Lucene search
+L

14 matches found

NVD
NVD
added 6 days ago9 views

CVE-2026-15526

A flaw has been found in augmnt augments-mcp-server 7.1.0. This issue affects the function scanProjectDeps of the file src/tools/v4/scan-project-deps.ts of the component scanprojectdeps. Executing a manipulation of the argument packageJsonPath can lead to path traversal. The attack can only be...

4.8CVSS0.00137EPSS
Exploits0References6
CVE
CVE
added 6 days ago11 views

CVE-2026-15526

A vulnerability in augmnt augments-mcp-server 7.1.0 affects the function scanProjectDeps (src/tools/v4/scan-project-deps.ts) of the scan_project_deps component. The issue arises from manipulating the argument packageJsonPath, enabling path traversal. The attack is local, and a proof-of-concept/ex...

4.8CVSS5.6AI score0.00137EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-0719

Malicious code in bioql PyPI...

5.3CVSS6.3AI score0.01018EPSS
Exploits1References12
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-2375

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.00846EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/05/24 12:0 a.m.5 views

GitLab Community Edition和GitLab Enterprise Edition 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab Community Edition and GitLab Enterprise...

5.3CVSS6.3AI score0.00366EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2024/03/08 12:0 a.m.21 views

Fedora: Security Advisory for maven-file-management (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS9.2AI score0.02578EPSS
Exploits3References2
Fedora
Fedora
added 2024/03/07 10:33 p.m.19 views

[SECURITY] Fedora 40 Update: maven-file-management-3.1.0-6.fc40

Provides a component for plugins to easily resolve project dependencies...

8.8CVSS6.8AI score0.02578EPSS
Exploits3
Fedora
Fedora
added 2024/03/07 10:33 p.m.26 views

[SECURITY] Fedora 40 Update: maven-dependency-analyzer-1.13.2-6.fc40

Analyzes the dependencies of a project for undeclared or unused artifacts. Warning: Analysis is not done at source but bytecode level, then some cases a re not detected constants, annotations with source-only retention, links in javadoc which can lead to wrong result if they are the only use of a...

8.8CVSS9AI score0.02578EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2024/02/26 6:31 p.m.28 views

CVE-2024-21501

An information exposure flaw was found in the sanitize-html package, when used on the backend with the style attribute allowed. This issue may allow an attacker to enumerate files in the system, including project dependencies, to gather details about the file system structure and dependencies of...

5.3CVSS5.1AI score0.01018EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/02/24 5:0 a.m.41 views

CVE-2024-21501

Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system including project dependencies. An attacker could exploit this vulnerability to gather details abou...

5.3CVSS5.3AI score0.01018EPSS
Exploits1References8
Fedora
Fedora
added 2023/07/04 1:34 a.m.31 views

[SECURITY] Fedora 38 Update: apache-ivy-2.5.1-3.fc38

Apache Ivy is a tool for managing recording, tracking, resolving and reporting project dependencies. It is designed as process agnostic and is not tied to any methodology or structure. while available as a standalone tool, Apache Ivy works particularly well with Apache Ant providing a number of...

9.1CVSS7AI score0.01819EPSS
Exploits0
Prion
Prion
added 2022/03/10 5:45 p.m.21 views

Deserialization of untrusted data

SuiteCRM through 7.12.1 and 8.x through 8.0.1 allows Remote Code Execution. Authenticated users with access to the Scheduled Reports module can achieve this by leveraging PHP deserialization in the emailrecipients property. By using a crafted request, they can create a malicious report, containin...

6.5CVSS8.8AI score0.53235EPSS
Exploits2References2Affected Software1
OSV
OSV
added 2022/03/07 7:6 p.m.18 views

CVE-2022-23940

SuiteCRM through 7.12.1 and 8.x through 8.0.1 allows Remote Code Execution. Authenticated users with access to the Scheduled Reports module can achieve this by leveraging PHP deserialization in the emailrecipients property. By using a crafted request, they can create a malicious report, containin...

8.8CVSS7.2AI score0.53235EPSS
Exploits2References4
Kitploit
Kitploit
added 2017/12/15 8:47 p.m.33 views

CALDERA - Automated Adversary Emulation System

CALDERA is an automated adversary emulation system that performs post-compromise adversarial behavior within enterprise networks. It generates plans during operation using a planning system and a pre-configured adversary model based on the Adversarial Tactics, Techniques & Common Knowledge ATT&CK...

7.6AI score
Exploits0References10
Rows per page
Query Builder