Lucene search
+L

35 matches found

euvd
euvd
added 2025/10/03 8:7 p.m.9 views

EUVD-2024-0744

Malicious code in bioql PyPI...

7.4CVSS6.2AI score0.00791EPSS
Exploits0References11
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-2253

Malicious code in bioql PyPI...

5.4CVSS6.3AI score0.00341EPSS
Exploits0References6
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-1946

Malicious code in bioql PyPI...

8.1CVSS6.8AI score0.00816EPSS
Exploits0References7
euvd
euvd
added 2025/10/03 8:7 p.m.9 views

EUVD-2024-3017

Malicious code in bioql PyPI...

7.1CVSS6.3AI score0.004EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2024/11/13 4:21 p.m.12 views

CVE-2024-45594 Decidim allows cross-site scripting (XSS) in the online or hybrid meeting embeds

Decidim is a participatory democracy framework. The meeting embeds feature used in the online or hybrid meetings is subject to potential XSS attack through a malformed URL. This vulnerability is fixed in 0.28.3 and 0.29.0...

7.7CVSS6AI score0.00243EPSS
Exploits0References1
cve
cve
added 2024/11/13 4:21 p.m.56 views

CVE-2024-45594

CVE-2024-45594 affects the Decidim framework, specifically the online/hybrid meeting embeds feature. A cross-site scripting (XSS) flaw can be triggered via a malformed URL in the meeting embeds code. The vulnerability is fixed in Decidim releases 0.28.3 and 0.29.0. If you use decidim-meetings, up...

7.7CVSS7.2AI score0.00243EPSS
Exploits0References1Affected Software1
nvd
nvd
added 2024/10/01 3:15 p.m.45 views

CVE-2024-41673

Decidim is a participatory democracy framework. The version control feature used in resources is subject to potential XSS attack through a malformed URL. This vulnerability is fixed in 0.27.8...

7.1CVSS0.004EPSS
Exploits0References2
cve
cve
added 2024/10/01 2:58 p.m.50 views

CVE-2024-41673

CVE-2024-41673 affects the Decidim framework; a cross-site scripting (XSS) vulnerability exists in the version-control feature used for resources. The issue is observable across multiple Decidim components referenced in connected docs (e.g., decidim-debates, decidim-initiatives, decidim-proposals...

7.1CVSS6.5AI score0.004EPSS
Exploits0References2
osv
osv
added 2024/10/01 2:58 p.m.26 views

CVE-2024-41673 Decidim has a cross-site scripting vulnerability in the version control page

Decidim is a participatory democracy framework. The version control feature used in resources is subject to potential XSS attack through a malformed URL. This vulnerability is fixed in 0.27.8...

7.1CVSS6AI score0.004EPSS
Exploits0References4
cve
cve
added 2024/09/16 6:38 p.m.55 views

CVE-2024-32034

Summary: CVE-2024-32034 is a cross-site scripting (XSS) vulnerability in the Decidim admin activity log when an admin assigns a valuator to a proposal or performs an action that creates an admin log with an XSS payload. Affected versions: Decidim before 0.27.7 and before 0.28.2 (with fixes in 0.2...

6.8CVSS5.5AI score0.00353EPSS
Exploits0References5Affected Software1
nvd
nvd
added 2024/07/10 7:15 p.m.31 views

CVE-2024-27095

Decidim is a participatory democracy framework. The admin panel is subject to potential XSS attach in case the attacker manages to modify some records being uploaded to the server. This vulnerability is fixed in 0.27.6 and 0.28.1...

5.4CVSS0.00341EPSS
Exploits0References3
nvd
nvd
added 2024/07/10 7:15 p.m.50 views

CVE-2024-27090

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. If an attacker can infer the slug or URL of an unpublished or private resource, and this resource can be embbeded such as a...

5.3CVSS0.00492EPSS
Exploits0References4
cve
cve
added 2024/07/10 7:10 p.m.61 views

CVE-2024-32469

Decidim core/package suffers an XSS vulnerability in pagination via the GET parameter per_page. Affected versions include older Decidim releases; the issue is mitigated by upgrading to at least 0.27.6 or 0.28.1 (or higher). Public docs from Red Hat, GitHub advisories, and CVE references confirm t...

7.1CVSS6.5AI score0.00417EPSS
Exploits0References3
cvelist
cvelist
added 2024/07/10 6:25 p.m.68 views

CVE-2024-27090 Decidim vulnerable to data disclosure through the embed feature

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. If an attacker can infer the slug or URL of an unpublished or private resource, and this resource can be embbeded such as a...

5.3CVSS0.00492EPSS
Exploits0References4
cve
cve
added 2024/07/10 6:25 p.m.90 views

CVE-2024-27090

CVE-2024-27090 affects the Decidim framework (Ruby on Rails). A vulnerability exists where an attacker who can infer the slug or URL of an unpublished/private resource that is embeddable (e.g., a Participatory Process, Assembly, Proposal, Result) could access data from that resource. The issue is...

5.3CVSS5AI score0.00492EPSS
Exploits0References4
osv
osv
added 2024/07/10 6:25 p.m.33 views

CVE-2024-27090 Decidim vulnerable to data disclosure through the embed feature

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. If an attacker can infer the slug or URL of an unpublished or private resource, and this resource can be embbeded such as a...

5.3CVSS6.5AI score0.00492EPSS
Exploits0References6
nvd
nvd
added 2024/02/29 1:41 a.m.8 views

CVE-2023-47634

Decidim is a participatory democracy framework. Starting in version 0.10.0 and prior to versions 0.26.9, 0.27.5, and 0.28.0, a race condition in the endorsement of resources for instance, a proposal allows a user to make more than once endorsement. To exploit this vulnerability, the request to se...

3.1CVSS3.7AI score0.00444EPSS
Exploits0References4
nvd
nvd
added 2024/02/20 6:15 p.m.35 views

CVE-2023-48220

Decidim is a participatory democracy framework. Starting in version 0.4.rc3 and prior to version 2.0.9 of the deviseinvitable gem, the invites feature allows users to accept the invitation for an unlimited amount of time through the password reset functionality. This issue creates vulnerable...

7.4CVSS5.6AI score0.00791EPSS
Exploits0References9
nvd
nvd
added 2024/02/20 6:15 p.m.38 views

CVE-2023-51447

Decidim is a participatory democracy framework. Starting in version 0.27.0 and prior to versions 0.27.5 and 0.28.0, the dynamic file upload feature is subject to potential cross-site scripting attacks in case the attacker manages to modify the file names of the records being uploaded to the serve...

6.3CVSS6AI score0.00493EPSS
Exploits0References6
prion
prion
added 2024/02/20 6:15 p.m.18 views

Cross site request forgery (csrf)

Decidim is a participatory democracy framework. Starting in version 0.23.0 and prior to versions 0.27.5 and 0.28.0, the CSRF authenticity token check is disabled for the questionnaire templates preview. The issue does not imply a serious security thread as you need to have access also to the...

2.8CVSS7.3AI score0.00313EPSS
Exploits0References8
Rows per page
Query Builder