KL-001-2021-003 Publication Date: 2021.05.26 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2021-003.txt 1. Vulnerabilit...

0.5AI score0.02304EPSS
Exploits4
OSV
OSV
added 2021/05/26 9:15 p.m.6 views

CVE-2020-25634

A flaw was found in Red Hat 3scale’s API docs URL, where it is accessible without credentials. This flaw allows an attacker to view sensitive information or modify service APIs. Versions before 3scale-2.10.0-ER1 are affected...

5.4CVSS5.8AI score
Exploits0References1
Fedora
Fedora
added 2021/05/26 1:0 a.m.25 views

[SECURITY] Fedora 34 Update: composer-2.0.13-1.fc34

Composer helps you declare, manage and install dependencies of PHP projects, ensuring you have the right stack everywhere. Documentation: https://getcomposer.org/doc/...

6.5CVSS0.5AI score0.04849EPSS
Exploits1
CNNVD
CNNVD
added 2021/05/26 12:0 a.m.4 views

Red Hat 访问控制错误漏洞

Red Hat is an operating system from the American company Red Hat, Inc. It provides an open source operating system. A security vulnerability exists in the API documentation URL for Red Hat 3scale, which stems from access without credentials. An attacker could use the vulnerability to view sensiti...

5.5CVSS5.8AI score0.00517EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/05/26 12:0 a.m.7 views

PT-2021-11165 · Red Hat · Red Hat 3Scale

Name of the Vulnerable Software and Affected Versions: Red Hat 3scale versions prior to 3scale-2.10.0-ER1 Description: A flaw was found in Red Hat 3scale’s API documentation URL, allowing access without credentials. This issue enables an attacker to view sensitive information or modify service...

5.5CVSS5.3AI score0.00517EPSS
Exploits0References2
Photon
Photon
added 2021/05/25 12:0 a.m.40 views

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0391

An update of 'libmspack', 'gnutls', 'bindutils' packages of Photon OS has been released...

7.5CVSS0.9AI score0.83406EPSS
Exploits1
Oracle linux
Oracle linux
added 2021/05/25 12:0 a.m.35 views

raptor2 security and bug fix update

2.0.15-16 - Resolves: rhbz1900904 CVE-2020-25713 raptor2: malformed input file can lead to a segfault 2.0.15-15 - Resolves: rhbz1896534 CVE-2017-18926 raptor: heap-based buffer overflow 2.0.15-14 - Resolves: rhbz1896340 Suppress documentation in Flatpak builds...

7.1CVSS2.2AI score0.03079EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2021/05/24 1:4 p.m.70 views

Moderate: Red Hat Security Advisory: Release of OpenShift Serverless 1.14.1 security update

An update for openshift-serverless-1-kn-cli-artifacts-rhel8-container, openshift-serverless-1-knative-rhel8-operator-container, and openshift-serverless-1-serverless-operator-bundle-container is now available for Openshift Serveless 1.14. Red Hat Product Security has rated this update as having a...

7.5CVSS7.1AI score0.06497EPSS
Exploits0References5
Kitploit
Kitploit
added 2021/05/23 12:30 p.m.100 views

SQLFluff - A SQL Linter And Auto-Formatter For Humans

SQLFluff is a dialect-flexible and configurable SQL linter. Designed with ELT applications in mind, SQLFluff also works with jinja templating and dbt. SQLFluff will auto-fix most linting errors, allowing you to focus your time on what matters. Getting Started To get started, install the package a...

7.8AI score
Exploits0References4
Rows per page
Query Builder