Lucene search
K

10 matches found

Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.10 views

PT-2026-31598

Name of the Vulnerable Software and Affected Versions Apache Airflow versions 3.0.0 through 3.1.8 Description The DagRun wait endpoint in Apache Airflow allows users with DAG Run read permissions, such as the Viewer role, to access XCom result values. This behavior contradicts the intended securi...

6.5CVSS5.8AI score0.00685EPSS
Exploits0References12
OSV
OSV
added 2026/03/12 5:3 p.m.4 views

CVE-2026-31841 Raw exposure of database statements in Hyperterse MCP search tool

Hyperterse is a tool-first MCP framework for building AI-ready backend surfaces from declarative config. Prior to v2.2.0, the search tool allows LLMs to search for tools using natural language. While returning results, Hyperterse also returned the raw SQL queries, exposing statements which were...

6.5CVSS5.8AI score0.00178EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/09 8:48 p.m.4 views

CVE-2026-25876

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the backend/src/routes/results.routes.ts verify authentication but fails to enforce object-level authorization ownership checks. For example, this can be used to return all results for an assessment...

5.3CVSS5.5AI score0.00246EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 7:42 a.m.6 views

CVE-2019-15727

An issue was discovered in GitLab Community and Enterprise Edition 11.2 through 12.2.1. Insufficient permission checks were being applied when displaying CI results, potentially exposing some CI metrics data to unauthorized users...

5.3CVSS6.4AI score0.01544EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/26 12:0 a.m.3 views

WordPress plugin Membership Plugin – Restrict Content 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. An information disclosure vulnerabili...

7.5CVSS8AI score0.00439EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/03/22 12:0 a.m.6 views

Mattermost 信息泄露漏洞

Mattermost is an open source collaboration platform from US-based Mattermost. Mattermost suffers from an information disclosure vulnerability that stems from failing to check settings when presenting the results of an API call, which can be exploited by an attacker to gain access to information...

4.3CVSS5.1AI score0.00464EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:34 a.m.3 views

SUSE CVE-2018-1044

In Moodle 3.x, quiz web services allow students to see quiz results when it is prohibited in the settings...

4.3CVSS4.8AI score0.00989EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2022/10/25 2:3 p.m.4 views

Mozilla: Same-origin policy violation could have leaked cross-origin URLs

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of a same-origin policy violation that could have allowed the theft of cross-origin URL entries, leaking the result of a redirect via performance.getEntries...

8.1CVSS7.3AI score0.00414EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/06/22 12:0 a.m.5 views

PT-2022-22049 · Jenkins · Jenkins Junit Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins xUnit Plugin versions 3.0.8 and earlier Description: The issue allows attackers who can control agent processes to create an arbitrary directory on the Jenkins controller or to obtain test results from existing files in an...

9.1CVSS6.4AI score0.01213EPSS
Exploits0References6
OSV
OSV
added 2018/01/22 8:29 a.m.3 views

UBUNTU-CVE-2018-1044

In Moodle 3.x, quiz web services allow students to see quiz results when it is prohibited in the settings...

4.3CVSS6AI score0.00989EPSS
Exploits0References3
Rows per page
Query Builder