Lucene search
K

138 matches found

Veracode
Veracode
added 2023/02/08 2:15 a.m.21 views

Information Disclosure

github.com/anchore/syft is vulnerable to Information Disclosure. The vulnerability exists due to the SYFTATTESTPASSWORD environment variable in the syft logs leaking when -vv or -vvv are used in the syft command which is any log level = DEBUG and in the attestation or SBOM only when the syft-json...

7.5CVSS7.3AI score0.00791EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2022/12/13 12:0 a.m.36 views

CVE-2022-43996

The csafprovider package before 0.8.2 allows XSS via a crafted CSAF document uploaded as text/html. The endpoint upload allows valid CSAF advisories JSON format to be uploaded with Content-Type text/html and filenames ending in .html. When subsequently accessed via web browser, these advisories a...

5.5AI score0.00454EPSS
Exploits0References1
OSV
OSV
added 2022/12/13 12:0 a.m.28 views

CVE-2022-43996

The csafprovider package before 0.8.2 allows XSS via a crafted CSAF document uploaded as text/html. The endpoint upload allows valid CSAF advisories JSON format to be uploaded with Content-Type text/html and filenames ending in .html. When subsequently accessed via web browser, these advisories a...

5.4CVSS5.3AI score0.00454EPSS
Exploits0References3
Kitploit
Kitploit
added 2022/09/23 11:30 a.m.80 views

SCodeScanner - Stands For Source Code Scanner Where The User Can Scans The Source Code For Finding The Critical Vulnerabilities

SCodeScanner stands for Source Code scanner where the user can scans the source code for finding the Critical Vulnerabilities. The main objective for this scanner is to find the vulnerabilities inside the source code before code gets published in Prod. Features 1. Supported PHP Language 2...

6.1CVSS6.7AI score0.00833EPSS
Exploits10References3
Metasploit
Metasploit
added 2022/07/19 5:42 p.m.401 views

LDAP Query and Enumeration Module

This module allows users to query an LDAP server using either a custom LDAP query, or a set of LDAP queries under a specific category. Users can also specify a JSON or YAML file containing custom queries to be executed using the RUNQUERYFILE action. If this action is specified, then QUERYFILEPATH...

5.8AI score
Exploits0
Fedora
Fedora
added 2022/07/17 1:15 a.m.25 views

[SECURITY] Fedora 35 Update: golang-github-burntsushi-toml-test-0.2.0-11.20210108git9767d20.fc35

Toml-test is a higher-order program that tests other TOML decoders or encoder s. The goal is to make it comprehensive. Tests are divided into two groups: inva lid TOML data and valid TOML data. Decoders that reject invalid TOML data pass invalid TOML tests. Decoders that accept valid TOML data an...

9.3CVSS8.7AI score0.05994EPSS
Exploits4
Prion
Prion
added 2022/07/08 7:15 p.m.13 views

Remote code execution

rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializer: pickle" HTTP header is sent. In other words, although JSON not Pickle is the default data format, an unauthenticated client can cause the data to be processed with unpickle...

7.5CVSS9.6AI score0.45862EPSS
Exploits7References4Affected Software1
Prion
Prion
added 2022/06/02 2:15 p.m.19 views

Open redirect

Google-it is a Node.js package which allows its users to send search queries to Google and receive the results in a JSON format. When using the 'Open in browser' option in versions up to 1.6.2, google-it will unsafely concat the result's link retrieved from google to a shell command, potentially...

9.3CVSS7.9AI score0.01924EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2022/06/01 2:31 p.m.48 views

CVE-2021-34083

Google-it is a Node.js package which allows its users to send search queries to Google and receive the results in a JSON format. When using the 'Open in browser' option in versions up to 1.6.2, google-it will unsafely concat the result's link retrieved from google to a shell command, potentially...

8.2AI score0.01924EPSS
Exploits1References3
Rockylinux
Rockylinux
added 2022/05/10 2:59 p.m.20 views

tlog bug fix and enhancement update

An update is available for tlog. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Tlog is a terminal I/O recording program similar to "script", but used in place ...

1.1AI score
Exploits0
Github Security Blog
Github Security Blog
added 2022/03/10 12:0 a.m.31 views

Exposure of Private Personal Information to an Unauthorized Actor in alextselegidis/easyappointments

The software is a booking management system that has a public form to place bookings, and a private area for the calendar and management of services, users, settings, etc. There is a backend API that allows data manipulation, including listing the appointments for a specific time range. This...

9.1CVSS2.3AI score0.38133EPSS
Exploits7References7Affected Software1
Huntr
Huntr
added 2022/01/30 4:11 p.m.28 views

in alextselegidis/easyappointments

Description The software is a booking management system that has a public form to place bookings, and a private area for the calendar and management of services, users, settings, etc... There is a backend API that allows data manipulation, including listing the appointments for a specific time...

6.4CVSS0.6AI score0.38133EPSS
Exploits7
CNVD
CNVD
added 2021/08/03 12:0 a.m.18 views

MISP Cross-Site Scripting Vulnerability (CNVD-2021-61086)

MISP is an open source software solution. The product is used to collect, store, distribute, and share network security metrics, and has features such as threat network security event analysis and malware analysis. A cross-site scripting vulnerability exists in MISP, which stems from...

5.4CVSS0.8AI score0.00672EPSS
Exploits0References1
OSV
OSV
added 2021/07/30 3:15 p.m.13 views

CVE-2021-37743

app/View/GalaxyElements/ajax/index.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster elements in JSON format...

5.4CVSS5.8AI score0.00672EPSS
Exploits0References1
NVD
NVD
added 2021/07/30 3:15 p.m.13 views

CVE-2021-37743

app/View/GalaxyElements/ajax/index.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster elements in JSON format...

5.4CVSS0.00672EPSS
Exploits0References1
Prion
Prion
added 2021/07/30 3:15 p.m.16 views

Cross site scripting

app/View/GalaxyElements/ajax/index.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster elements in JSON format...

3.5CVSS5.2AI score0.00672EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/07/30 2:9 a.m.14 views

CVE-2021-37743

app/View/GalaxyElements/ajax/index.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster elements in JSON format...

5.4AI score0.00672EPSS
Exploits0References1
Kitploit
Kitploit
added 2021/05/16 9:30 p.m.207 views

DFIR-O365RC - PowerShell Module For Office 365 And Azure AD Log Collection

PowerShell module for Office 365 and Azure AD log collection Module description The DFIR-O365RC PowerShell module is a set of functions that allow the DFIR analyst to collect logs relevant for Office 365 Business Email Compromise investigations. The logs are generated in JSON format and retrieved...

7.2AI score
Exploits0References3
Veracode
Veracode
added 2021/05/14 7:21 a.m.19 views

Information Disclosure

github.com/argoproj/argo-cd is vulnerable to information disclosure. User credentials are printed an error message in JSON format when a user with update permissions to an Application edits the manifest of a Secret resource in the UI with invalid input...

5.9CVSS1.4AI score0.00232EPSS
Exploits0References1Affected Software1
Kitploit
Kitploit
added 2021/04/26 12:30 p.m.567 views

Profil3r - OSINT Tool That Allows You To Find A Person'S Accounts And Emails + Breached Emails

Profil3r is an OSINT tool that allows you to find potential profiles of a person on social networks, as well as their email addresses. This program also alerts you to the presence of a data leak for the found emails. Prerequisite Python 3 Installation git clone...

7.2AI score
Exploits0References1
Rows per page
Query Builder