Lucene search
K

168 matches found

OSV
OSV
added 2024/12/19 6:31 p.m.5 views

GHSA-PR98-23F8-JWXV QOS.CH logback-core Expression Language Injection vulnerability

ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core up to and including version 1.5.12 in Java applications allows attackers to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program execution. Malicious...

5.9CVSS7.2AI score0.00404EPSS
Exploits0References5
OSV
OSV
added 2024/12/19 4:15 p.m.6 views

UBUNTU-CVE-2024-12798

ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java applications allows attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program...

5.9CVSS7.2AI score0.00404EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/12/13 12:0 a.m.3 views

ComfyUI_AceNodes 安全漏洞

ComfyUIAceNodes is a utility node for ComfyUI by Kaifeng Xu, a personal developer. A security vulnerability exists in ComfyUIAceNodes, which originates when the entry point function of the ACEExpressionEval node accepts arbitrary user-controlled data, which allows the user to create a workflow th...

10CVSS7.3AI score0.00571EPSS
Exploits0References1
Huntr
Huntr
added 2024/11/15 5:26 a.m.4 views

Lack of unique constraint validation allows overwriting evaluators

Description The application allows the creation of evaluators without enforcing a unique constraint on the combination of projectId and slug. This allows an attacker to overwrite existing data by submitting a POST request with the same slug as an existing evaluator. Since the backend lacks databa...

6.5CVSS6.7AI score0.00535EPSS
Exploits1
Huntr
Huntr
added 2024/11/01 7:13 a.m.3 views

Lack of proper access control on endpoint to delete evaluators

Description The /v1/evaluators/ route allows users to delete evaluators of a project by sending a DELETE request. However, the route lacks proper access control, such as middleware to ensure that only users with appropriate roles can delete evaluator data. The current implementation: Does not...

8.1CVSS8.1AI score0.00508EPSS
Exploits1
CNNVD
CNNVD
added 2024/09/16 12:0 a.m.6 views

Decidim 跨站脚本漏洞

Decidim is an open source participatory democracy framework from Decidim, written in Ruby on Rails. A cross-site scripting vulnerability exists in Decidim versions 0.27.6 and earlier and 0.28.1 and earlier, which stems from a cross-site scripting attack in the administrator panel if an...

6.8CVSS5.8AI score0.00353EPSS
Exploits0References6
Citrix
Citrix
added 2024/07/14 12:0 a.m.7 views

Citrix Virtual Apps and Desktop - Director and Monitor Service

Introduction This article is a summary of the top support articles related to Citrix Director. The most commonly used support articles and guides are below. Director is a monitoring and troubleshooting console for Citrix Virtual Apps and Desktops. Top Knowledge Content Troubleshooting Common...

7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/02/22 12:0 a.m.7 views

PT-2024-14103 · Hertzbeat · Hertzbeat

Name of the Vulnerable Software and Affected Versions: Hertzbeat versions prior to 1.4.1 Description: Hertzbeat is a real-time monitoring system. In CalculateAlarm.java, AviatorEvaluator is used to directly execute the expression function, and no security policy is configured, resulting in...

9.8CVSS7.9AI score0.01309EPSS
Exploits1References8
OSV
OSV
added 2023/10/04 4:15 a.m.1 views

CVE-2023-30692

Improper input validation vulnerability in Evaluator prior to SMR Oct-2023 Release 1 allows local attackers to launch privileged activities...

7.8CVSS5.8AI score0.0019EPSS
Exploits0References1
NVD
NVD
added 2023/10/04 4:15 a.m.21 views

CVE-2023-30692

Improper input validation vulnerability in Evaluator prior to SMR Oct-2023 Release 1 allows local attackers to launch privileged activities...

8.5CVSS8.2AI score0.0019EPSS
Exploits0References1
Prion
Prion
added 2023/10/04 4:15 a.m.24 views

Input validation

Improper input validation vulnerability in Evaluator prior to SMR Oct-2023 Release 1 allows local attackers to launch privileged activities...

4.3CVSS7.4AI score0.0019EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/04 3:2 a.m.11 views

CVE-2023-30692

Improper input validation vulnerability in Evaluator prior to SMR Oct-2023 Release 1 allows local attackers to launch privileged activities...

8.5CVSS6.8AI score0.0019EPSS
Exploits0References1
CVE
CVE
added 2023/10/04 3:2 a.m.61 views

CVE-2023-30692

CVE-2023-30692 affects Samsung SMR Oct-2023 Release 1: Evaluator with improper input validation, enabling local attackers to launch privileged activities. Affected: Evaluator versions prior to SMR Oct-2023 Release 1. Impact: local privilege escalation; exploitation details are not provided in the...

8.5CVSS7.3AI score0.0019EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/10/04 3:2 a.m.18 views

CVE-2023-30692

Improper input validation vulnerability in Evaluator prior to SMR Oct-2023 Release 1 allows local attackers to launch privileged activities...

8.5CVSS8.3AI score0.0019EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/10/04 12:0 a.m.3 views

SAMSUNG Mobile devices security vulnerability

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc. from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices SMR Oct-2023 Release 1 version, which stems from an incorrect input validation vulnerability ...

8.5CVSS6.6AI score0.0019EPSS
Exploits0References2
Amazon
Amazon
added 2023/07/26 12:0 a.m.7 views

Medium: janino

Issue Overview: janino 3.1.9 and earlier are subject to denial of service DOS attacks when using the expression evaluator.guess parameter name method. If the parser runs on user-supplied input, an attacker could supply content that causes the parser to crash due to a stack overflow. CVE-2023-3354...

5.5CVSS5.6AI score0.0033EPSS
Exploits1
OSV
OSV
added 2023/07/12 6:30 p.m.23 views

GHSA-WGVX-9RH5-4G4M Jenkins Benchmark Evaluator Plugin vulnerable to cross-site request forgery

Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL and to check for the existence of directories, .csv, and .ycsb files on the...

8.8CVSS8.7AI score0.00423EPSS
Exploits0References3
OSV
OSV
added 2023/07/12 6:30 p.m.17 views

GHSA-5G87-44P9-V4J7 Jenkins Benchmark Evaluator Plugin missing permission check

Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL and to check for the existence of directories, .csv, and .ycsb files on the...

5.4CVSS5.4AI score0.00422EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/07/12 6:30 p.m.25 views

Jenkins Benchmark Evaluator Plugin vulnerable to cross-site request forgery

Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL and to check for the existence of directories, .csv, and .ycsb files on the...

8.8CVSS6.6AI score0.00423EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/07/12 6:30 p.m.19 views

Jenkins Benchmark Evaluator Plugin missing permission check

Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL and to check for the existence of directories, .csv, and .ycsb files on the...

5.4CVSS6.6AI score0.00422EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder