9 matches found
CVE-2025-61776
Dependency-Track is a component analysis platform that allows organizations to identify and reduce risk in the software supply chain. Prior to version 4.13.5, Dependency-Track may send credentials meant for a private NuGet repository to api.nuget.org via the HTTP Authorization header, and may...
CVE-2025-61776 Dependency-Track possibly discloses private NuGet repository credentials to api.nuget.org
Dependency-Track is a component analysis platform that allows organizations to identify and reduce risk in the software supply chain. Prior to version 4.13.5, Dependency-Track may send credentials meant for a private NuGet repository to api.nuget.org via the HTTP Authorization header, and may...
CVE-2025-61776 Dependency-Track possibly discloses private NuGet repository credentials to api.nuget.org
Dependency-Track is a component analysis platform that allows organizations to identify and reduce risk in the software supply chain. Prior to version 4.13.5, Dependency-Track may send credentials meant for a private NuGet repository to api.nuget.org via the HTTP Authorization header, and may...
CVE-2025-61776 Dependency-Track possibly discloses private NuGet repository credentials to api.nuget.org
Dependency-Track is a component analysis platform that allows organizations to identify and reduce risk in the software supply chain. Prior to version 4.13.5, Dependency-Track may send credentials meant for a private NuGet repository to api.nuget.org via the HTTP Authorization header, and may...
Dependency-Track 安全漏洞
Dependency-Track is Dependency-Track's open source suite of intelligent supply chain component analysis platforms for identifying third-party component risks. A security vulnerability exists in Dependency-Track versions prior to 4.13.5, which stems from the possibility of sending private NuGet...
VulnCheck KEV: CVE-2023-37941
If an attacker gains write access to the Apache Superset metadata database, they could persist a specifically crafted Python object that may lead to remote code execution on Superset's web backend. The Superset metadata db is an 'internal' component that is typically only accessible directly by t...
@cisdi/code-editor (>=3.0.0 <=3.3.10), @cisdi/ui-engine-charts (>=3.2.0 <=3.2.4) +32 more potentially affected by CVE-2021-23771 via notevil (>=0.8.1 <=1.3.3)
notevil NPM version =0.8.1, =3.0.0, =3.2.0, =2.9.0, =1.0.1, =1.0.0, =1.0.0, =0.10.0, =1.5.24, =5.0.0, =3.0.0, =5.2.0, =0.0.1, =0.0.50 and more Source cves: CVE-2021-23771 Source advisory: SNYK:JS-NOTEVIL-2385946...
CVE-2021-22099: Server Side Request Forgery in Cloud Controller | Cloud Foundry
Severity Medium Vendor Cloud Foundry Foundation Description Cloud Foundry Cloud Controller component is vulnerable to a Server-Side Request Forgery SSRF vulnerability. A malicious user can use this vulnerability to send HTTP GET requests to any internal component in the CF environment, and also t...
Server side request forgery (ssrf)
An issue was discovered in DigDash 2018R2 before p20200210 and 2019R1 before p20200210. The login page is vulnerable to Server-Side Request Forgery SSRF that allows use of the application as a proxy. Sent to an external server, a forged request discloses application credentials. For a request to ...