Lucene search
K

334 matches found

NVD
NVD
added 2026/06/30 5:16 p.m.10 views

CVE-2026-58170

Vibe-Trading before 0.1.10 builds the proposal file path by joining a caller-supplied proposal identifier onto the broker proposals directory without sanitization agent/src/live/mandate/commit.py. A proposal identifier containing path traversal sequences causes the application to load an...

8.3CVSS0.00416EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/30 3:53 p.m.35 views

CVE-2026-58170 Vibe-Trading < 0.1.10 - Path Traversal in Proposal Identifier Allows Forging Live Trading Mandates

Vibe-Trading before 0.1.10 builds the proposal file path by joining a caller-supplied proposal identifier onto the broker proposals directory without sanitization agent/src/live/mandate/commit.py. A proposal identifier containing path traversal sequences causes the application to load an...

8.3CVSS0.00416EPSS
Exploits0References4
CVE
CVE
added 2026/06/30 3:53 p.m.15 views

CVE-2026-58170

CVE-2026-58170 affects Vibe-Trading

8.3CVSS5.8AI score0.00416EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.10 views

PT-2026-53921

Name of the Vulnerable Software and Affected Versions Vibe-Trading versions prior to 0.1.10 Description The application constructs the proposal file path by joining a caller-supplied proposal identifier to the broker proposals directory without proper sanitization in the...

8.3CVSS5.8AI score0.00416EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.14 views

CVE-2026-9136

A vulnerability was identified in the ShadowAttribute proposal creation workflow. The add action accepted user-controlled ShadowAttribute request data without removing the id field before saving the record. Because the underlying framework treats a supplied primary key as an instruction to update...

8.3CVSS5.2AI score0.00229EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 4:52 p.m.7 views

MINI-RFP7-FH6H-C3XJ

Bulletin has no description...

6.5CVSS5.2AI score0.00248EPSS
Exploits0
NVD
NVD
added 2026/06/04 2:16 p.m.12 views

CVE-2019-25739

GigToDo 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript and HTML code through the proposal description field. Attackers can craft XSS payloads in the createproposal endpoint that execute when administrators or other...

5.4CVSS0.00171EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/04 1:22 p.m.42 views

CVE-2019-25739 GigToDo Freelance Marketplace Script 1.3 Persistent XSS

GigToDo 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript and HTML code through the proposal description field. Attackers can craft XSS payloads in the createproposal endpoint that execute when administrators or other...

5.4CVSS0.00171EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/04 1:22 p.m.7 views

CVE-2019-25739

GigToDo 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript and HTML code through the proposal description field. Attackers can craft XSS payloads in the createproposal endpoint that execute when administrators or other...

6.4CVSS5.7AI score0.00171EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/04 1:22 p.m.11 views

EUVD-2019-20175

GigToDo 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript and HTML code through the proposal description field. Attackers can craft XSS payloads in the createproposal endpoint that execute when administrators or other...

6.4CVSS5.7AI score0.00171EPSS
Exploits0References4
CVE
CVE
added 2026/06/04 1:22 p.m.14 views

CVE-2019-25739

GigToDo 1.3 is affected by a persistent cross-site scripting vulnerability accessible through the create_proposal endpoint, enabling authenticated attackers to inject JavaScript/HTML in the proposal description. When stored proposals are viewed by admins or other users, the payload can execute, p...

5.4CVSS5.7AI score0.00171EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.7 views

GigToDo 跨站脚本漏洞

GigToDo is a freelance service trading platform system developed by GigToDo Inc. Version 1.3 of GigToDo has a cross-site scripting vulnerability. This vulnerability stems from injecting malicious JavaScript and HTML code through the proposal description field, potentially allowing authenticated...

5.4CVSS5.2AI score0.00171EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.15 views

PT-2026-46209

Name of the Vulnerable Software and Affected Versions GigToDo version 1.3 Description A persistent cross-site scripting issue allows authenticated attackers to inject malicious HTML and JavaScript code. This occurs via the proposal description field through the 'create proposal' endpoint. The...

5.4CVSS4.8AI score0.00171EPSS
Exploits0References7
NVD
NVD
added 2026/05/20 8:16 p.m.14 views

CVE-2026-9136

A vulnerability was identified in the ShadowAttribute proposal creation workflow. The add action accepted user-controlled ShadowAttribute request data without removing the id field before saving the record. Because the underlying framework treats a supplied primary key as an instruction to update...

8.3CVSS0.00229EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/20 6:39 p.m.33 views

CVE-2026-9136 Unauthorized ShadowAttribute modification in MISP via client-supplied identifier

A vulnerability was identified in the ShadowAttribute proposal creation workflow. The add action accepted user-controlled ShadowAttribute request data without removing the id field before saving the record. Because the underlying framework treats a supplied primary key as an instruction to update...

8.3CVSS0.00229EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.11 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net/smc: Check ipareaoffset and ipv6prefixescnt when receiving a proposal message. When receiving a proposal message from the server, the fields ipareaoffset and ipv6prefixescnt in the proposal message come from the remote client...

5.5CVSS6.4AI score0.00214EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.11 views

PT-2026-42247

Name of the Vulnerable Software and Affected Versions MISP versions prior to 2.5.38 Description An issue exists in the ShadowAttribute proposal creation workflow where the add action accepts user-controlled request data without removing the id field before saving the record. Since the underlying...

8.3CVSS5.8AI score0.00229EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/16 7:22 p.m.4 views

CVE-2026-32605

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an untrusted peer could crash a validator by publishing a signed tendermint proposal message where signer == validators.numvalidators...

7.5CVSS5.8AI score0.00463EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/14 10:22 p.m.12 views

Decidim amendments can be accepted or rejected by anyone

Impact The vulnerability allows any registered and authenticated user to accept or reject any amendments. The impact is on any users who have created proposals where the amendments feature is enabled. This also elevates the user accepting the amendment as the author of the original proposal as...

7.5CVSS5.8AI score0.00223EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/04/13 8:16 p.m.6 views

CVE-2026-32605

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an untrusted peer could crash a validator by publishing a signed tendermint proposal message where signer == validators.numvalidators...

7.5CVSS0.00463EPSS
Exploits0References4
Rows per page
Query Builder