Lucene search
K

23 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2019-18838

Malware in sbrugna...

5.5CVSS5.6AI score0.00359EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-27399

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00804EPSS
Exploits1References2
CVE
CVE
added 2025/06/02 11:3 a.m.56 views

CVE-2025-48494

CVE-2025-48494 concerns Gokapi, a self-hosted file sharing server. The issue is a stored XSS vulnerability when using end-to-end encryption: uploading a file with a JavaScript payload in the filename, which is parsed when the upload list is opened. Before version 2.0.0, there was no user-permissi...

5.4CVSS5.7AI score0.0014EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/06/02 12:0 a.m.3 views

PT-2025-23497 · Gokapi · Gokapi

Name of the Vulnerable Software and Affected Versions: Gokapi versions prior to 2.0.0 Description: Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. A stored cross-site scripting issue can be exploited by uploading a file with JavaScript code embedded i...

5.4CVSS5.3AI score0.0014EPSS
Exploits0References11
Cvelist
Cvelist
added 2025/04/16 9:46 p.m.15 views

CVE-2025-32791 Permission policy information leakage in Backstage permission system

The Backstage Scaffolder plugin houses types and utilities for building scaffolder-related modules. A vulnerability in the Backstage permission plugin backend allows callers to extract some information about the conditional decisions returned by the permission policy installed in the permission...

4.3CVSS0.0023EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/16 9:46 p.m.7 views

CVE-2025-32791 Permission policy information leakage in Backstage permission system

The Backstage Scaffolder plugin houses types and utilities for building scaffolder-related modules. A vulnerability in the Backstage permission plugin backend allows callers to extract some information about the conditional decisions returned by the permission policy installed in the permission...

4.3CVSS4.5AI score0.0023EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/20 8:28 a.m.9 views

CVE-2025-0422

An authenticated user in the "bestinformed Web" application can execute commands on the underlying server running the application. Remote Code Execution For this, the user must be able to create "ScriptVars" with the type „script" and preview them by, for example, creating a new "Info". By defaul...

8.6CVSS7.1AI score0.0083EPSS
Exploits1References1
NVD
NVD
added 2023/05/23 8:15 p.m.20 views

CVE-2023-23299

The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirely. A malicious application with specially crafted code and data sections could access restricted CIQ modules, call their functions and disclose sensitive data...

7.5CVSS7.4AI score0.00804EPSS
Exploits1References2
Prion
Prion
added 2023/05/23 8:15 p.m.76 views

Code injection

The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirely. A malicious application with specially crafted code and data sections could access restricted CIQ modules, call their functions and disclose sensitive data...

5CVSS7.4AI score0.00804EPSS
Exploits1References2Affected Software1
Hacker One
Hacker One
added 2023/04/29 10:43 p.m.36 views

Node.js: fs module's file watching is not restricted by --allow-fs-read

The fs module's file watching feature in Deno was not restricted by the --allow-fs-read flag, allowing attackers to watch files they did not have read access to...

5.3CVSS5.8AI score0.0058EPSS
Exploits0
Hacker One
Hacker One
added 2023/04/29 10:18 p.m.69 views

Node.js: fs.openAsBlob() bypasses permission system

The fs.openAsBlob method in Node.js, when used with the --experimental-permission flag, allowed bypassing the permission system and reading files without the required permissions...

7.5CVSS6AI score0.00722EPSS
Exploits0
Hacker One
Hacker One
added 2023/02/17 5:58 p.m.54 views

Node.js: The use of __proto__ in process.mainModule.__proto__.require() bypasses the permission system in Node v19.6.1

The use of proto in process.mainModule.proto.require allowed bypassing the permission system in Node v19.6.1, enabling the loading of unauthorized dependencies...

7.5CVSS7.6AI score0.0105EPSS
Exploits0
Talos Blog
Talos Blog
added 2021/01/27 10:27 a.m.26 views

Vulnerability Spotlight: Multiple vulnerabilities in phpGACL class

Claudio Bozzato of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in the phpGACL class. One of these vulnerabilities also affects OpenEMR, a medical practice management software written in PHP. phpGACL is a PHP library...

2.3AI score
Exploits0
CNVD
CNVD
added 2020/11/05 12:0 a.m.3 views

Moxa MXView installation File Permission System Authorization Issues Vulnerability

Moxa MXView is a software from Moxa Taiwan, China specialized in managing networks. The software can be used to perform operations such as configuration processing for all devices within the network. An authorization issue vulnerability exists in the file permission system in Moxa MXView...

9.3CVSS7.5AI score0.00544EPSS
Exploits1References1
CVE
CVE
added 2019/12/06 10:40 p.m.183 views

CVE-2019-9464

CVE-2019-9464 is a targeted Elevation of Privilege vulnerability in the Android Framework affecting Android 10, caused by an incorrect warning about an app accessing the user’s location in RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java. This could undermine ...

5.5CVSS5.5AI score0.00359EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/08/20 12:0 a.m.27 views

openSUSE Security Update : dosbox (openSUSE-2019-1905)

This update for dosbox fixes the following issues : Security issues fixed : - CVE-2019-7165: Fixed that a very long line inside a bat file would overflow the parsing buffer bnc1140254. - CVE-2019-12594: Added a basic permission system so that a program running inside DOSBox can't access the...

9.8CVSS8.4AI score0.06685EPSS
Exploits1References3
OSV
OSV
added 2019/08/15 3:8 p.m.4 views

OPENSUSE-SU-2019:1920-1 Security update for dosbox

This update for dosbox fixes the following issues: Security issues fixed: - CVE-2019-7165: Fixed that a very long line inside a bat file would overflow the parsing buffer bnc1140254. - CVE-2019-12594: Added a basic permission system so that a program running inside DOSBox can't access the content...

9.8CVSS9.8AI score0.06685EPSS
Exploits1References4
OSV
OSV
added 2019/08/15 9:42 a.m.5 views

OPENSUSE-SU-2019:1905-1 Security update for dosbox

This update for dosbox fixes the following issues: Security issues fixed: - CVE-2019-7165: Fixed that a very long line inside a bat file would overflow the parsing buffer bnc1140254. - CVE-2019-12594: Added a basic permission system so that a program running inside DOSBox can't access the content...

9.8CVSS9.8AI score0.06685EPSS
Exploits1References4
OPENSUSE Linux
OPENSUSE Linux
added 2019/08/15 12:0 a.m.104 views

Security update for dosbox (important)

openSUSE Security Update: Security update for dosbox Announcement ID: openSUSE-SU-2019:1920-1 Rating: important References: 1140254 Cross-References: CVE-2019-12594 CVE-2019-7165 Affected Products: openSUSE Backports SLE-15-SP1 An update that fixes two vulnerabilities is now available. Descriptio...

9.8CVSS10AI score0.06685EPSS
Exploits1References1
Mageia
Mageia
added 2019/07/10 10:44 a.m.42 views

Updated dosbox package fixes security vulnerabilities

Dosbox 0.74-3 is a security release: Fixed that a very long line inside a bat file would overflow the parsing buffer. CVE-2019-7165 by Alexandre Bartel Added a basic permission system so that a program running inside DOSBox can't access the contents of /proc e.g. /proc/self/mem when / or /proc we...

9.8CVSS2.7AI score0.06685EPSS
Exploits1References1
Rows per page
Query Builder