Lucene search
K

25 matches found

Snyk
Snyk
added 2026/03/09 7:48 p.m.1 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the rendering of user-controlled share metadata fields in the public/index.html template. An attacker can execute arbitrary JavaScript in the context of the application by injecting malicious payloads into...

8.9CVSS5.7AI score0.00347EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-20619

Malware in sbrugna...

7.5CVSS7.6AI score0.01152EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-20621

Malware in sbrugna...

6.1CVSS6.3AI score0.00707EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-20514

Malware in sbrugna...

6.1CVSS6.3AI score0.00707EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-20622

Malware in sbrugna...

5.4CVSS5.5AI score0.00556EPSS
Exploits1References2
Microsoft CVE
Microsoft CVE
added 2025/10/02 6:11 a.m.5 views

An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely

...

7.8CVSS7AI score0.01736EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2025/08/28 2:57 p.m.9 views

Contao discloses sensitive information in the front end search index

Impact Protected content elements that are rendered as fragments are indexed and become publicly available in the front end search. Patches Update to Contao 4.13.56, 5.3.38 or 5.6.1. Workarounds Disable the front end search. For more information If you have any questions or comments about this...

5.3CVSS7AI score0.00266EPSS
Exploits0References5Affected Software2
CNNVD
CNNVD
added 2024/04/27 12:0 a.m.3 views

Techkshetra Info Savsoft Quiz 跨站脚本漏洞

Techkshetra Info Savsoft Quiz is a best-of-breed web application for online quiz or exam systems from Techkshetra Info India. A cross-site scripting vulnerability exists in Techkshetra Info Savsoft Quiz version 6.0, which stems from the parameter categoryname in the file...

4.8CVSS6AI score0.00519EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:21 a.m.3 views

SUSE CVE-2018-20225

An issue was discovered in pip all versions because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not...

7.8CVSS6.8AI score0.01736EPSS
Exploits0References3
OSV
OSV
added 2022/05/14 2:3 a.m.19 views

GHSA-VCM7-88JX-3R39 ThinkPHP SQL Injection vulnerability

ThinkPHP before 5.1.23 allows SQL Injection via the public/index/index/test/index query string...

9.8CVSS9.9AI score0.02113EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2021/11/12 10:15 p.m.2 views

CVE-2021-3840

A dependency confusion vulnerability was reported in the Antilles open-source software prior to version 1.0.1 that could allow for remote code execution during installation due to a package listed in requirements.txt not existing in the public package index PyPi. MITRE classifies this weakness as...

8.8CVSS7.7AI score0.01971EPSS
Exploits0References2
NVD
NVD
added 2021/06/22 3:15 p.m.16 views

CVE-2020-18646

Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component "/public/index.php"...

7.5CVSS0.01524EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/06/22 2:25 p.m.21 views

CVE-2020-18646

Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component "/public/index.php"...

7.2AI score0.01524EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/05/10 12:0 a.m.7 views

NoneCMS 跨站请求伪造漏洞

NoneCMS is a simple and compact open-source content management system that can be used to quickly build corporate sites, personal blogs, and support mobile. A cross-site request forgery vulnerability exists in public/index.php/admin/nav/add.html in NoneCMS version 1.3. An attacker can use this...

6.1CVSS5.5AI score0.00358EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2021/04/15 12:0 a.m.41 views

EulerOS Virtualization 2.9.0 : python-pip (EulerOS-SA-2021-1745)

According to the version of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - DISPUTED An issue was discovered in pip all versions because it installs the version with the highest version number, even if th...

7.8CVSS6.5AI score0.01736EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/04/15 12:0 a.m.40 views

EulerOS Virtualization 2.9.1 : python-pip (EulerOS-SA-2021-1728)

According to the version of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - DISPUTED An issue was discovered in pip all versions because it installs the version with the highest version number, even if th...

7.8CVSS6.5AI score0.01736EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2020/05/14 12:40 p.m.36 views

CVE-2018-20225

A flaw was found in python-pip. The software installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exi...

6.8CVSS2.4AI score0.01736EPSS
Exploits0References4
OSV
OSV
added 2020/05/08 6:15 p.m.1 views

DEBIAN-CVE-2018-20225

An issue was discovered in pip all versions because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not...

7.8CVSS9.1AI score0.01736EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2020/05/08 5:29 p.m.3 views

CVE-2018-20225

An issue was discovered in pip all versions because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not...

5.9AI score0.01736EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2020/05/08 12:0 a.m.2 views

PT-2020-8665 · Pip +1 · Pip +1

Name of the Vulnerable Software and Affected Versions: pip all versions Description: An issue was discovered in pip because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the...

7.8CVSS5.8AI score0.01736EPSS
Exploits0References15
Rows per page
Query Builder