Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2026/01/07 9:17 a.m.7 views

CVE-2025-1007

In OpenVSX version v0.9.0 to v0.20.0, the /user/namespace/namespace/details API allows a user to edit all namespace details, even if the user is not a namespace Owner or Contributor. The details include: name, description, website, support link and social media links. The same issues existed in...

6.9CVSS6.6AI score0.00473EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-5091

Malicious code in bioql PyPI...

6.9CVSS6.5AI score0.00473EPSS
Exploits1References1
OSV
OSV
added 2025/02/19 9:15 a.m.4 views

CVE-2025-1007

In OpenVSX version v0.9.0 to v0.20.0, the /user/namespace/namespace/details API allows a user to edit all namespace details, even if the user is not a namespace Owner or Contributor. The details include: name, description, website, support link and social media links. The same issues existed in...

5.3CVSS6AI score
Exploits0References1
NVD
NVD
added 2025/02/19 9:15 a.m.8 views

CVE-2025-1007

In OpenVSX version v0.9.0 to v0.20.0, the /user/namespace/namespace/details API allows a user to edit all namespace details, even if the user is not a namespace Owner or Contributor. The details include: name, description, website, support link and social media links. The same issues existed in...

6.9CVSS0.00473EPSS
Exploits1References1
CVE
CVE
added 2025/02/19 8:40 a.m.81 views

CVE-2025-1007

CVE-2025-1007 affects OpenVSX, specifically versions v0.9.0 through v0.20.0. The vulnerability arises in the /user/namespace/{namespace}/details API (and the related /user/namespace/{namespace}/details/logo) where a non-owner/non-contributor user can edit all namespace details (name, description,...

6.9CVSS6.3AI score0.00473EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/02/19 8:40 a.m.11 views

CVE-2025-1007 Improper Authorization in /user/namespace/{namespace}/details

In OpenVSX version v0.9.0 to v0.20.0, the /user/namespace/namespace/details API allows a user to edit all namespace details, even if the user is not a namespace Owner or Contributor. The details include: name, description, website, support link and social media links. The same issues existed in...

6.9CVSS0.00473EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/02/19 12:0 a.m.3 views

Eclipse Open VSX 安全漏洞

Eclipse Open VSX is an open source registry of code extensions for Eclipse open source. A security vulnerability exists in Eclipse Open VSX versions v0.9.0 through v0.20.0, which stems from the /user/namespace/namespace/details API that allows a user to edit all namespace details, even if the use...

6.9CVSS6.7AI score0.00473EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/02/19 12:0 a.m.8 views

PT-2025-7484 · Openvsx · Openvsx

Name of the Vulnerable Software and Affected Versions: OpenVSX versions v0.9.0 through v0.20.0 Description: The issue allows a user to edit all namespace details, including name, description, website, support link, and social media links, even if the user is not a namespace Owner or Contributor...

6.9CVSS6.1AI score0.00473EPSS
Exploits1References8
Rows per page
Query Builder