Lucene search
K

104 matches found

RedhatCVE
RedhatCVE
added 2025/05/20 11:16 p.m.14 views

CVE-2025-47945

Donetick an open-source app for managing tasks and chores. Prior to version 0.1.44, the application uses JSON Web Tokens JWT for authentication, but the signing secret has a weak default value. While the responsibility is left to the system administrator to change it, this approach is inadequate...

9.8CVSS6.8AI score0.00575EPSS
Exploits1References1
CVE
CVE
added 2025/05/17 6:36 p.m.85 views

CVE-2025-47945

Donetick is an open‑source task/chores app. Before v0.1.44, it uses JWT authentication with a weak default signing secret, enabling potential full account takeover of any user. The live version confirms the issue. A patch is available in v0.1.44; recommended mitigation is upgrading to 0.1.44 or l...

9.8CVSS9.2AI score0.00575EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/05/17 6:36 p.m.11 views

CVE-2025-47945 Donetick Has Weak Default JWT Secret

Donetick an open-source app for managing tasks and chores. Prior to version 0.1.44, the application uses JSON Web Tokens JWT for authentication, but the signing secret has a weak default value. While the responsibility is left to the system administrator to change it, this approach is inadequate...

9.1CVSS9.2AI score0.00575EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/04/03 12:0 a.m.6 views

Snowbridge 安全漏洞

Snowbridge is an open source application from Snowplow. A security vulnerability exists in Snowbridge that stems from an invalid GTM SS preview header that could lead to infinite event retries...

7.5CVSS6.6AI score0.00393EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/28 12:0 a.m.6 views

Aliconnect 安全漏洞

Aliconnect is an application in the Aliconnect open source. A security vulnerability exists in Aliconnect version 0.0.6, which stems from prototype contamination and could lead to arbitrary code execution...

9.8CVSS7.6AI score0.00719EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/03/28 12:0 a.m.7 views

InvoicePlane 安全漏洞

InvoicePlane is an application from InvoicePlane Open Source. Provides a self-hosted open source application for managing your quotes, invoices, customers and payments. A security vulnerability exists in InvoicePlane 1.6.11 and prior versions that originates from remote code execution...

9.8CVSS7.8AI score0.00632EPSS
Exploits0References2
CNVD
CNVD
added 2025/03/27 12:0 a.m.1 views

LiteLLM Resource Management Error Vulnerability

LiteLLM is a Berri AI open source application. All LLM APIs can be called using the OpenAI format. LiteLLM has a resource management error vulnerability that stems from an insecure parsing of user input in ast.literaleval, which can be exploited by an attacker to cause a denial of service...

7.5CVSS6.9AI score0.00526EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/03 4:1 p.m.26 views

CVE-2025-27417 WeGIA Contains a Stored Cross-Site Scripting (XSS) in 'adicionar_status_atendido.php' via the 'status' parameter

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Stored Cross-Site Scripting XSS vulnerability was identified in the adicionarstatusatendido.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into...

6.4CVSS0.00271EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/02/18 8:38 p.m.31 views

CVE-2025-26605 SQL Injection endpoint 'deletar_cargo.php' parameter 'id_cargo' in WeGIA

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, deletarcargo.php endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access...

9.4CVSS0.00456EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/02/04 12:0 a.m.4 views

Dumb Drop 安全漏洞

Dumb Drop is an open source application from DumbWare. A security vulnerability exists in Dumb Drop that stems from OS command injection and could allow an attacker to remotely execute arbitrary code...

9.5CVSS7.8AI score0.03124EPSS
Exploits0References2
OSV
OSV
added 2025/01/13 11:32 p.m.10 views

CVE-2025-23032 Cross-Site Scripting (XSS) Stored endpoint 'adicionar_escala.php' parameter 'escala' in WeGIA

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting XSS vulnerability was identified in the adicionarescala.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts int...

6.4CVSS5.3AI score0.00273EPSS
Exploits1References4
CNVD
CNVD
added 2024/11/21 12:0 a.m.9 views

Nextcloud Resource Management Error Vulnerability

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud suffers from a resource management error vulnerability that stems from the fact that due to a pre-sent HEAD request, the link reference provider...

6.5CVSS6.6AI score0.00779EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/10/09 12:0 a.m.3 views

ImportDump 安全漏洞

ImportDump is an open source application from Miraheze. A security vulnerability exists in ImportDump, which stems from the fact that a user on another wiki can act as the original wiki requester if the user on the other wiki happens to have the same participant ID as a user on this wiki...

6.4CVSS6.7AI score0.0032EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/10/07 12:0 a.m.6 views

Distro Linux Workbooth 访问控制错误漏洞

Distro Linux Workbooth is an open source application for Distro Linux. An access control error vulnerability exists in Distro Linux Workbooth version v2.5, which originates from allowing privileges to be elevated to the root user via manipulation of network configuration scripts...

7.8CVSS6.7AI score0.00145EPSS
Exploits0References2
OSV
OSV
added 2024/03/25 8:27 p.m.23 views

CVE-2024-29179 phpMyFAQ Stored Cross-site Scripting at File Attachments

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. An attacker with admin privileges can upload an attachment containing JS code without extension and the application will render it as HTML which allows for XSS attacks...

4.3CVSS4.8AI score0.00508EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/03/14 6:37 p.m.35 views

CVE-2024-27301 Privilege Escalation Abusing installer in SupportApp

Support App is an opensource application specialized in managing Apple devices. It's possible to abuse a vulnerability inside the postinstall installer script to make the installer execute arbitrary code as root. The cause of the vulnerability is the fact that the shebang !/bin/zsh is being used...

7.3CVSS7.5AI score0.00321EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/10/12 12:0 a.m.4 views

onpremises Cross-Site Scripting Vulnerability

onpremises is an open source application from Structurizr. A cross-site scripting vulnerability exists in versions prior to onpremises 3194. An attacker could exploit this vulnerability to perform cross-site scripting attacks...

6.1CVSS6.1AI score0.01222EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/09/22 12:0 a.m.5 views

GitHub Enterprise Server Security Vulnerability

GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server that stems from the discovery o...

6.5CVSS6.7AI score0.0059EPSS
Exploits0References6
Cvelist
Cvelist
added 2023/07/13 10:34 p.m.49 views

CVE-2023-37275 System logs spoofable in Auto-GPT via ANSI control sequences

Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. The Auto-GPT command line UI makes heavy use of color-coded print statements to signify different types of system messages to the user, including messages that are crucial for the user to...

3.1CVSS5.2AI score0.00381EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/07/13 10:34 p.m.13 views

CVE-2023-37275 System logs spoofable in Auto-GPT via ANSI control sequences

Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. The Auto-GPT command line UI makes heavy use of color-coded print statements to signify different types of system messages to the user, including messages that are crucial for the user to...

3.1CVSS7.4AI score0.00381EPSS
Exploits0References2
Rows per page
Query Builder