Lucene search
K

42 matches found

EUVD
EUVD
added 2026/03/12 7:21 p.m.4 views

EUVD-2026-11691

Tolgee is an open-source localization platform. Prior to 3.166.3, the XML parsers used for importing Android XML resources .xml and .resx files don't disable external entity processing. An authenticated user who can import translation files into a project can exploit this to read arbitrary files...

9.3CVSS5.9AI score0.00424EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-12897

Malware in sbrugna...

4.3CVSS4.6AI score0.0161EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2021-30803

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00606EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2019-6089

Malicious code in bioql PyPI...

9CVSS6.9AI score0.11366EPSS
Exploits0References3
Openbugbounty
Openbugbounty
added 2023/08/20 10:7 p.m.13 views

cheeseimporterswarehouse.com Cross Site Scripting vulnerability OBB-3597749

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/03/14 12:0 a.m.40 views

Atlassian Jira < 6.0.5 Multiple Vulnerabilities

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 6.0.5. It is, therefore, affected by multiple vulnerabilities: - A directory traversal in the Importers Plugin which permits remote attackers to create arbitrary files...

4.3CVSS5.6AI score0.02147EPSS
Exploits3References4
WPVulnDB
WPVulnDB
added 2022/02/23 12:0 a.m.234 views

WooCommerce < 6.2.1 - Path Traversal via Importers

The plugin does not properly check for path traversal when importing tax rates. There are limited details at this stage and this advisory will be updated later on...

4.3AI score
Exploits0References2Affected Software1
CNVD
CNVD
added 2022/02/17 12:0 a.m.18 views

Atlassian Jira Server jira-importers-plugin跨站请求伪造漏洞

Atlassian Jira Service is the server version of an IT service desk and request tracking system from Atlassian Australia. Atlassian Jira Server jira-importers-plugin is vulnerable to cross-site request forgery, which stems from jira-importers-plugin being misconfigured with XSRF protection. An...

6.5CVSS5.2AI score0.00606EPSS
Exploits0References1
OSV
OSV
added 2022/02/15 4:15 a.m.3 views

CVE-2021-43941

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify several resources including CsvFieldMappingsPage.jspa and ImporterValueMappingsPage.jspa via a Cross-Site Request Forgery CSRF vulnerability in the jira-importers-plugin. The affected versions are before...

6.5CVSS5.8AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/02/15 3:30 a.m.14 views

CVE-2021-43941

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify several resources including CsvFieldMappingsPage.jspa and ImporterValueMappingsPage.jspa via a Cross-Site Request Forgery CSRF vulnerability in the jira-importers-plugin. The affected versions are before...

7AI score0.00606EPSS
Exploits0References1
NVD
NVD
added 2021/09/22 8:15 p.m.58 views

CVE-2020-23478

Leo Editor v6.2.1 was discovered to contain a regular expression denial of service ReDoS vulnerability in the component plugins/importers/dart.py...

7.5CVSS0.01193EPSS
Exploits1References2
PyPA
PyPA
added 2021/09/22 8:15 p.m.6 views

PYSEC-2021-338

Leo Editor v6.2.1 was discovered to contain a regular expression denial of service ReDoS vulnerability in the component plugins/importers/dart.py...

7.5CVSS7.2AI score0.01193EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2021/09/22 7:23 p.m.65 views

CVE-2020-23478

CVE-2020-23478 affects Leo Editor v6.2.1 with a regular expression Denial of Service (ReDoS) vulnerability in the component plugins/importers/dart.py. The connected documents confirm this root cause but do not provide details on affected versions beyond v6.2.1, exploit methods, impact scope, or a...

7.5CVSS7.3AI score0.01193EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2021/04/15 12:15 a.m.5 views

CVE-2021-26075

The Jira importers plugin AttachTemporaryFile rest resource in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before 8.13.4, and from version 8.14.0 before 8.15.1 allowed remote authenticated attackers to obtain the full path of the Jira application data directory via an...

4.3CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2021/04/15 12:15 a.m.21 views

CVE-2021-26075

The Jira importers plugin AttachTemporaryFile rest resource in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before 8.13.4, and from version 8.14.0 before 8.15.1 allowed remote authenticated attackers to obtain the full path of the Jira application data directory via an...

4.3CVSS0.0161EPSS
Exploits0References1
Prion
Prion
added 2021/04/15 12:15 a.m.19 views

Information disclosure

The Jira importers plugin AttachTemporaryFile rest resource in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before 8.13.4, and from version 8.14.0 before 8.15.1 allowed remote authenticated attackers to obtain the full path of the Jira application data directory via an...

4CVSS4.1AI score0.0161EPSS
Exploits0References1Affected Software4
CVE
CVE
added 2021/04/14 11:45 p.m.103 views

CVE-2021-26075

CVE-2021-26075 affects Atlassian Jira Server/Data Center: the AttachTemporaryFile REST resource allows remote authenticated attackers to disclose the full path of the Jira application data directory via an error message when an invalid filename is provided. Affected versions are before 8.5.12, fr...

4.3CVSS4.3AI score0.0161EPSS
Exploits0References1Affected Software4
Vulnrichment
Vulnrichment
added 2021/04/14 11:45 p.m.15 views

CVE-2021-26075

The Jira importers plugin AttachTemporaryFile rest resource in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before 8.13.4, and from version 8.14.0 before 8.15.1 allowed remote authenticated attackers to obtain the full path of the Jira application data directory via an...

6.1AI score0.0161EPSS
Exploits0References1
Atlassian
Atlassian
added 2021/04/14 2:32 a.m.57 views

Full path information disclose via invalid filename error message - CVE-2021-26075

The Jira importers plugin AttachTemporaryFile rest resource in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before 8.13.4, and from version 8.14.0 before 8.15.1 allowed remote authenticated attackers to obtain the full path of the Jira application data directory via an...

4.3CVSS3.2AI score0.0161EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2021/04/14 2:32 a.m.32 views

Full path information disclose via invalid filename error message - CVE-2021-26075

The Jira importers plugin AttachTemporaryFile rest resource in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before 8.13.4, and from version 8.14.0 before 8.15.1 allowed remote authenticated attackers to obtain the full path of the Jira application data directory via an...

4.3CVSS4.5AI score0.0161EPSS
Exploits0
Rows per page
Query Builder