Lucene search
K

97 matches found

Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.5 views

PT-2026-31649

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus stores revision records in directus revisions whenever items are created or updated. Due to the revision snapshot code not consistently calling the prepareDelta sanitization pipeline,...

6.5CVSS6AI score0.0017EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/07 6:22 p.m.3 views

CVE-2026-39349

OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source encrypts certain sensitive fields with AES in ECB mode, which preserves block-aligned plaintext patterns in ciphertext and enables pattern disclosure against stored data. This vulnerability i...

2.1CVSS5.9AI score0.00112EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/04 6:12 a.m.20 views

Directus: Sensitive fields exposed in revision history

Summary Directus stores revision records in directusrevisions whenever items are created or updated. Due to the revision snapshot code not consistently calling the prepareDelta sanitization pipeline, sensitive fields including user tokens, two-factor authentication secrets, external auth...

6.5CVSS5.9AI score0.0017EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/04 6:12 a.m.3 views

GHSA-MVV8-V4JJ-G47J Directus: Sensitive fields exposed in revision history

Summary Directus stores revision records in directusrevisions whenever items are created or updated. Due to the revision snapshot code not consistently calling the prepareDelta sanitization pipeline, sensitive fields including user tokens, two-factor authentication secrets, external auth...

6.5CVSS5.8AI score0.0017EPSS
Exploits0References4
NVD
NVD
added 2026/01/19 9:16 a.m.4 views

CVE-2025-59355

A vulnerability. When org.apache.linkis.metadata.util.HiveUtils.decode fails to perform Base64 decoding, it records the complete input parameter string in the log via logger.errorstr + "decode failed", e. If the input parameter contains sensitive information such as Hive Metastore keys, plaintext...

6.5CVSS0.00403EPSS
Exploits0References3
NVD
NVD
added 2026/01/14 7:16 p.m.9 views

CVE-2026-23477

Rocket.Chat is an open-source, secure, fully customizable communications platform. In Rocket.Chat versions up to 6.12.0, the API endpoint GET /api/v1/oauth-apps.get is exposed to any authenticated user, regardless of their role or permissions. This endpoint returns an OAuth application, as long a...

7.7CVSS0.00306EPSS
Exploits1References1
NVD
NVD
added 2025/12/01 9:15 p.m.7 views

CVE-2025-66295

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, when a user with privilege of user creation creates a new user through the Admin UI and supplies a username containing path traversal sequences for example ..\Nijat or ../Nijat, Grav writes the account YAML file to an unintended path...

8.8CVSS0.00482EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/06 6:32 p.m.4 views

EUVD-2025-38051

Improper access control in Devolutions Server 2025.3.5.0 and earlier allows a View-only user to retrieve sensitive third-level nested fields, such as password lists custom values, resulting in password disclosure...

6.5CVSS6.3AI score0.00359EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/06 4:36 p.m.2 views

CVE-2025-12808

Improper access control in Devolutions allows a View-only user to retrieve sensitive third-level nested fields, such as password lists custom values, resulting in password disclosure. This issue affects the following versions : Devolutions Server 2025.3.2.0 through 2025.3.5.0 Devolutions Server...

6.5AI score0.00359EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/07 6:27 p.m.6 views

CVE-2025-52656

HCL MyXalytics: 6.6. is affected by Mass Assignment vulnerability. Mass Assignment occurs when user input is automatically bound to application objects without proper validation or access controls, potentially allowing unauthorized modification of sensitive fields...

7.6CVSS6.8AI score0.00235EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-5964

Malware in sbrugna...

7.5CVSS5.4AI score0.00675EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.12 views

EUVD-2019-5823

Malware in sbrugna...

8.8CVSS7.6AI score0.02234EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-49985

Malicious code in bioql PyPI...

7.5CVSS5AI score0.00443EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-1709

Malicious code in bioql PyPI...

4.9CVSS5.2AI score0.00757EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-46907

Malicious code in bioql PyPI...

5.7CVSS6.6AI score0.00457EPSS
Exploits0References1
OSV
OSV
added 2025/10/03 7:15 p.m.7 views

CVE-2025-52656

HCL MyXalytics: 6.6. is affected by Mass Assignment vulnerability. Mass Assignment occurs when user input is automatically bound to application objects without proper validation or access controls, potentially allowing unauthorized modification of sensitive fields...

7.6CVSS5.8AI score0.00235EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 6:20 p.m.4 views

EUVD-2025-32359

HCL MyXalytics: 6.6. is affected by Mass Assignment vulnerability. Mass Assignment occurs when user input is automatically bound to application objects without proper validation or access controls, potentially allowing unauthorized modification of sensitive fields...

7.6CVSS6.3AI score0.00235EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/03 12:0 a.m.6 views

HCL MyXalytics 安全漏洞

HCL MyXalytics is an analytics software product from HCL India. It is used to perform data analysis and other related tasks. A security vulnerability exists in HCL MyXalytics version 6.6, which stems from a lack of proper validation and access control when automatically binding user inputs to...

7.6CVSS6.5AI score0.00235EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/02 12:0 a.m.2 views

CVE-2025-56161

YOSHOP 2.0 allows unauthenticated information disclosure via comment-list API endpoints in the Goods module. The Comment model eagerly loads the related User model without field filtering; because User.php defines no $hidden or $visible attributes, sensitive fields bcrypt password hash, mobile...

6.2AI score0.00502EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/10/02 12:0 a.m.6 views

Yoshop 安全漏洞

Yoshop is a Chinese yiovo open source e-commerce system. A security vulnerability exists in Yoshop version 2.0, which stems from unauthenticated information leakage from the comment list API endpoint, which may lead to the exposure of sensitive fields...

7.5CVSS6.5AI score0.00502EPSS
Exploits1References2
Rows per page
Query Builder