Lucene search
K

14 matches found

CNNVD
CNNVD
added 2026/04/17 12:0 a.m.9 views

OpenHarness 安全漏洞

OpenHarness is a lightweight development and runtime framework for Data Intelligence Lab@HKU, open source in nature. There is a security vulnerability in OpenHarness; this vulnerability stems from incomplete path normalization in the permission checker, which may lead to access to sensitive files...

8.7CVSS5.8AI score0.0023EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/07 5:9 p.m.17 views

CVE-2026-22682 OpenHarness Improper Access Control via File Tools

OpenHarness prior to commit 166fcfe contains an improper access control vulnerability in built-in file tools due to inconsistent parameter handling in permission enforcement, allowing attackers who can influence agent tool execution to read arbitrary local files outside the intended repository...

8.4CVSS0.00127EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/07 5:9 p.m.6 views

CVE-2026-22682 OpenHarness Improper Access Control via File Tools

OpenHarness prior to commit 166fcfe contains an improper access control vulnerability in built-in file tools due to inconsistent parameter handling in permission enforcement, allowing attackers who can influence agent tool execution to read arbitrary local files outside the intended repository...

8.4CVSS6.2AI score0.00127EPSS
Exploits0References3
CVE
CVE
added 2026/03/25 5:11 p.m.18 views

CVE-2026-33663

Summary: CVE-2026-33663 affects n8n Community Edition. Before versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with the global:member role could exploit chained authorization flaws in the credential pipeline to steal plaintext secrets from generic HTTP credentials (httpBasicAuth, http...

8.5CVSS6AI score0.00392EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-2253

Malware in sbrugna...

4.3CVSS4.7AI score0.00786EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2025/05/22 7:34 p.m.11 views

CVE-2021-28661

Default SilverStripe GraphQL Server aka silverstripe/graphql 3.x through 3.4.1 permission checker not inherited by query subclass...

4.3CVSS6.8AI score0.00786EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2021/10/12 6:49 p.m.37 views

SilverStripe GraphQL Server permission checker not inherited by query subclass.

Default SilverStripe GraphQL Server aka silverstripe/graphql 3.x through 3.4.1 permission checker not inherited by query subclass...

4.3CVSS3.2AI score0.00786EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2021/10/07 3:15 p.m.27 views

CVE-2021-28661

Default SilverStripe GraphQL Server aka silverstripe/graphql 3.x through 3.4.1 permission checker not inherited by query subclass...

4.3CVSS6.8AI score0.00786EPSS
Exploits1References2
NVD
NVD
added 2021/10/07 3:15 p.m.36 views

CVE-2021-28661

Default SilverStripe GraphQL Server aka silverstripe/graphql 3.x through 3.4.1 permission checker not inherited by query subclass...

4.3CVSS0.00786EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2021/10/07 3:15 p.m.3 views

CVE-2021-28661

Default SilverStripe GraphQL Server aka silverstripe/graphql 3.x through 3.4.1 permission checker not inherited by query subclass...

4.3CVSS5.3AI score0.00786EPSS
Exploits1References3
Cvelist
Cvelist
added 2021/10/07 2:6 p.m.37 views

CVE-2021-28661

Default SilverStripe GraphQL Server aka silverstripe/graphql 3.x through 3.4.1 permission checker not inherited by query subclass...

4.9AI score0.00786EPSS
Exploits1References2
CVE
CVE
added 2021/10/07 2:6 p.m.74 views

CVE-2021-28661

The CVE-2021-28661 entry concerns the SilverStripe GraphQL Server (silverstripe/graphql) versions 3.x through 3.4.1, where the permission checker is not inherited by a query subclass. This is identified as a permission-related issue in the GraphQL server component, with the underlying root cause ...

4.3CVSS4.5AI score0.00786EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2021/10/07 12:0 a.m.7 views

PT-2021-17888 · Silverstripe · Silverstripe Graphql Server

Name of the Vulnerable Software and Affected Versions: SilverStripe GraphQL Server versions 3.x through 3.4.1 Description: The issue concerns a permission checker not being inherited by a query subclass in the SilverStripe GraphQL Server. Recommendations: For versions 3.x through 3.4.1, update to...

4.3CVSS4.2AI score0.00786EPSS
Exploits1References12
Friends Of PHP
Friends Of PHP
added 2021/06/07 10:31 p.m.33 views

CVE-2021-28661 Default GraphQL permission checker not inherited by query subclass

More info at https://www.silverstripe.org/download/security-releases/CVE-2021-28661...

4.3CVSS7.2AI score0.00786EPSS
Exploits1Affected Software1
Rows per page
Query Builder