Lucene search
K

137 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 10:3 a.m.6 views

CVE-2024-3137

Improper Privilege Management in uvdesk/community-skeleton...

7.1CVSS6.8AI score0.00358EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2024/11/09 3:48 a.m.3 views

SUSE CVE-2024-50204

In the Linux kernel, the following vulnerability has been resolved: fs: don't try and remove empty rbtree node When copying a namespace we won't have added the new copy into the namespace rbtree until after the copy succeeded. Calling freemntns will try to remove the copy from the rbtree which is...

5.5CVSS7.7AI score0.00176EPSS
Exploits0References3
OSV
OSV
added 2024/11/08 6:15 a.m.4 views

UBUNTU-CVE-2024-50204

In the Linux kernel, the following vulnerability has been resolved: fs: don't try and remove empty rbtree node When copying a namespace we won't have added the new copy into the namespace rbtree until after the copy succeeded. Calling freemntns will try to remove the copy from the rbtree which is...

5.5CVSS5.7AI score0.00176EPSS
Exploits0References8
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/09/04 8:1 a.m.4 views

Malicious code in pdm-skeleton (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c8ba9c7f0e8687739c6047f24241f9e715c735f096f38643dc9c818c09d6cab2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2024/09/04 8:1 a.m.6 views

MAL-2024-8794 Malicious code in pdm-skeleton (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c8ba9c7f0e8687739c6047f24241f9e715c735f096f38643dc9c818c09d6cab2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
The Hacker News
The Hacker News
added 2024/06/27 10:4 a.m.39 views

Prompt Injection Flaw in Vanna AI Exposes Databases to RCE Attacks

Cybersecurity researchers have disclosed a high-severity security flaw in the Vanna.AI library that could be exploited to achieve remote code execution vulnerability via prompt injection techniques. The vulnerability, tracked as CVE-2024-5565 CVSS score: 8.1, relates to a case of prompt injection...

8.1CVSS8.6AI score0.14956EPSS
Exploits0
NVD
NVD
added 2024/04/02 1:15 a.m.21 views

CVE-2024-3137

Improper Privilege Management in uvdesk/community-skeleton...

7.1CVSS7AI score0.00358EPSS
Exploits0References1
CVE
CVE
added 2024/04/02 12:0 a.m.45 views

CVE-2024-3137

CVE-2024-3137 affects uvdesk/community-skeleton. The issue is described as improper privilege management arising from inadequate access controls. According to the entry, the vulnerability has a CVSSv3 base score of 7.1 (HIGH): network attack vector, low attack complexity, privileges required: LOW...

7.1CVSS6.9AI score0.00358EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/02 12:0 a.m.14 views

CVE-2024-3137 Improper Privilege Management in uvdesk/community-skeleton

Improper Privilege Management in uvdesk/community-skeleton...

7.1CVSS6.9AI score0.00358EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/04/02 12:0 a.m.3 views

community-skeleton 安全漏洞

community-skeleton is a service-oriented, event-driven, extensible open source helpdesk system. A security vulnerability exists in uvdesk community-skeleton that stems from improper privilege management...

7.1CVSS6.8AI score0.00358EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/04/02 12:0 a.m.11 views

PT-2024-24015 · Unknown · Uvdesk Community Skeleton

Name of the Vulnerable Software and Affected Versions: uvdesk/community-skeleton affected versions not specified Description: The issue concerns improper privilege management. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability...

7.1CVSS7.1AI score0.00358EPSS
Exploits0References5
NVD
NVD
added 2023/10/23 9:15 p.m.21 views

CVE-2023-37636

A stored cross-site scripting XSS vulnerability in UVDesk Community Skeleton v1.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field when creating a ticket...

5.4CVSS5.3AI score0.00346EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2023/10/23 9:15 p.m.4 views

CVE-2023-37635

UVDesk Community Skeleton v1.1.1 allows unauthenticated attackers to perform brute force attacks on the login page to gain access to the application...

9.8CVSS7.4AI score0.01151EPSS
Exploits1References2
NVD
NVD
added 2023/10/23 9:15 p.m.34 views

CVE-2023-37635

UVDesk Community Skeleton v1.1.1 allows unauthenticated attackers to perform brute force attacks on the login page to gain access to the application...

9.8CVSS9.7AI score0.01151EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2023/10/23 9:15 p.m.6 views

CVE-2023-37636

A stored cross-site scripting XSS vulnerability in UVDesk Community Skeleton v1.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field when creating a ticket...

5.4CVSS6.2AI score0.00346EPSS
Exploits1References2
Prion
Prion
added 2023/10/23 9:15 p.m.15 views

Cross site scripting

A stored cross-site scripting XSS vulnerability in UVDesk Community Skeleton v1.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field when creating a ticket...

4.9CVSS5.2AI score0.00346EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2023/10/23 9:15 p.m.23 views

Code injection

UVDesk Community Skeleton v1.1.1 allows unauthenticated attackers to perform brute force attacks on the login page to gain access to the application...

7.5CVSS9.6AI score0.01151EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/10/23 12:0 a.m.4 views

PT-2023-26052 · Unknown · Uvdesk Community Skeleton

Name of the Vulnerable Software and Affected Versions: UVDesk Community Skeleton version 1.1.1 Description: The issue allows unauthenticated attackers to perform brute force attacks on the login page to gain access to the application. This can be done through the login page, allowing attackers to...

9.8CVSS9.5AI score0.01151EPSS
Exploits1References7
CVE
CVE
added 2023/10/23 12:0 a.m.54 views

CVE-2023-37636

CVE-2023-37636 concerns UVDesk Community Skeleton v1.1.1, with a stored XSS vulnerability in the Message field used when creating a ticket. The issue allows attackers to inject arbitrary web scripts/HTML, potentially affecting users who view crafted tickets. The primary technical detail across so...

5.4CVSS5.2AI score0.00346EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/10/23 12:0 a.m.57 views

CVE-2023-37635

CVE-2023-37635 affects UVDesk Community Skeleton v1.1.1, described as an unauthenticated brute-force login vulnerability that could allow access to the application. Concrete detail: login-page brute-force on UVDesk Community Skeleton 1.1.1. Root cause and exact exploit path are not detailed in th...

9.8CVSS9.6AI score0.01151EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder