Lucene search
+L

164 matches found

OSV
OSV
added 2024/04/10 5:25 p.m.24 views

CVE-2024-31461 Plane Server-Side Request Forgery (SSRF) Vulnerability

Plane, an open-source project management tool, has a Server-Side Request Forgery SSRF vulnerability in versions prior to 0.17-dev. This issue may allow an attacker to send arbitrary requests from the server hosting the application, potentially leading to unauthorized access to internal systems. T...

9.1CVSS6.6AI score0.00667EPSS
Exploits0References8
NCSC
NCSC
added 2024/03/26 12:0 a.m.9 views

Vulnerabilities fixed in MISP

The developers of MISP have fixed vulnerabilities in MISP. The vulnerabilities allow a malicious person to to bypass security measures. The MISP community has released updates to fix the vulnerabilities fixes in MISP. For more information, see: https://github.com/MISP/MISP/commit...

9.8CVSS7AI score0.00816EPSS
Exploits0
CNNVD
CNNVD
added 2024/02/01 12:0 a.m.8 views

Bref Security Breach

Bref is an open source project by Matthieu Napoli Individual Developer that helps you go serverless on AWS using PHP. A security vulnerability exists in versions prior to Bref 2.1.13 that stems from not handling multiple value headers when Bref is used in conjunction with a v2-formatted API gatew...

6.5CVSS6.7AI score0.00426EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2023/11/10 12:0 a.m.18 views

Huawei EulerOS: Security Advisory for file (EulerOS-SA-2023-3171)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS5.8AI score0.00656EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/11/07 12:0 a.m.4 views

Saad Irfan RemoteClinic Security Vulnerability

Saad Irfan RemoteClinic is a Saad Irfan open source application. It provides the ability to remotely manage your clinic via the Web. A security vulnerability exists in RemoteClinic version 2.0, which stems from a SQL injection vulnerability in the parameter ID of the file /medices/stocks.php...

9.8CVSS7.9AI score0.00738EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/10/19 6:28 p.m.15 views

CVE-2023-45826 Authenticated SQL Injection in leantime

Leantime is an open source project management system. A 'userId' variable in app/domain/files/repositories/class.files.php is not parameterized. An authenticated attacker can send a carefully crafted POST request to /api/jsonrpc to exploit an SQL injection vulnerability. Confidentiality is impact...

6.5CVSS7.2AI score0.01872EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2023/09/08 3:36 p.m.19 views

NetExec

!Supported Python versionshttps://img.shields.io/badge/python...

7.8AI score
Exploits0
AlpineLinux
AlpineLinux
added 2023/08/22 7:16 p.m.32 views

CVE-2022-48554

File before 5.43 has an stack-based buffer over-read in filecopystr in funcs.c. NOTE: "File" is the name of an Open Source project...

5.5CVSS7.2AI score0.00656EPSS
Exploits1
NVD
NVD
added 2023/08/22 7:16 p.m.15 views

CVE-2022-48554

File before 5.43 has an stack-based buffer over-read in filecopystr in funcs.c. NOTE: "File" is the name of an Open Source project...

5.5CVSS5.8AI score0.00656EPSS
Exploits1References10
Prion
Prion
added 2023/08/22 7:16 p.m.25 views

Stack overflow

File before 5.43 has an stack-based buffer over-read in filecopystr in funcs.c. NOTE: "File" is the name of an Open Source project...

1.9CVSS5.4AI score0.00656EPSS
Exploits1References10Affected Software2
Debian CVE
Debian CVE
added 2023/08/22 12:0 a.m.66 views

CVE-2022-48554

File before 5.43 has an stack-based buffer over-read in filecopystr in funcs.c. NOTE: "File" is the name of an Open Source project...

5.5CVSS6.9AI score0.00656EPSS
Exploits1
OSV
OSV
added 2023/06/27 7:36 p.m.17 views

CVE-2023-36463 Cross site scripting (XSS) in meldekarten generator

Meldekarten generator is an open source project to create a program, running locally in the browser without the need for an internet-connection, to create, store and print registration cards for volunteers. All text fields on the webpage are vulnerable to XSS attacks. The user input isn't fully...

5.3CVSS5.9AI score0.00389EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2023/05/30 9:34 p.m.9 views

CVE-2023-33961 Leantime Stored Cross-site Scripting Vulnerability

Leantime is a lean open source project management system. Starting in version 2.3.21, an authenticated user with commenting privileges can inject malicious Javascript into a comment. Once the malicious comment is loaded in the browser by a user, the malicious Javascript code executes. As of time ...

8.9CVSS6.9AI score0.00394EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/05/05 12:0 a.m.6 views

bumsys 安全漏洞

bumsys is an open source project called Business Management System by unilogies individual developers. A security vulnerability exists in versions of bumsys prior to 2.1.1, which stems from an api processing endpoint that is allowed to contain local files that can be used to cause remote code...

8.8CVSS8.3AI score0.01914EPSS
Exploits1References3
CNVD
CNVD
added 2023/04/16 12:0 a.m.18 views

Complaint Management System SQL Injection Vulnerability (CNVD-2023-29364)

Complaint Management System is an open source Php project . Used to request a complaint through the online service . Complaint Management System v1.0 version of the SQL injection vulnerability, the vulnerability stems from the component POST Parameter Handler file/users/checkavailability.php to t...

9.8AI score0.00776EPSS
Exploits1Affected Software1
CNNVD
CNNVD
added 2023/04/04 12:0 a.m.3 views

Moby 安全漏洞

Moby is an open source project that aims to drive containerization of software and help the ecosystem mainstream container technology. A security vulnerability exists in Moby version 1.12 and later. Attackers have exploited the vulnerability to cause accidental disclosure of secrets or user data...

6.8CVSS6.9AI score0.00696EPSS
Exploits1References14
OSV
OSV
added 2023/03/24 10:1 p.m.19 views

GHSA-WP72-7HJ9-5265 Remote file existence check vulnerability in `mlflow server` and `mlflow ui` CLIs

Impact Users of the MLflow Open Source Project who are hosting the MLflow Model Registry using the mlflow server or mlflow ui commands using an MLflow version older than MLflow 2.2.1 may be vulnerable to a remote file existence check exploit if they are not limiting who can query their server for...

4.8CVSS4.7AI score0.00578EPSS
Exploits1References6
CNNVD
CNNVD
added 2023/01/17 12:0 a.m.4 views

Trabalho-Web2 SQL注入漏洞

Trabalho-Web2 is an open source project. Trabalho-Web2 suffers from a SQL injection vulnerability. Attackers exploit this vulnerability to cause sql injection...

9.8CVSS6.6AI score0.00659EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/12/09 12:0 a.m.6 views

xrdp 缓冲区错误漏洞

xrdp is an open source remote desktop protocol server from Neutrinolabs Labs. A buffer error vulnerability exists in versions prior to xrdp v0.9.21, which stems from an out-of-bounds read included in the xrdpsecprocessmcsdataCSCORE function...

9.1CVSS7.7AI score0.00729EPSS
Exploits0References7
Android Security Bulletins
Android Security Bulletins
added 2022/12/05 12:0 a.m.21 views

Pixel Update Bulletin—December2022Stay organized with collectionsSave and categorize content based on your preferences.

The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Pixel devices Google devices. For Google devices, security patch levels of 2022-12-05 or later address all issues in this bulletin and all issues in the December 2022 Android...

7.8CVSS8.1AI score0.00755EPSS
Exploits1
Rows per page
Query Builder