Lucene search
K

20 matches found

Tenable Nessus
Tenable Nessus
added 2026/04/14 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2026-2726

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have...

4.3CVSS5.9AI score0.00194EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/27 7:29 p.m.5 views

CVE-2026-27707

Seerr is an open-source media request and discovery manager for Jellyfin, Plex, and Emby. Starting in version 2.0.0 and prior to version 3.1.0, an authentication guard logic flaw in POST /api/v1/auth/jellyfin allows an unauthenticated attacker to register a new Seerr account on any Plex-configure...

9.8CVSS5.9AI score0.00506EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2025/10/14 4:35 a.m.1 views

EUVD-2025-34130

Malicious code in company-request-access npm...

6.6AI score
Exploits0References1
Snyk
Snyk
added 2025/10/14 4:35 a.m.1 views

Malicious Package

Overview company-request-access is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

9.8CVSS6.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/10/14 3:47 a.m.4 views

Malicious code in company-request-access (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e49052755a86ef81d8b6c55e055db2639127cd68573b30d2725ed12e8e0d61ea Any computer that has this package installed or running should be considered...

6.8AI score
Exploits0References1
OSV
OSV
added 2025/10/14 3:47 a.m.1 views

MAL-2025-48408 Malicious code in company-request-access (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e49052755a86ef81d8b6c55e055db2639127cd68573b30d2725ed12e8e0d61ea Any computer that has this package installed or running should be considered...

6.8AI score
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-2322

Malicious code in bioql PyPI...

5.3CVSS6.3AI score0.01866EPSS
Exploits0References14
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-3114

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.02786EPSS
Exploits3References8
Vulnrichment
Vulnrichment
added 2025/08/26 10:25 a.m.1 views

CVE-2025-1501 Incorrect authorization for traces request/download in CMC before 25.1.0

An access control vulnerability was discovered in the Request Trace and Download Trace functionalities of CMC before 25.1.0 due to a specific access restriction not being properly enforced for users with limited privileges. An authenticated user with limited privileges can request and download...

5.3CVSS6.4AI score0.00192EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/26 10:25 a.m.6 views

CVE-2025-1501 Incorrect authorization for traces request/download in CMC before 25.1.0

An access control vulnerability was discovered in the Request Trace and Download Trace functionalities of CMC before 25.1.0 due to a specific access restriction not being properly enforced for users with limited privileges. An authenticated user with limited privileges can request and download...

5.3CVSS0.00192EPSS
Exploits0References1
NVD
NVD
added 2024/12/19 4:15 p.m.13 views

CVE-2024-55082

A Server-Side Request Forgery SSRF in the endpoint http://your-server/url-to-pdf of Stirling-PDF 0.35.1 allows attackers to access sensitive information via a crafted request...

7.5CVSS0.00461EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/08/08 5:22 p.m.7 views

undertow: LearningPushHandler can lead to remote memory DoS attacks

A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the...

5.3CVSS5.7AI score0.01866EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/08/02 12:0 a.m.4 views

Monkeytype 安全漏洞

Monkeytype is a minimalist and customizable typing test open-sourced by Monkeytype. A security vulnerability exists in versions of Monkeytype prior to 24.30.0, which stems from vulnerability to a code injection attack, where an attacker is able to gain pull request write access...

9.6CVSS7.5AI score0.00825EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/02/17 12:0 a.m.5 views

PT-2024-29282 · Unknown · Monkeytype

Name of the Vulnerable Software and Affected Versions: Monkeytype versions prior to 24.30.0 Description: The issue concerns a Poisoned Pipeline Execution through Code Injection in the ci-failure-comment.yml GitHub Workflow of Monkeytype. This vulnerability allows attackers to gain pull-requests...

9.6CVSS7.7AI score0.00825EPSS
Exploits1References10
CNNVD
CNNVD
added 2021/03/24 12:0 a.m.11 views

GitLab 安全漏洞

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab after version...

4.3CVSS5.2AI score0.01001EPSS
Exploits0References4
OSV
OSV
added 2020/07/15 6:15 p.m.4 views

CVE-2020-14716

Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite component: CRM User Management Framework. Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromi...

4.7CVSS6.7AI score0.00985EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2019/02/14 12:0 a.m.72 views

Ispirithalaya Hospital Management System 0.1.2 Database Configuration Disclosure

Exploit Title : Ispirithalaya Hospital Management System 0.1.2 Database Config Disclosure Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 14/02/2019 Vendor Homepage : freeehospital.com Software Download Link :...

7.4AI score
Exploits0
RedHat Linux
RedHat Linux
added 2017/07/25 5:46 p.m.4 views

tomcat: Calls to application listeners did not use the appropriate facade object

A vulnerability was discovered in tomcat. When running an untrusted application under a SecurityManager it was possible, under some circumstances, for that application to retain references to the request or response objects and thereby access and/or modify information associated with another web...

9.1CVSS7.3AI score0.13225EPSS
Exploits0References4
Atlassian
Atlassian
added 2015/01/06 2:10 a.m.19 views

Request access to this page. userFullName can be modified.

Steps to reproduce: 1.-Create a page and grant permissions only for you 2.-Modify this url to point to your pageId https://extranet.atlassian.com/pages/viewpage.action?pageId=XXXXXXX&username=scia&userFullName=Scott%2BFarquhar&grantAccess=true 3.- You will be asked to grant Scott Farquhar...

1AI score
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2014/05/12 12:0 a.m.5 views

PT-2014-2868 · D Link · D-Link Dir-505L Shareport Mobile Companion +1

Name of the Vulnerable Software and Affected Versions: D-Link DIR-505L SharePort Mobile Companion version 1.01 D-Link DIR-826L Wireless N600 Cloud Router version 1.02 Description: The issue allows remote attackers to bypass authentication via a direct request when an authorized session is active...

9.3CVSS6.7AI score0.0416EPSS
Exploits0References2
Rows per page
Query Builder