Lucene search
K

19 matches found

CNNVD
CNNVD
added 2026/03/05 12:0 a.m.8 views

Gogs 安全漏洞

Gogs Go Git Service is a Go-based self-service Git hosting service developed by the Gogs team. It supports creating and migrating public/private repositories, as well as adding and removing repository collaborators. Prior to Gogs version 0.14.2, there was a security vulnerability. This...

6.9CVSS7.2AI score0.00254EPSS
Exploits0References4
Snyk
Snyk
added 2026/02/24 12:18 p.m.3 views

Template Injection

Overview apache-airflow is a platform to programmatically author, schedule, and monitor workflows. Affected versions of this package are vulnerable to Template Injection in dagrun.py. A DAG author can execute arbitrary code in the web server context by manipulating the database to inject...

8.4CVSS6.2AI score0.01134EPSS
Exploits0References2
NVD
NVD
added 2026/02/24 10:16 a.m.9 views

CVE-2024-56373

DAG Author who already has quite a lot of permissions could manipulate database of Airflow 2 in the way to execute arbitrary code in the web-server context, which they should normally not be able to do, leading to potentially remote code execution in the context of web-server server-side as a...

8.4CVSS0.01134EPSS
Exploits0References3
CVE
CVE
added 2026/02/24 10:6 a.m.40 views

CVE-2024-56373

Summary of CVE-2024-56373 : Apache Airflow 2.x contains a vulnerability in the log template history mechanism that can allow a user (DAG Author) with existing permissions to manipulate the Airflow database and execute arbitrary code in the web-server context, leading to potential remote code exec...

8.4CVSS6.7AI score0.01134EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/24 10:6 a.m.3 views

CVE-2024-56373 Apache Airflow: SSTI to Code Execution in Airflow through Shared DB Information

DAG Author who already has quite a lot of permissions could manipulate database of Airflow 2 in the way to execute arbitrary code in the web-server context, which they should normally not be able to do, leading to potentially remote code execution in the context of web-server server-side as a...

6.7AI score0.01134EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/05/17 12:17 a.m.19 views

TeamPass stored cross-site scripting (XSS) vulnerability

Multiple stored cross-site scripting XSS vulnerabilities in TeamPass before 2.1.27.9 allow authenticated remote attackers to inject arbitrary web script or HTML via the 1 URL value of an item or 2 user log history. To exploit the vulnerability, the attacker must be first authenticated to the...

5.4CVSS5AI score0.00955EPSS
Exploits1References4Affected Software1
wpexploit
wpexploit
added 2022/01/03 12:0 a.m.510 views

NextScripts: Social Networks Auto-Poster < 4.3.24 - Unauthenticated Stored XSS

The plugin does not sanitise and escape logged requests before outputting them in the related admin dashboard, leading to an Unauthenticated Stored Cross-Site Scripting issue curl -H 'x-tomato: alert/XSS/;' 'https://example.com/?nxs-cronrun=yes' The XSS will be triggered in the Log/History...

6.1CVSS1.2AI score0.01334EPSS
Exploits2References1
Veracode
Veracode
added 2017/11/28 2:53 a.m.21 views

Cross-site Scripting (XSS)

nilsteampassnet/teampass is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary webscript through the URL value of item object or the log history of a user...

5.4CVSS5.5AI score0.00955EPSS
Exploits1References2Affected Software1
CNVD
CNVD
added 2017/11/28 12:0 a.m.6 views

Multiple Cross-Site Scripting Vulnerabilities in TeamPass

TeamPass is a dedicated password manager for Apache, MySQL and PHP. Multiple cross-site scripting vulnerabilities exist in versions of TeamPass prior to 2.1.27.9. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the help of an item's URL value or user l...

5.4CVSS6.1AI score0.00955EPSS
Exploits1References1
Prion
Prion
added 2017/11/27 7:29 p.m.17 views

Cross site scripting

Multiple stored cross-site scripting XSS vulnerabilities in TeamPass before 2.1.27.9 allow authenticated remote attackers to inject arbitrary web script or HTML via the 1 URL value of an item or 2 user log history. To exploit the vulnerability, the attacker must be first authenticated to the...

3.5CVSS5.1AI score0.00955EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2017/11/27 7:29 p.m.29 views

CVE-2017-15051

Multiple stored cross-site scripting XSS vulnerabilities in TeamPass before 2.1.27.9 allow authenticated remote attackers to inject arbitrary web script or HTML via the 1 URL value of an item or 2 user log history. To exploit the vulnerability, the attacker must be first authenticated to the...

5.4CVSS5.2AI score0.00955EPSS
Exploits1References2
OSV
OSV
added 2017/11/27 7:29 p.m.14 views

CVE-2017-15051

Multiple stored cross-site scripting XSS vulnerabilities in TeamPass before 2.1.27.9 allow authenticated remote attackers to inject arbitrary web script or HTML via the 1 URL value of an item or 2 user log history. To exploit the vulnerability, the attacker must be first authenticated to the...

5.4CVSS5.1AI score
Exploits0References2
Cvelist
Cvelist
added 2017/11/27 7:0 p.m.33 views

CVE-2017-15051

Multiple stored cross-site scripting XSS vulnerabilities in TeamPass before 2.1.27.9 allow authenticated remote attackers to inject arbitrary web script or HTML via the 1 URL value of an item or 2 user log history. To exploit the vulnerability, the attacker must be first authenticated to the...

5.6AI score0.00955EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2017/02/01 8:59 p.m.2 views

CVE-2016-3045

IBM Security Access Manager for Web stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history...

4.3CVSS5.5AI score0.00842EPSS
Exploits0References3Affected Software1
The Hacker News
The Hacker News
added 2012/02/02 8:33 a.m.11 views

Glances v1.3.7 released - System monitoring tool for Linux

Glances v1.3.7 released - System monitoring tool for Linux Glances is a system monitoring tool for GNU/Linux distributions. It grabs information from your system and display its in a CLI curses screen.Glances can monitor CPU, average load, memory, network interface, disk IO, file system space and...

6.7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2008/08/01 12:0 a.m.21 views

SuSE 10 Security Update : Subversion (ZYPP Patch Number 5362)

This update of subversion fixes multiple vulnerabilities. - list CVS or SVN commits on 'all-forbidden' files. CVE-2008-1290 - directly access hidden CVSROOT folders. CVE-2008-1291 - expose restricted content via the revision view, the log history, or the diff view. CVE-2008-1292 %NASLMINLEVEL 703...

4.3CVSS5.3AI score0.0137EPSS
Exploits0References6
NVD
NVD
added 2008/03/24 5:44 p.m.22 views

CVE-2008-1292

ViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading 1 forbidden pathnames in the revision view, 2 log history that can only be reached by traversing a forbidden object, or 3...

4.3CVSS6AI score0.0137EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2008/03/21 12:0 a.m.28 views

GLSA-200803-29 : ViewVC: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200803-29 ViewVC: Multiple vulnerabilities Multiple unspecified errors were reportedly fixed by the ViewVC development team. Impact : A remote attacker could send a specially crafted URL to the server to list CVS or SVN commits on...

4.3CVSS5.6AI score0.0137EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2008/03/04 12:0 a.m.13 views

Fedora 7 : viewvc-1.0.5-1.fc7 (2008-2143)

These security issues have been fixed: - omit commits of all-forbidden files from query results - disallow direct URL navigation to hidden CVSROOT folder - strip forbidden paths from revision view - don't traverse log history thru forbidden locations - honor forbiddenness via diff view path...

5.5AI score
Exploits0References2
Rows per page
Query Builder