Lucene search
K

11 matches found

Cvelist
Cvelist
added 2026/01/22 2:20 a.m.23 views

CVE-2026-23992 go-tuf improperly validates the configured threshold for delegations

go-tuf is a Go implementation of The Update Framework TUF. Starting in version 2.0.0 and prior to version 2.3.1, a compromised or misconfigured TUF repository can have the configured value of signature thresholds set to 0, which effectively disables signature verification. This can lead to...

5.9CVSS0.00196EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-2040

Malware in sbrugna...

5.3CVSS5.5AI score0.01171EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/09/27 12:0 a.m.4 views

PT-2025-39700

Name of the Vulnerable Software and Affected Versions Flag Forge versions 2.0.0 through 2.3.0 Description The Flag Forge platform contained a security issue where the /api/resources API endpoint permitted POST and DELETE requests without appropriate authentication or authorization. This allowed...

8.6CVSS6.6AI score0.00346EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2025/05/22 10:10 a.m.10 views

CVE-2019-1010304

Saleor Issue was introduced by merge commit: e1b01bad0703afd08d297ed3f1f472248312cc9c. This commit was released as part of 2.0.0 release is affected by: Incorrect Access Control. The impact is: Important. The component is: ProductVariant type in GraphQL API. The attack vector is: Unauthenticated...

5.3CVSS7AI score0.01171EPSS
Exploits1References1
NVD
NVD
added 2024/07/31 4:15 p.m.41 views

CVE-2024-41950

Haystack is an end-to-end LLM framework that allows you to build applications powered by LLMs, Transformer models, vector search and more. Haystack clients that let their users create and run Pipelines from scratch are vulnerable to remote code executions. Certain Components in Haystack use Jinja...

7.5CVSS0.01171EPSS
Exploits0References6
OSV
OSV
added 2024/07/31 3:50 p.m.23 views

CVE-2024-41950 Insecure Jinja2 templates rendered in Haystack Components can lead to RCE

Haystack is an end-to-end LLM framework that allows you to build applications powered by LLMs, Transformer models, vector search and more. Haystack clients that let their users create and run Pipelines from scratch are vulnerable to remote code executions. Certain Components in Haystack use Jinja...

7.5CVSS7.6AI score0.01171EPSS
Exploits0References8
Patchstack
Patchstack
added 2024/03/12 12:0 a.m.11 views

WordPress Ultimate Posts Widget Plugin < 2.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Ultimate Posts Widget Type Plugin Vulnerable versions 2.3.1 Fixed in 2.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0561 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 4601be1431bf Credits Dmitrii ignatyev...

5.4CVSS6AI score0.00442EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2023/01/20 12:0 a.m.13 views

WordPress User Registration Plugin <= 2.3.0 is vulnerable to Cross Site Scripting (XSS)

Software User Registration Type Plugin Vulnerable versions = 2.3.0 Fixed in 2.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23987 Patch priority Low CVSS severity Low 5.9 Developer Masteriyo PSID 518a23296838 Credits Rio Darmawan Required...

5.9CVSS6AI score0.00392EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2019/07/16 1:15 p.m.19 views

Cross site scripting

Zammad GmbH Zammad 2.3.0 and earlier is affected by: Cross Site Scripting XSS - CWE-80. The impact is: Execute java script code on users browser. The component is: web app. The attack vector is: the victim must open a ticket. The fixed version is: 2.3.1, 2.2.2 and 2.1.3...

4.3CVSS6.1AI score0.01257EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2019/07/15 3:15 p.m.18 views

CVE-2019-1010304

Saleor Issue was introduced by merge commit: e1b01bad0703afd08d297ed3f1f472248312cc9c. This commit was released as part of 2.0.0 release is affected by: Incorrect Access Control. The impact is: Important. The component is: ProductVariant type in GraphQL API. The attack vector is: Unauthenticated...

5.3CVSS5.3AI score0.01171EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/07/15 2:45 p.m.20 views

CVE-2019-1010304

Saleor Issue was introduced by merge commit: e1b01bad0703afd08d297ed3f1f472248312cc9c. This commit was released as part of 2.0.0 release is affected by: Incorrect Access Control. The impact is: Important. The component is: ProductVariant type in GraphQL API. The attack vector is: Unauthenticated...

5.4AI score0.01171EPSS
Exploits1References1
Rows per page
Query Builder