Lucene search
K

8 matches found

NVD
NVD
added 6 days ago8 views

CVE-2026-50014

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm passes the lockfile-controlled git resolution.commit value to git fetch without a -- separator or commit-format validation. For git dependencies fetched through the shallow-fetch path, a malicious lockfile can replace the expected...

7.3CVSS0.0018EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/05 2:0 p.m.12 views

EUVD-2026-34839

A vulnerability was detected in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. This affects an unknown function of the file dashboardpage/forms/fetch.php. Performing a manipulation of the argument departmentcode results in...

7.5CVSS5.5AI score0.00284EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/19 2:4 p.m.11 views

EUVD-2026-30940

NGINX JavaScript has a vulnerability when the jsfetchproxy directive is configured with at least one client-controlled NGINX variable for example, $http, $arg, $cookie and a location invoking the ngx.fetch operation from NGINX JavaScript. An unauthenticated attacker can exploit this vulnerability...

9.2CVSS6.3AI score0.00889EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/04 6:55 p.m.8 views

OpenClaw has SSRF guard bypass via IPv6 transition over ISATAP

Summary OpenClaw's SSRF hostname/IP guard did not detect ISATAP embedded IPv4 addresses ...:5efe:w.x.y.z. A crafted URL containing an ISATAP IPv6 literal could embed a private IPv4 target for example loopback and bypass private-address filtering in URL-fetching paths. Severity Assessment Rated...

6AI score
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2025/09/14 1:2 p.m.10 views

CVE-2025-10399 Korzh EasyQuery Query Builder UI fetch sql injection

A weakness has been identified in Korzh EasyQuery up to 7.4.0. This issue affects some unknown processing of the file /api/easyquery/models/nwind/fetch of the component Query Builder UI. This manipulation causes sql injection. The attack may be initiated remotely. The exploit has been made...

6.5CVSS0.00221EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/09/14 12:0 a.m.4 views

Korzh EasyQuery SQL注入漏洞

Korzh EasyQuery is a query builder software from Korzh. A SQL injection vulnerability exists in Korzh EasyQuery 7.4.0 and earlier versions, which stems from improper handling of files/api/easyquery/models/nwind/fetch in the Query Builder UI component, which can lead to SQL injection attacks...

6.5CVSS6.9AI score0.00221EPSS
Exploits0References4
OSV
OSV
added 2022/09/23 11:4 a.m.3 views

OESA-2022-1950 ansible security update

\ Security Fixes: A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the...

7.9CVSS7.5AI score0.00506EPSS
Exploits3References10
OSV
OSV
added 2021/09/24 11:3 a.m.4 views

OESA-2021-1349 ansible security update

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

7.9CVSS7.5AI score0.00506EPSS
Exploits4References12
Rows per page
Query Builder