Lucene search
K

16 matches found

OSV
OSV
added 2026/03/27 7:11 a.m.5 views

BIT-DISCOURSE-2026-33423 Discourse staff can modify any user's group notification level

Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, staff can modify any user's group notification level. Versions 2026.3.0, 2026.2.1, and 2026.1.2 contain a patch. No known workarounds are available...

5.3CVSS5.9AI score0.00198EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.10 views

InvenTree SQL注入漏洞

InvenTree is an open-source inventory management system developed by InvenTree. It provides powerful low-level inventory control and parts tracking capabilities. Versions of InvenTree prior to 1.2.6 contained a SQL injection vulnerability. This vulnerability stemmed from the report template...

7.1CVSS5.9AI score0.00293EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/20 11:6 p.m.6 views

CVE-2026-33423

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, staff can modify any user's group notification level. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. No known workarounds are available...

5.3CVSS5.8AI score0.00198EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/20 11:6 p.m.23 views

CVE-2026-33423 Discourse staff can modify any user's group notification level

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, staff can modify any user's group notification level. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. No known workarounds are available...

5.3CVSS0.00198EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.8 views

Discourse 安全漏洞

Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email communication, and chat rooms. Versions of Discourse prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain security vulnerabilities. These...

5.3CVSS5.8AI score0.00198EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/11 6:34 a.m.28 views

CVE-2026-31844 Authenticated SQL Injection in Koha displayby parameter of suggestion.pl

An authenticated SQL Injection vulnerability CWE-89 exists in the Koha staff interface in the /cgi-bin/koha/suggestion/suggestion.pl endpoint due to improper validation of the displayby parameter used by the GetDistinctValues functionality. A low-privileged staff user can inject arbitrary SQL...

9CVSS0.00442EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/25 2:48 a.m.4 views

CVE-2026-27629 InvenTree Vulnerable to Server Side Template Injection (SSTI)

InvenTree is an Open Source Inventory Management System. Prior to version 1.2.3, insecure server-side templates can be hijacked to expose secure information to the client. When generating custom batch codes, the InvenTree server makes use of a customizable jinja2 template, which can be modified b...

5.9CVSS6AI score0.00259EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/22 10:7 p.m.10 views

CVE-2026-23526

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 1.0.0 through 2.54.0, users that have the staff status may freely change their permissions, including giving themselves superuser status and joining the admin group, which gives them full access to...

8.8CVSS5.6AI score0.00255EPSS
Exploits0References1
NVD
NVD
added 2026/01/21 10:15 p.m.7 views

CVE-2026-23526

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 1.0.0 through 2.54.0, users that have the staff status may freely change their permissions, including giving themselves superuser status and joining the admin group, which gives them full access to...

8.8CVSS0.00255EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/21 9:40 p.m.6 views

EUVD-2026-3773

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 1.0.0 through 2.54.0, users that have the staff status may freely change their permissions, including giving themselves superuser status and joining the admin group, which gives them full access to...

8.5CVSS5.6AI score0.00255EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/21 9:40 p.m.20 views

CVE-2026-23526 CVAT vulnerable to privilege escalation of users with staff status

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 1.0.0 through 2.54.0, users that have the staff status may freely change their permissions, including giving themselves superuser status and joining the admin group, which gives them full access to...

8.5CVSS0.00255EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.10 views

PT-2026-3869

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 1.0.0 through 2.54.0, users that have the staff status may freely change their permissions, including giving themselves superuser status and joining the admin group, which gives them full access to...

8.5CVSS5.6AI score0.00255EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/09/16 12:0 a.m.7 views

CVE-2025-56295

code-projects Computer Laboratory System 1.0 has a file upload vulnerability. Staff can upload malicious files by uploading PHP backdoor files when modifying personal avatar information and use web shell connection tools to obtain server permissions...

0.00295EPSS
Exploits1References1
Snyk
Snyk
added 2025/09/15 8:31 p.m.4 views

Server-side Request Forgery (SSRF)

Overview ghost is a publishing platform Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the oEmbed mechanism. An attacker can access internal resources or exfiltrate sensitive data by submitting crafted URLs to the affected endpoint. This is only exploitab...

6.8CVSS6.6AI score0.00483EPSS
Exploits1References2
ArchLinux
ArchLinux
added 2021/06/15 12:0 a.m.161 views

[ASA-202106-41] python-django: multiple issues

Arch Linux Security Advisory ASA-202106-41 ========================================== Severity: Medium Date : 2021-06-15 CVE-ID : CVE-2021-33203 CVE-2021-33571 Package : python-django Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-2026 Summary ======= The package...

7.5CVSS0.4AI score0.03058EPSS
Exploits0References7
securityvulns
securityvulns
added 2012/01/21 12:0 a.m.76 views

[PT-2011-04] Cross-Site Scripting in Kayako Support Suite

----------------------------------------------------------------- PT-2011-04 Positive Technologies Security Advisory Cross-Site Scripting in Kayako Support Suite ----------------------------------------------------------------- --- Vulnerable software Kayako Support Suite Version: 3.70.02-stable...

0.7AI score
Exploits0
Rows per page
Query Builder