Lucene search
K

46 matches found

Nuclei
Nuclei
added 8 hours ago79 views

Erxes <0.23.0 - Cross-Site Scripting

Erxes before 0.23.0 contains a cross-site scripting vulnerability. The value of topicID parameter is not escaped and is triggered in the enclosing script tag. id: CVE-2021-32853 info: name: Erxes 0.23.0 - Cross-Site Scripting author: dwisiswant0 severity: critical description: Erxes before 0.23.0...

9.6CVSS6.7AI score0.03125EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-54663

Malicious code in bioql PyPI...

5.4CVSS6.4AI score0.0034EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-17795

Malicious code in bioql PyPI...

5.4CVSS6.4AI score0.00366EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-17800

Malicious code in bioql PyPI...

9.8CVSS6.4AI score0.0057EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/06/12 12:18 a.m.21 views

CVE-2024-57189

In Erxes 1.6.2, an authenticated attacker can write to arbitrary files on the system using a Path Traversal vulnerability in the importHistoriesCreate GraphQL mutation handler...

5.4CVSS5.3AI score0.0034EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/06/12 12:18 a.m.12 views

CVE-2024-57190

Erxes 1.6.1 is vulnerable to Incorrect Access Control. An attacker can bypass authentication by providing a "User" HTTP header that contains any user, allowing them to talk to any GraphQL endpoint...

9.8CVSS9.6AI score0.0057EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/06/12 12:18 a.m.5 views

CVE-2024-57186

In Erxes 1.6.2, an unauthenticated attacker can read arbitrary files from the system using a Path Traversal vulnerability in the /read-file endpoint handler...

5.4CVSS5.4AI score0.00366EPSS
Exploits1References1
Veracode
Veracode
added 2025/06/11 7:16 a.m.5 views

Path Traversal

Erxes is vulnerable to a Path Traversal. The vulnerability is due to improper validation in the /read-file endpoint handler, allowing an unauthenticated attacker to read arbitrary files from the system...

5.4CVSS7.1AI score0.00366EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/06/10 6:32 p.m.11 views

Erxes Incorrect Access Control vulnerability

Erxes 1.6.1 is vulnerable to Incorrect Access Control. An attacker can bypass authentication by providing a "User" HTTP header that contains any user, allowing them to talk to any GraphQL endpoint...

9.8CVSS9.7AI score0.0057EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/06/10 6:32 p.m.11 views

Erxes Path Traversal vulnerability

In Erxes 1.6.2, an unauthenticated attacker can read arbitrary files from the system using a Path Traversal vulnerability in the /read-file endpoint handler...

5.4CVSS6.6AI score0.00366EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/06/10 6:32 p.m.15 views

Erxes Path Traversal vulnerability

In Erxes 1.6.2, an authenticated attacker can write to arbitrary files on the system using a Path Traversal vulnerability in the importHistoriesCreate GraphQL mutation handler...

5.4CVSS6.4AI score0.0034EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2025/06/10 6:32 p.m.41 views

GHSA-2977-5PHP-6789 Erxes Path Traversal vulnerability

In Erxes 1.6.2, an authenticated attacker can write to arbitrary files on the system using a Path Traversal vulnerability in the importHistoriesCreate GraphQL mutation handler...

7.1CVSS7AI score0.0034EPSS
Exploits1References4
OSV
OSV
added 2025/06/10 6:32 p.m.5 views

GHSA-RQ9R-QVWG-829Q Erxes Path Traversal vulnerability

In Erxes 1.6.2, an unauthenticated attacker can read arbitrary files from the system using a Path Traversal vulnerability in the /read-file endpoint handler...

8.7CVSS7.2AI score0.00366EPSS
Exploits1References4
OSV
OSV
added 2025/06/10 6:32 p.m.35 views

GHSA-7RHV-XM4Q-WH42 Erxes Incorrect Access Control vulnerability

Erxes 1.6.1 is vulnerable to Incorrect Access Control. An attacker can bypass authentication by providing a "User" HTTP header that contains any user, allowing them to talk to any GraphQL endpoint...

8.7CVSS7.3AI score0.0057EPSS
Exploits1References4
NVD
NVD
added 2025/06/10 5:20 p.m.20 views

CVE-2024-57190

Erxes 1.6.1 is vulnerable to Incorrect Access Control. An attacker can bypass authentication by providing a "User" HTTP header that contains any user, allowing them to talk to any GraphQL endpoint...

9.8CVSS0.0057EPSS
Exploits1References2
NVD
NVD
added 2025/06/10 5:20 p.m.27 views

CVE-2024-57189

In Erxes 1.6.2, an authenticated attacker can write to arbitrary files on the system using a Path Traversal vulnerability in the importHistoriesCreate GraphQL mutation handler...

5.4CVSS0.0034EPSS
Exploits1References2
NVD
NVD
added 2025/06/10 5:19 p.m.10 views

CVE-2024-57186

In Erxes 1.6.2, an unauthenticated attacker can read arbitrary files from the system using a Path Traversal vulnerability in the /read-file endpoint handler...

5.4CVSS0.00366EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/06/10 12:0 a.m.31 views

CVE-2024-57189

In Erxes 1.6.2, an authenticated attacker can write to arbitrary files on the system using a Path Traversal vulnerability in the importHistoriesCreate GraphQL mutation handler...

0.0034EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/06/10 12:0 a.m.10 views

PT-2025-24712 · Erxes · Erxes

Name of the Vulnerable Software and Affected Versions: Erxes versions prior to 1.6.2 Description: The issue allows an authenticated attacker to write to arbitrary files on the system using a Path Traversal vulnerability in the importHistoriesCreate GraphQL mutation handler. Recommendations: For...

7.1CVSS6.4AI score0.0034EPSS
Exploits1References7
CNNVD
CNNVD
added 2025/06/10 12:0 a.m.3 views

erxes 安全漏洞

erxes is an open source Hubspot/Qualtrics alternative to erxes open source. Enabling SaaS providers and digital marketing agencies/developers to create unique experiences for their entire business. A security vulnerability exists in erxes versions prior to 1.6.2 that stems from a path traversal...

5.4CVSS6.5AI score0.00366EPSS
Exploits1References3
Rows per page
Query Builder