Lucene search
K

6 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/22 4:26 p.m.6 views

CVE-2026-28735

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate the OAuth token scope on the callback which allows an authenticated Mattermost user to gain access to private repositories via modifying the scope parameter in the GitHub authorization URL...

5.4CVSS5.8AI score0.00138EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.7 views

OpenProject SQL注入漏洞

OpenProject is an open-source web-based project management software. Versions of OpenProject prior to 16.6.9, 17.0.6, 17.1.3, and 17.2.1 have a SQL injection vulnerability. This vulnerability arises from custom field names not being properly cleaned in SQL queries, which can allow SQL injection...

9.1CVSS6AI score0.00269EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/25 7:5 a.m.4 views

CVE-2025-9118 Dataform Path Traversal

A path traversal vulnerability in the NPM package installation process of Google Cloud Dataform allows a remote attacker to read and write files in other customers' repositories via a maliciously crafted package.json file...

10CVSS7AI score0.00625EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/01/24 12:0 a.m.3 views

PT-2023-1347 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 12.9 through 15.3.4 GitLab CE/EE versions 15.4 through 15.4.3 GitLab CE/EE versions 15.5 through 15.5.1 Description: The issue is related to a flaw in the authorization procedure when managing keys and tokens using...

9.4CVSS5.6AI score0.0089EPSS
Exploits0References14
Vulnrichment
Vulnrichment
added 2023/01/12 12:0 a.m.9 views

CVE-2022-46463

An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication. NOTE: the vendor's position is that this "is clearly described in the documentation as a feature."...

7.1AI score0.06237EPSS
Exploits2References3
Prion
Prion
added 2020/09/24 9:15 p.m.16 views

Design/Logic Flaw

Lack of access control in Nakivo Backup & Replication Transporter version 9.4.0.r43656 allows remote users to access unencrypted backup repositories and the Nakivo Controller configuration via a network accessible transporter service. It is also possible to create or delete backup repositories...

7.5CVSS9.2AI score0.01539EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder