Lucene search
K

154 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 7:27 a.m.5 views

CVE-2024-45190

Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Pipeline Interaction" request...

6.5CVSS7AI score0.00859EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:26 a.m.6 views

CVE-2024-45188

Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "File Content" request...

6.5CVSS7AI score0.00881EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:19 a.m.9 views

CVE-2024-8072

Mage AI allows remote unauthenticated attackers to leak the terminal server command history of arbitrary users...

5.3CVSS7.3AI score0.00595EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2025/03/27 11:15 a.m.4 views

CVE-2025-30895

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in magepeopleteam WpEvently mage-eventpress allows PHP Local File Inclusion.This issue affects WpEvently: from n/a through = 4.2.9...

7.5CVSS7.2AI score0.0075EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2025/03/27 11:15 a.m.6 views

CVE-2025-30887

Missing Authorization vulnerability in magepeopleteam WpEvently mage-eventpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpEvently: from n/a through = 4.2.9...

5.3CVSS7.2AI score0.00346EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/03/12 11:32 a.m.9 views

CVE-2025-2129

A vulnerability was found in Mage AI 0.9.75. It has been classified as problematic. This affects an unknown part. The manipulation leads to insecure default initialization of resource. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability i...

6.3CVSS7.1AI score0.01045EPSS
Exploits1References1
NVD
NVD
added 2025/03/09 8:15 p.m.13 views

CVE-2025-2129

A vulnerability was found in Mage AI 0.9.75. It has been classified as problematic. This affects an unknown part. The manipulation leads to insecure default initialization of resource. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability i...

6.3CVSS0.01045EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/03/09 8:0 p.m.28 views

CVE-2025-2129 Mage AI insecure default initialization of resource

A vulnerability was found in Mage AI 0.9.75. It has been classified as problematic. This affects an unknown part. The manipulation leads to insecure default initialization of resource. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability i...

6.3CVSS0.01045EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/03/09 8:0 p.m.15 views

CVE-2025-2129 Mage AI insecure default initialization of resource

A vulnerability was found in Mage AI 0.9.75. It has been classified as problematic. This affects an unknown part. The manipulation leads to insecure default initialization of resource. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability i...

6.3CVSS7.1AI score0.01045EPSS
Exploits1References4
CVE
CVE
added 2025/03/09 8:0 p.m.83 views

CVE-2025-2129

Mage AI 0.9.75 is associated with an insecure default initialization of a resource (insecure default authentication setup) that could enable a remote attack. Documents describe a network-vector, high attack complexity, and partial confidentiality/integrity/availability impact. The exploitability ...

6.3CVSS5.5AI score0.01045EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/03/09 12:0 a.m.5 views

PT-2025-10456

Name of the Vulnerable Software and Affected Versions: Mage AI version 0.9.75 Description: A vulnerability was found in Mage AI, which has been classified as problematic. The manipulation leads to insecure default initialization of resource. It is possible to initiate the attack remotely. The...

6.3CVSS4.7AI score0.01045EPSS
Exploits1References9
CNNVD
CNNVD
added 2025/03/09 12:0 a.m.5 views

Mage AI 安全漏洞

Mage AI is a Mage open source intelligent program for building, running and managing data pipelines. A security vulnerability exists in Mage AI version 0.9.75 that stems from insecure resource initialization...

6.3CVSS6AI score0.01045EPSS
Exploits1References6
Wolfi
Wolfi
added 2025/02/25 3:16 p.m.16 views

GHSA-7WRW-R4P8-38RX vulnerabilities

Vulnerabilities for packages: pombump, regclient, trino, velero-plugin-for-csi, flannel-cni-plugin, openfga, ip-masq-agent, gitness, dagdotdev, flux-image-automation-controller, bank-vaults, actions-runner-controller, stakater-reloader, sftpgo-plugin-eventsearch, slsa-verifier, hivemind, ini-file...

6.1AI score
Exploits0
NVD
NVD
added 2024/11/18 11:15 p.m.28 views

CVE-2024-52339

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Maximilian Ruthe Mage Front End Forms mage-forms allows Stored XSS.This issue affects Mage Front End Forms: from n/a through = 1.1.4...

6.5CVSS0.00231EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/18 10:15 p.m.14 views

CVE-2024-52339 WordPress Mage Front End Forms plugin <= 1.1.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Mage Cast Mage Front End Forms allows Stored XSS.This issue affects Mage Front End Forms: from n/a through 1.1.4...

6.5CVSS6.8AI score0.00231EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/18 10:15 p.m.26 views

CVE-2024-52339 WordPress Mage Front End Forms plugin <= 1.1.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Maximilian Ruthe Mage Front End Forms mage-forms allows Stored XSS.This issue affects Mage Front End Forms: from n/a through = 1.1.4...

6.5CVSS0.00231EPSS
Exploits0References1
CVE
CVE
added 2024/11/18 10:15 p.m.57 views

CVE-2024-52339

CVE-2024-52339 is a stored cross-site scripting (XSS) vulnerability in the WordPress plugin Mage Front End Forms . Public descriptions state improper input neutralization during page generation, allowing Stored XSS in Mage Front End Forms versions up to and including 1.1.4 (affected range shown a...

6.5CVSS7.2AI score0.00231EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/18 12:0 a.m.5 views

WordPress plugin Mage Front End Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS7.7AI score0.00209EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/18 12:0 a.m.5 views

WordPress plugin Mage Front End Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS7.7AI score0.00231EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/18 12:0 a.m.7 views

PT-2024-35179 · Unknown · Mage Front End Forms

Name of the Vulnerable Software and Affected Versions: Mage Front End Forms versions n/a through 1.1.4 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations: For...

6.5CVSS5.8AI score0.00231EPSS
Exploits0References5
Rows per page
Query Builder