Lucene search
+L

25 matches found

mscve
mscve
added 2026/06/09 2:0 p.m.11 views

Visual Studio Code MSSQL Extension Remote Code Execution Vulnerability

Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to elevate privileges locally...

7.8CVSS5.5AI score0.00368EPSS
Exploits0
osv
osv
added 2026/02/16 4:19 p.m.3 views

CVE-2025-65717

An issue in Visual Studio Code Extensions Live Server v5.7.9 allows attackers to exfiltrate files via user interaction with a crafted HTML page...

4.3CVSS5.8AI score0.00511EPSS
Exploits1References2
cve
cve
added 2026/02/16 12:0 a.m.20 views

CVE-2025-65717

CVE-2025-65717 affects Visual Studio Code Live Server extension (v5.7.9). According to connected sources, an attacker can exfiltrate local files by luring a developer to a crafted HTML page which, via the local development HTTP server on localhost:5500, executes JavaScript to crawl and send files...

4.3CVSS5.5AI score0.00511EPSS
Exploits1References3Affected Software1
redhatcve
redhatcve
added 2025/12/12 3:11 p.m.6 views

CVE-2025-14265

In versions of ScreenConnect™ prior to 25.8, server-side validation and integrity checks within the extension subsystem could allow the installation and execution of untrusted or arbitrary extensions by authorized or administrative users. Abuse of this behavior could result in the execution of...

9.1CVSS7.3AI score0.0033EPSS
Exploits0References1
euvd
euvd
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-40362

Malicious code in bioql PyPI...

7.2CVSS6.4AI score0.01176EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/21 8:22 p.m.9 views

CVE-2002-1718

Microsoft Internet Information Server IIS 5.1 may allow remote attackers to view the contents of a Frontpage Server Extension FPSE file, as claimed using an HTTP request for colegal.htm that contains .. dot dot sequences...

5CVSS7AI score0.14059EPSS
Exploits0References1
nvd
nvd
added 2025/03/20 10:15 a.m.26 views

CVE-2024-11045

A Cross-Site WebSocket Hijacking CSWSH vulnerability in automatic1111/stable-diffusion-webui version 1.10.0 allows an attacker to clone a malicious server extension from a GitHub repository. The vulnerability arises from the lack of proper validation on WebSocket connections at...

9.6CVSS0.00375EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2025/03/20 10:10 a.m.10 views

CVE-2024-11045 Cross-Site WebSocket Hijacking (CSWSH) in automatic1111/stable-diffusion-webui

A Cross-Site WebSocket Hijacking CSWSH vulnerability in automatic1111/stable-diffusion-webui version 1.10.0 allows an attacker to clone a malicious server extension from a GitHub repository. The vulnerability arises from the lack of proper validation on WebSocket connections at...

9.6CVSS9AI score0.00375EPSS
Exploits1References1
cve
cve
added 2025/03/20 10:10 a.m.49 views

CVE-2024-11045

The CVE-2024-11045 CSWSH issue affects automatic1111/stable-diffusion-webui 1.10.0, where lack of validation for WebSocket connections at ws://127.0.0.1:7860/queue/join enables unauthorized actions such as cloning server extensions, running malicious scripts, data exfiltration, and potential DoS....

9.6CVSS9AI score0.00375EPSS
Exploits1References1Affected Software1
redhatcve
redhatcve
added 2025/02/06 3:53 a.m.7 views

CVE-2021-39160

nbgitpuller is a Jupyter server extension to sync a git repository one-way to a local path. Due to unsanitized input, visiting maliciously crafted links could result in arbitrary code execution in the user environment. This has been resolved in version 0.10.2 and all users are advised to upgrade...

9.6CVSS7.3AI score0.0173EPSS
Exploits0References1
kaspersky
kaspersky
added 2024/11/12 12:0 a.m.26 views

KLA77104 Multiple vulnerabilities in Microsoft Azure

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in Azure Database for PostgreSQL Flexible Server Extension...

9.9CVSS10AI score0.02203EPSS
Exploits0References6
cnnvd
cnnvd
added 2024/01/18 12:0 a.m.6 views

jupyterlab-lsp Security Vulnerabilities

jupyterlab-lsp is a tool that provides coding help for JupyterLab using the Language Server protocol. A security vulnerability exists in jupyterlab-lsp 2.2.1 and earlier versions, which stems from a lack of authentication of the jupyter-lsp server extension endpoint, allowing an attacker to acces...

9.8CVSS7AI score0.00491EPSS
Exploits0References3
nvd
nvd
added 2021/08/25 6:15 p.m.22 views

CVE-2021-39160

nbgitpuller is a Jupyter server extension to sync a git repository one-way to a local path. Due to unsanitized input, visiting maliciously crafted links could result in arbitrary code execution in the user environment. This has been resolved in version 0.10.2 and all users are advised to upgrade...

9.6CVSS0.0173EPSS
Exploits0References3
osv
osv
added 2021/08/25 6:15 p.m.12 views

PYSEC-2021-316

nbgitpuller is a Jupyter server extension to sync a git repository one-way to a local path. Due to unsanitized input, visiting maliciously crafted links could result in arbitrary code execution in the user environment. This has been resolved in version 0.10.2 and all users are advised to upgrade...

4AI score
Exploits0References3
cve
cve
added 2021/08/25 6:10 p.m.80 views

CVE-2021-39160

nbgitpuller is a Jupyter server extension that is vulnerable to arbitrary code execution due to unsanitized input when visiting crafted links. The issue affects the component responsible for syncing a git repository to a local path and has been fixed in version 0.10.2; users are advised to upgrad...

9.6CVSS8.8AI score0.0173EPSS
Exploits0References3Affected Software1
nessus
nessus
added 2016/07/29 12:0 a.m.17 views

openSUSE Security Update : mbedtls (openSUSE-2016-903)

This mbedtls update to version 1.3.17 fixes the following issues : Security issues fixed : - Fix missing padding length check in mbedtlsrsarsaespkcs1v15decrypt required by PKCS1 v2.2 - Fix a potential integer underflow to buffer overread in mbedtlsrsarsaesoaepdecrypt. It is not triggerable remote...

5.9AI score
Exploits0References1
ptsecurity
ptsecurity
added 2014/10/29 12:0 a.m.7 views

PT-2020-7742 · Zend · Zend Framework

Name of the Vulnerable Software and Affected Versions: Zend Framework versions prior to 1.12.9 Zend Framework versions 2.2.x prior to 2.2.8 Zend Framework versions 2.3.x prior to 2.3.3 Description: The issue allows remote attackers to execute arbitrary SQL commands via a null byte when using the...

9.8CVSS10AI score0.02802EPSS
Exploits2References39
nessus
nessus
added 2011/05/05 12:0 a.m.29 views

openSUSE Security Update : libopenssl-devel (openSUSE-SU-2010:0965-2)

Multithreaded OpenSSL servers using the TLS server extension are vulnerable to a buffer overrun attack CVE-2010-3864. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update libopenssl-devel-3562. The...

7.6CVSS7.8AI score0.22145EPSS
Exploits0References3
openvas
openvas
added 2009/04/09 12:0 a.m.13 views

Mandriva Update for x11-driver-video-vesa MDKA-2007:069 (x11-driver-video-vesa)

Check for the Version of x11-driver-video-vesa OpenVAS Vulnerability Test Mandriva Update for x11-driver-video-vesa MDKA-2007:069 x11-driver-video-vesa Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you...

7.4AI score
Exploits0References2
metasploit
metasploit
added 2008/10/19 9:3 p.m.45 views

PHP 4 unserialize() ZVAL Reference Counter Overflow (Cookie)

This module exploits an integer overflow vulnerability in the unserialize function of the PHP web server extension. This vulnerability was patched by Stefan in version 4.5.0 and applies all previous versions supporting this function. This particular module targets numerous web applications and is...

6.8CVSS7.6AI score0.40435EPSS
Exploits7
Rows per page
Query Builder