Lucene search
+L

157 matches found

Cvelist
Cvelist
added yesterday13 views

CVE-2026-63101 Open Event Server 1.19.1 Unauthenticated Member Roster Export via CSV Export Endpoint

Open Event Server through 1.19.1 contains a missing authentication vulnerability that allows unauthenticated attackers to export the complete member roster of any group, including email addresses, names, join dates, and roles, by submitting requests to the group followers CSV export endpoint whic...

8.7CVSS
Exploits0References2
CVE
CVE
added yesterday7 views

CVE-2026-63101

Open Event Server 1.19.1 is affected by an unauthenticated access vulnerability that lets attackers export the full member roster (emails, names, join dates, roles) by calling the group followers CSV export endpoint. The issue arises because the export endpoint lacks authentication and can be tri...

8.7CVSS5.5AI score
Exploits0References2
EUVD
EUVD
added yesterday7 views

EUVD-2026-45202

Open Event Server through 1.19.1 contains a missing authentication vulnerability that allows unauthenticated attackers to export the complete member roster of any group, including email addresses, names, join dates, and roles, by submitting requests to the group followers CSV export endpoint whic...

8.7CVSS5.4AI score
Exploits0References2
OSV
OSV
added 2026/06/19 3:12 p.m.18 views

GHSA-JV2H-4P9V-WF5W ouroboros-ai: Incomplete fix of CVE-2026-47211: untrusted project .env can still reach RCE via omitted execution-routing keys

Impact The CVE-2026-47211 fix 0.39.0 added UNTRUSTEDENVDENYLIST to stop an untrusted project-directory .env from redirecting execution. The denylist was incomplete — several execution-routing keys of the same RCE class were omitted, so a malicious cloned repo can still reach arbitrary command...

8.6CVSS6.1AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/07 9:31 a.m.7 views

CVE-2019-16236

Dino before 2019-09-10 does not check roster push authorization in module/roster/module.vala...

7.5CVSS6.7AI score0.02385EPSS
Exploits1References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/10/23 4:19 p.m.4 views

Malicious code in hyatt-residential-roster (npm)

Package is malware. Collects and exfiltrates sensitive data to an external server. Suspicious install scripts execute the same script multiple times. The package communicates with a domain associated with malicious activity...

7.1AI score
Exploits0References1
OSV
OSV
added 2025/10/23 4:19 p.m.3 views

MAL-2025-48691 Malicious code in hyatt-residential-roster (npm)

Package is malware. Collects and exfiltrates sensitive data to an external server. Suspicious install scripts execute the same script multiple times. The package communicates with a domain associated with malicious activity...

7.1AI score
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2006-6833

Malware in sbrugna...

7.5CVSS6.4AI score0.02797EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2016-10715

Malware in sbrugna...

7.4CVSS5.6AI score0.04512EPSS
Exploits2References14
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2015-8565

Malware in sbrugna...

5.8CVSS5.3AI score0.01723EPSS
Exploits1References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-13582

Malware in sbrugna...

8.8CVSS8.7AI score0.01478EPSS
Exploits3References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2004-2381

Malware in sbrugna...

5CVSS6.4AI score0.01363EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2016-2939

Malware in sbrugna...

5.3CVSS7.4AI score0.01912EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2019-7043

Malware in sbrugna...

7.5CVSS7.3AI score0.02385EPSS
Exploits1References11
RedhatCVE
RedhatCVE
added 2025/05/23 8:45 a.m.7 views

CVE-2024-33850

Pexip Infinity before 34.1 has Improper Access Control for persons in a waiting room. They can see the conference roster list, and perform certain actions that should not be allowed before they are admitted to the meeting...

4.3CVSS6.9AI score0.00213EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:40 a.m.4 views

CVE-2024-51850

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bchristopeit WoW Guild Armory Roster guild-armory-roster allows Stored XSS.This issue affects WoW Guild Armory Roster: from n/a through = 0.5.5...

6.5CVSS7.2AI score0.00374EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:39 p.m.9 views

CVE-2021-26795

A SQL Injection vulnerability in /appliance/shiftmgn.php in TalariaX sendQuick Alert Plus Server Admin 4.3 before 8HF11 allows attackers to obtain sensitive information via a Roster Time to Roster Management...

8.8CVSS7.3AI score0.01478EPSS
Exploits3References1
Cvelist
Cvelist
added 2024/11/27 9:28 p.m.49 views

CVE-2024-53260 Course Roster vulnerable to CSV Injection in Autolab

Autolab is a course management service that enables auto-graded programming assignments. A user can modify their first and or last name to include a valid excel / spreadsheet formula. When an instructor downloads their course's roster and opens, this name will then be evaluated as a formula. This...

6.8CVSS0.00462EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/27 9:28 p.m.11 views

CVE-2024-53260 Course Roster vulnerable to CSV Injection in Autolab

Autolab is a course management service that enables auto-graded programming assignments. A user can modify their first and or last name to include a valid excel / spreadsheet formula. When an instructor downloads their course's roster and opens, this name will then be evaluated as a formula. This...

6.8CVSS6.9AI score0.00462EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/11/27 12:0 a.m.5 views

PT-2024-35698 · Autolab · Autolab

Name of the Vulnerable Software and Affected Versions: Autolab affected versions not specified Description: Autolab is a course management service that enables auto-graded programming assignments. A user can modify their first and or last name to include a valid excel / spreadsheet formula. When ...

6.8CVSS7AI score0.00462EPSS
Exploits0References7
Rows per page
Query Builder