Lucene search
K

39 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-6561

Malware in sbrugna...

4.3CVSS4.8AI score0.00815EPSS
Exploits0References3
OSV
OSV
added 2025/07/31 6:15 p.m.5 views

CVE-2025-54834

OPEXUS FOIAXpress Public Access Link PAL version v11.1.0 allows an unauthenticated, remote attacker to query the /App/CreateRequest.aspx endpoint to check for the existence of valid usernames. There are no rate-limiting mechanisms in place...

6.9CVSS5.9AI score0.0049EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 6:43 a.m.6 views

CVE-2019-15594

GitLab 11.8 and later contains a security vulnerability that allows a user to obtain details of restricted pipelines via the merge request endpoint...

4.3CVSS6.6AI score0.00815EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/14 12:0 a.m.5 views

Fortinet FortiOS 安全漏洞

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. Fortinet FortiOS has a security...

5.3CVSS6.8AI score0.00668EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/01/03 4:24 p.m.45 views

SiYuan has an arbitrary file deletion vulnerability

Summary A arbitrary file deletion vulnerability has been identified in the latest version of Siyuan Note. The vulnerability exists in the POST /api/history/getDocHistoryContent endpoint.An attacker can craft a payload to exploit this vulnerability, resulting in the deletion of arbitrary files on...

9.1CVSS6.8AI score0.00589EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/07/26 12:0 a.m.3 views

PT-2024-5306 · Phpipam · Phpipam

Name of the Vulnerable Software and Affected Versions: phpipam version 1.6 Description: The issue is related to a Cross Site Scripting XSS vulnerability. It affects the /app/tools/request-ip/index.php endpoint. The vulnerability exists due to insufficient protection of the web page structure,...

6.5CVSS5.2AI score0.00382EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2024/04/29 12:0 a.m.7 views

PT-2024-24615 · Znuny +1 · Znuny +2

Name of the Vulnerable Software and Affected Versions: Znuny LTS versions 6.5.1 through 6.5.7 Znuny versions 7.0.1 through 7.0.16 Description: An issue was discovered where a logged-in agent is able to inject SQL in the draft form ID parameter of an AJAX request. Recommendations: For Znuny LTS...

8.8CVSS7.7AI score0.00708EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2023/01/16 12:0 a.m.9 views

PT-2023-14304

Name of the Vulnerable Software and Affected Versions Apache Superset versions 1.5.2 and prior Apache Superset version 2.0.0 Description The issue concerns two legacy REST API endpoints for approval and request access that are vulnerable to cross-site request forgery. Recommendations For Apache...

8.8CVSS7.1AI score0.00567EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2022/10/19 12:0 a.m.6 views

PT-2022-25542 · Ocomon · Ocomon

Name of the Vulnerable Software and Affected Versions: OcoMon version 4.0RC1 Description: The issue is related to Incorrect Access Control. Through a request, a user can obtain the real email, and by sending the same request with the correct email, it is possible to perform an account takeover...

7.5CVSS7.3AI score0.00785EPSS
Exploits1References6
OSV
OSV
added 2022/06/02 2:15 p.m.3 views

CVE-2022-31976

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=deleterequest...

9.8CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added 2020/04/01 7:25 p.m.26 views

CVE-2020-5290 session fixation in rCTF

In RedpwnCTF before version 2.3, there is a session fixation vulnerability in exploitable through the token=$ssid hash when making a request to the /verify endpoint. An attacker team could potentially steal flags by, for example, exploiting a stored XSS payload in a CTF challenge so that victim...

6.5CVSS6.3AI score0.00795EPSS
Exploits1References2
OSV
OSV
added 2020/02/14 10:15 p.m.17 views

CVE-2019-15594

GitLab 11.8 and later contains a security vulnerability that allows a user to obtain details of restricted pipelines via the merge request endpoint...

4.3CVSS6.6AI score
Exploits0References2
Prion
Prion
added 2020/02/14 10:15 p.m.24 views

Improper access control

GitLab 11.8 and later contains a security vulnerability that allows a user to obtain details of restricted pipelines via the merge request endpoint...

4CVSS4.3AI score0.00815EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2020/02/14 10:15 p.m.32 views

CVE-2019-15594

GitLab 11.8 and later contains a security vulnerability that allows a user to obtain details of restricted pipelines via the merge request endpoint...

4.3CVSS5.9AI score0.00815EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2020/02/14 9:29 p.m.26 views

CVE-2019-15594

Removed by vendor...

4.3CVSS5.8AI score0.00815EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2019/07/24 9:1 p.m.6 views

web-console: XSS in OAuth server /oauth/token/request endpoint

A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections. If not otherwise prevented, a separate XSS vulnerability via JavaScript could further allow for the extraction ...

6.3CVSS5.8AI score0.00674EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2019/04/01 12:0 a.m.4 views

PT-2019-16750 · Red Hat · Openshift Oauth Server

Name of the Vulnerable Software and Affected Versions: OpenShift OAuth server affected versions not specified Description: A flaw was found in the "/oauth/token/request" custom endpoint of the OpenShift OAuth server, allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSR...

6.3CVSS5.1AI score0.00674EPSS
Exploits0References11
CNVD
CNVD
added 2018/12/05 12:0 a.m.5 views

GitLab CE/EE Information Disclosure Vulnerability (CNVD-2018-26955)

GitLab is a set of open source applications developed using Ruby on Rails to implement a self-hosted Git version control system project repository, which has similar functionality to Github for accessing the contents of a project's files, commit history, bug lists, and more. An information...

7.5CVSS7.1AI score0.01166EPSS
Exploits1References1
OSV
OSV
added 2016/02/09 3:59 a.m.6 views

CVE-2016-1317

Cisco Unified Communications Manager 11.50.98000.480 allows remote authenticated users to obtain sensitive database table-name and entity-name information via a direct request to an unspecified URL, aka Bug ID CSCuy11098...

4.3CVSS5.8AI score0.01167EPSS
Exploits0References2
Rows per page
Query Builder