Lucene search
K

257 matches found

CNNVD
CNNVD
added 2025/05/30 12:0 a.m.4 views

ZITADEL 输入验证错误漏洞

ZITADEL is a modern open source alternative to Auth0, Firebase Auth, AWS Cognito, and Keycloak built for the container and serverless era from the Swiss ZITADEL open source. An input validation error vulnerability exists in ZITADEL versions prior to 3.2.2, which stems from a possible manipulation...

8.8CVSS6.3AI score0.00358EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 7:41 a.m.17 views

CVE-2024-37167

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users are able to see backlog items that they should not see. This issue has been patched in Tuleap Community Edition version 15.9.99.97...

4.3CVSS6.9AI score0.00353EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:41 a.m.8 views

CVE-2024-55885

beego is an open-source web framework for the Go programming language. Versions of beego prior to 2.3.4 use MD5 as a hashing algorithm. MD5 is no longer considered secure against well-funded opponents due to its vulnerability to collision attacks. Version 2.3.4 replaces MD5 with SHA256...

7.5CVSS6.8AI score0.00342EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:40 a.m.9 views

CVE-2022-41532

Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /saccoshield/ajax.php?action=deleteplan...

7.2CVSS8.3AI score0.00831EPSS
Exploits1References1
CVE
CVE
added 2025/05/22 8:39 p.m.67 views

CVE-2025-48373

Schule has a client-side RBAC bypass prior to version 1.0.1: the app trusts data.role in the browser to redirect users to panels, allowing an attacker to set data.role to values like “admin” and access restricted areas. The root cause is insecure client-side role handling. Affected: Schule open-s...

9.1CVSS6.5AI score0.00334EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/05/16 11:57 p.m.13 views

MAL-2025-3865 Malicious code in mfe-react-bridge (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4f7835d0f6b232544302030371ac74d4c595860a04736a2ef54259a32993f9c8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7.2AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/05/10 1:15 p.m.6 views

Malicious code in iconnect (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e53aae69656f138607d0de8abe11d4b48ed6156875f07ec0da7485dd776f7158 Packages that seem to be created by a legit bug bounty hunter. Designed to look like created by different organisations, they contain a couple of data...

8.3AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/05/07 8:40 a.m.3 views

Malicious code in @ai-document-translation/ui-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c8c94ea05205ad6ac8c809be2fa22e18fae368f27f1f8bd34048528dc25daa90 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/31 3:58 p.m.9 views

CVE-2025-30155 Tuleap does not enforce read permissions on parent trackers in the REST API

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap does not enforce read permissions on parent trackers in the REST API. This vulnerability is fixed in Tuleap Community Edition 16.5.99.1742392651 and Tuleap Enterprise Edition 16.5-5 and 16.4-8...

4.3CVSS4.5AI score0.00308EPSS
Exploits0References4
CNVD
CNVD
added 2025/03/27 12:0 a.m.7 views

Unspecified vulnerability in Lunary (CNVD-2025-06936)

Lunary is Lunary open source a production toolkit for LLM . Lunary afc5df4 version of a security vulnerability , the vulnerability stems from a flaw in the permission checking mechanism , an attacker can use this vulnerability to cause unauthorized access to sensitive endpoints...

7.3CVSS6.5AI score0.0078EPSS
Exploits1References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/03/14 4:11 p.m.5 views

Malicious code in cryptomus-aurora-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware db5768718bc2c708ec27865d8e381f97ca5fb81b191a946bc786bb0350aaec26 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/06 6:55 p.m.19 views

CVE-2025-27402

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap is missing CSRF protections on tracker fields administrative operations. An attacker could use this vulnerability to trick victims into removing or updating tracker fields. This vulnerability i...

4.6CVSS7AI score0.00154EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2023-4235

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decodedeliverreport function during the SMS decoding...

8.1CVSS6.9AI score0.00936EPSS
Exploits1References3
OSV
OSV
added 2025/03/01 4:13 a.m.4 views

MAL-2025-1647 Malicious code in figma-plugins-and-widgets (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 250144845a9dd4a7a0bea8a44c06f50652890d4ab2f0fb860bb51a5a14ea1a54 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/02/23 6:37 a.m.5 views

Malicious code in erc20-faucet (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b1318f067a3c4a722bc3d70af3c94d47696dc695c07dafc5cac772db0e1b20fd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/01/27 9:36 p.m.3 views

Malicious code in bindbc-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3969ce36d361753fe46f849a0dba26b4548e7c90bec80c86390c47bb429ec9bf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/01/25 4:16 p.m.3 views

Malicious code in casier (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 08fbcdfa482a4508e9f9c2f90db55d75e512d0876a2465d216815c469f07fe52 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/01/24 5:40 a.m.4 views

Malicious code in meta-gateway (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 547b8b6ba1bfaeea42d8fe67ea9de77d254833b3f66166a437ec024f17fe24eb The OpenSSF Package Analysis project identified 'meta-gateway' @ 999.9.9 npm as malicious. It is considered malicious because: - The package...

6.9AI score
Exploits0
OSV
OSV
added 2025/01/24 4:45 a.m.2 views

MAL-2025-461 Malicious code in godaddy-checkout (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 4fc05cc5d0552c5e553e3f25b83917c1f80d321380c8c4243a72a984acda3e6f The OpenSSF Package Analysis project identified 'godaddy-checkout' @ 999.9.9 npm as malicious. It is considered malicious because: - The package...

7.1AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/01/24 4:33 a.m.4 views

Malicious code in coinbase-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f4e4f2061ccb606d0bc83d4dcdce6ed72c6c42f033fa0850cdc08d5e4cb50681 The OpenSSF Package Analysis project identified 'coinbase-test' @ 999.9.9 npm as malicious. It is considered malicious because: - The package...

6.9AI score
Exploits0
Rows per page
Query Builder