CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

22 matches found

Github Security Blog•added 2026/06/19 6:31 a.m.•5 views

Canonical MicroCeph: path traversal issue in the remote-import AP

Canonical MicroCeph versions from the squid and tentacle track are vulnerable to a path traversal issue in the remote-import API. Holders of a trusted cluster mTLS certificate such as enrolled cluster members or join token can manipulate files in an imported remote cluster within the...

5CVSS5.9AI score0.00208EPSS

Exploits0References4Affected Software1

OSV•added 2026/06/19 6:31 a.m.•3 views

GHSA-XG3J-C7Q4-F9PH Canonical MicroCeph: path traversal issue in the remote-import AP

5CVSS5.9AI score0.00208EPSS

Exploits0References4

NVD•added 2026/06/19 6:17 a.m.•10 views

CVE-2026-10720

5CVSS0.00208EPSS

Exploits0References1

Cvelist•added 2026/06/19 4:57 a.m.•29 views

CVE-2026-10720 MicroCeph path traversal issue in the remote-import API

5CVSS0.00208EPSS

Exploits0References1

CVE•added 2026/06/19 4:57 a.m.•20 views

CVE-2026-10720

CVE-2026-10720 affects Canonical MicroCeph versions on squid and tentacle tracks. A path traversal in the remote-import API allows holders of a trusted cluster mTLS certificate or a join token to manipulate files inside the imported remote cluster confined at /var/snap/microceph, potentially caus...

5CVSS5.9AI score0.00208EPSS

Exploits0References1

ATTACKERKB•added 2026/06/19 4:57 a.m.•6 views

CVE-2026-10720

5CVSS5.9AI score0.00208EPSS

Exploits0References2Affected Software1

EUVD•added 2026/06/19 4:57 a.m.•9 views

EUVD-2026-37990

5CVSS5.9AI score0.00208EPSS

Exploits0References1

Positive Technologies•added 2026/06/19 12:0 a.m.•16 views

PT-2026-50835

Name of the Vulnerable Software and Affected Versions Canonical MicroCeph versions from the squid and tentacle track Description A path traversal issue exists in the remote-import API. Users possessing a join token or a trusted cluster mTLS certificate, such as enrolled cluster members, can...

5CVSS5.9AI score0.00208EPSS

Exploits0References13

Github Security Blog•added 2026/05/19 7:51 p.m.•12 views

HAX CMS: Denial of Service using Malicious Import Request

Summary The HAX CMS NodeJS application crashes when an authenticated attacker sends a specially crafted site creation request to the createSite endpoint. A single request is sufficient to take the entire application offline, requiring a manual server restart to restore service. Details The...

6.5CVSS5.8AI score0.0024EPSS

Exploits0References3Affected Software1

CVE•added 2026/03/03 12:0 a.m.•10 views

CVE-2021-35486

CVE-2021-35486 affects Nokia IMPACT up to version 19.11.2.10-20210118042150283. The issue is a CSRF vulnerability in the /ui/rest-proxy/entity/import endpoint where neither the X-CSRF-NONCE header nor the CSRF-NONCE cookie is validated, allowing a remote attacker to import and overwrite the entir...

8.1CVSS6AI score0.00187EPSS

Exploits0References3Affected Software1

RedhatCVE•added 2025/05/23 8:41 a.m.•3 views

CVE-2024-23633

Label Studio, an open source data labeling tool had a remote import feature allowed users to import data from a remote web source, that was downloaded and could be viewed on the website. Prior to version 1.10.1, this feature could had been abused to download a HTML file that executed malicious...

6.1CVSS7.1AI score0.00592EPSS

Exploits0References1

OSV•added 2024/01/24 2:21 p.m.•31 views

GHSA-FQ23-G58M-799R Cross-site Scripting Vulnerability on Data Import

Introduction This write-up describes a vulnerability found in Label Studio, a popular open source data labeling tool. The vulnerability affects all versions of Label Studio prior to 1.10.1 and was tested on version 1.9.2.post0. Overview Label Studio had a remote import feature allowed users to...

4.7CVSS5.5AI score0.00592EPSS

Exploits0References7

Github Security Blog•added 2024/01/24 2:21 p.m.•30 views

Cross-site Scripting Vulnerability on Data Import

6.1CVSS7.1AI score0.00592EPSS

Exploits0References7Affected Software1

NVD•added 2024/01/24 12:15 a.m.•27 views

CVE-2024-23633

6.1CVSS5.3AI score0.00592EPSS

Exploits0References4

OSV•added 2024/01/24 12:15 a.m.•10 views

PYSEC-2024-128

6.1CVSS6.3AI score0.00592EPSS

Exploits0References4

Vulnrichment•added 2024/01/23 11:15 p.m.•27 views

CVE-2024-23633 Label Studio XSS Vulnerability on Data Import

4.7CVSS6.9AI score0.00592EPSS

Exploits0References4

Cvelist•added 2024/01/23 11:15 p.m.•37 views

CVE-2024-23633 Label Studio XSS Vulnerability on Data Import

4.7CVSS6.5AI score0.00592EPSS

Exploits0References4

OSV•added 2024/01/23 11:15 p.m.•26 views

CVE-2024-23633 Label Studio XSS Vulnerability on Data Import

4.7CVSS6.3AI score0.00592EPSS

Exploits0References6

CVE•added 2024/01/23 11:15 p.m.•86 views

CVE-2024-23633

CVE-2024-23633 affects Label Studio (open‑source data labeling tool) prior to version 1.10.1. The issue arises in the remote import feature: when a URL is fetched, the server uses the URL’s filename and returns a file via an API, with the response content type determined by the file’s extension (...

6.1CVSS6.3AI score0.00592EPSS

Exploits0References4Affected Software1

Positive Technologies•added 2024/01/23 12:0 a.m.•5 views

PT-2024-19985 · Unknown · Label Studio

Name of the Vulnerable Software and Affected Versions: Label Studio versions prior to 1.10.1 Description: The remote import feature in Label Studio allowed users to import data from a remote web source, which could be abused to download a HTML file that executed malicious JavaScript code in the...

6.1CVSS6.1AI score0.00592EPSS

Exploits0References11

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by