Lucene search
K

5 matches found

Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.6 views

PT-2026-36164

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes multiple dataset and dataRequest endpoints that authorize low-privileged project members at the team level instead of binding the...

8.1CVSS5.4AI score0.00235EPSS
Exploits0References3
Snyk
Snyk
added 2026/01/23 12:31 a.m.0 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the web interface when canceling scheduled auto-merges. An attacker can terminate auto-merges scheduled by other users by leveraging read access to pull requests. Remediation Upgrade...

5.3CVSS5.9AI score0.00303EPSS
Exploits0References2
NVD
NVD
added 2024/08/02 3:16 p.m.29 views

CVE-2024-41127

Monkeytype is a minimalistic and customizable typing test. Monkeytype is vulnerable to Poisoned Pipeline Execution through Code Injection in its ci-failure-comment.yml GitHub Workflow, enabling attackers to gain pull-requests write access. The ci-failure-comment.yml workflow is triggered when the...

9.6CVSS0.00825EPSS
Exploits1References3
CVE
CVE
added 2024/08/02 2:46 p.m.38 views

CVE-2024-41127

CVE-2024-41127 affects Monkeytype via its GitHub Actions workflow ci-failure-comment.yml. A vulnerability in the workflow’s handling of the artifact variable (./pr_num/pr_num.txt) allows interpolation into a JS script after the value is not validated as a number, enabling an attacker to gain writ...

9.6CVSS8.6AI score0.00825EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2023/01/16 12:0 a.m.5 views

Apache Superset 跨站请求伪造漏洞

A cross-site request forgery vulnerability exists in Apache Superset, a data visualization and data exploration platform from the Apache Foundation. The vulnerability stems from the failure of two legacy REST APIs for granting and requesting access to properly validate user input, which could be...

8.8CVSS8.6AI score0.00567EPSS
Exploits0References2
Rows per page
Query Builder