Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

823 matches found

PyPA
PyPAadded 2023/09/04 6:15 p.m.5 views

PYSEC-2023-168

Vyper is a Pythonic Smart Contract Language. In affected versions the order of evaluation of the arguments of the builtin functions uint256addmod, uint256mulmod, ecadd and ecmul does not follow source order. This behaviour is problematic when the evaluation of one of the arguments produces side...

5.3CVSS6.6AI score0.00087EPSS
Exploits1References4Affected Software1
OSV
OSVadded 2023/09/04 6:15 p.m.11 views

PYSEC-2023-168

Vyper is a Pythonic Smart Contract Language. In affected versions the order of evaluation of the arguments of the builtin functions uint256addmod, uint256mulmod, ecadd and ecmul does not follow source order. This behaviour is problematic when the evaluation of one of the arguments produces side...

5.3CVSS7.1AI score0.00087EPSS
Exploits1References2
OSV
OSVadded 2023/08/30 11:15 p.m.1 views

CVE-2023-23765

An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To exploit this vulnerability, an attacker would need write access to the repository. This vulnerability was reported via the...

6.5CVSS5.8AI score0.00095EPSS
Exploits0References4
CVE
CVEadded 2023/08/30 10:33 p.m.48 views

CVE-2023-23765

CVE-2023-23765 concerns GitHub Enterprise Server. The issue is an incorrect comparison vulnerability that allows commit smuggling by displaying an incorrect diff in a re-opened Pull Request. The exploitation condition requires the attacker to have write access to the affected repository. The avai...

6.5CVSS5.3AI score0.00095EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologiesadded 2023/08/30 12:0 a.m.9 views

PT-2023-19190 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server affected versions not specified Description: An incorrect comparison issue was identified that allows commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To exploit this, an attacker needs...

6.5CVSS6.3AI score0.00095EPSS
Exploits0References7
Prion
Prionadded 2023/08/28 8:15 p.m.20 views

Design/Logic Flaw

Spinnaker is an open source, multi-cloud continuous delivery platform. Log output when updating GitHub status is improperly set to FULL always. It's recommended to apply the patch and rotate the GitHub token used for github status notifications. Given that this would output github tokens to a log...

5CVSS5.1AI score0.00275EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2023/08/28 7:47 p.m.8 views

CVE-2023-39348 Improper log output when using GitHub Status Notifications in spinnaker

Spinnaker is an open source, multi-cloud continuous delivery platform. Log output when updating GitHub status is improperly set to FULL always. It's recommended to apply the patch and rotate the GitHub token used for github status notifications. Given that this would output github tokens to a log...

4CVSS6.7AI score0.00275EPSS
Exploits0References2
Cvelist
Cvelistadded 2023/08/28 7:47 p.m.18 views

CVE-2023-39348 Improper log output when using GitHub Status Notifications in spinnaker

Spinnaker is an open source, multi-cloud continuous delivery platform. Log output when updating GitHub status is improperly set to FULL always. It's recommended to apply the patch and rotate the GitHub token used for github status notifications. Given that this would output github tokens to a log...

4CVSS5.4AI score0.00275EPSS
Exploits0References2
Nextcloud
Nextcloudadded 2023/08/10 7:19 a.m.44 views

Existance of calendars and addressbooks can be checked by unauthenticated users

None...

5.3CVSS5.4AI score0.00824EPSS
Exploits0References2Affected Software1
Prion
Prionadded 2023/07/27 9:15 p.m.16 views

Spoofing

An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff within the GitHub pull request UI. To do so, an attacker would need write access to the repository. This vulnerability affected GitHub Enterprise Server...

5.5CVSS6.9AI score0.00183EPSS
Exploits0References3Affected Software1
Cvelist
Cvelistadded 2023/07/27 8:45 p.m.17 views

CVE-2023-23764 Incorrect comparison vulnerability in GitHub Enterprise Server leading to commit smuggling

An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff within the GitHub pull request UI. To do so, an attacker would need write access to the repository. This vulnerability affected GitHub Enterprise Server...

4.8CVSS7.1AI score0.00183EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2023/07/27 8:45 p.m.15 views

CVE-2023-23764 Incorrect comparison vulnerability in GitHub Enterprise Server leading to commit smuggling

An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff within the GitHub pull request UI. To do so, an attacker would need write access to the repository. This vulnerability affected GitHub Enterprise Server...

4.8CVSS6.7AI score0.00183EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2023/07/25 7:9 a.m.17 views

CVE-2023-34434 Apache InLong: JDBC URL bypassing by allowLoadLocalInfileInPath param

Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could bypass the current logic and achieve arbitrary file reading. To solve it, users are advised to upgrade to Apache InLong's 1.8....

7.5AI score0.00334EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2023/07/25 7:8 a.m.16 views

CVE-2023-34189 Apache InLong: General user can delete and update process

Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could use general users to delete and update the process, which only the admin can operate occurrences. Users are advised to...

6.7AI score0.00128EPSS
Exploits0References2
Github Security Blog
Github Security Blogadded 2023/07/06 9:14 p.m.25 views

Apache InLong Deserialization of Untrusted Data Vulnerability

Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers would bypass the autoDeserialize option filtering by adding blanks. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pic...

7.5CVSS6.8AI score0.00338EPSS
Exploits0References4Affected Software2
OSV
OSVadded 2023/06/30 10:19 p.m.2 views

GHSA-HM9V-VJ3R-R55M PyPDF2 vulnerable to possible Infinite Loop when reading malformed objects

Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. That is, for example, the case if the user extracted metadata from such ...

6.2CVSS7.2AI score0.00096EPSS
Exploits1References6
OSV
OSVadded 2023/06/30 7:15 p.m.2 views

DEBIAN-CVE-2023-36810

pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of t...

6.5CVSS6.8AI score0.00165EPSS
Exploits1References1
NVD
NVDadded 2023/06/27 10:15 p.m.9 views

CVE-2023-36464

pypdf is an open source, pure-python PDF library. In affected versions an attacker may craft a PDF which leads to an infinite loop if parsecontentstream is executed. That is, for example, the case if the user extracted text from such a PDF. This issue was introduced in pull request 969 and resolv...

6.2CVSS6.2AI score0.00025EPSS
Exploits1References3
Prion
Prionadded 2023/06/27 10:15 p.m.14 views

Design/Logic Flaw

pypdf is an open source, pure-python PDF library. In affected versions an attacker may craft a PDF which leads to an infinite loop if parsecontentstream is executed. That is, for example, the case if the user extracted text from such a PDF. This issue was introduced in pull request 969 and resolv...

1.9CVSS5.3AI score0.00025EPSS
Exploits1References3Affected Software2
Cvelist
Cvelistadded 2023/06/27 9:24 p.m.17 views

CVE-2023-36464 Infinite Loop when a comment isn't followed by a character in pypdf

pypdf is an open source, pure-python PDF library. In affected versions an attacker may craft a PDF which leads to an infinite loop if parsecontentstream is executed. That is, for example, the case if the user extracted text from such a PDF. This issue was introduced in pull request 969 and resolv...

6.2CVSS6.3AI score0.00025EPSS
Exploits1References3
Rows per page
Query Builder