CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

128 matches found

Stash < 0.26.0 - SQL Injection

Stash up to v0.25.1 was discovered to contain a SQL injection vulnerability via the sort parameter. id: CVE-2024-32231 info: name: Stash Stash" tags: cve,cve2024,stash,sqli,vuln http: - raw: - | POST /graphql HTTP/1.1 Host: Hostname Content-type: application/json...

6.3CVSS5.8AI score0.01179EPSS

Exploits0References5

OSV•added 2025/12/30 1:16 p.m.•1 views

UBUNTU-CVE-2023-54210

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Avoid use-after-free in dbg for hciremoveadvmonitor KASAN reports that there's a use-after-free in hciremoveadvmonitor. Trawling through the disassembly, you can see that the complaint is from the access in...

5.7AI score0.00166EPSS

Exploits0References6

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2008-4570

Malware in sbrugna...

7.5CVSS6.4AI score0.00967EPSS

Exploits1References5

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2008-4065

Malware in sbrugna...

6.8CVSS6.4AI score0.03108EPSS

Exploits0References9

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2008-4066

Malware in sbrugna...

7.5CVSS6.4AI score0.02561EPSS

Exploits1References5

EUVD•added 2025/10/07 12:30 a.m.•6 views

EUVD-2015-2090

Malware in sbrugna...

5.6CVSS5.7AI score0.00232EPSS

Exploits0References2

OSV•added 2025/09/22 9:7 a.m.•2 views

SUSE-SU-2025:20721-1 Security update for git

This update for git fixes the following issues: - Update to 2.51.0 - UI, Workflows & Features - Userdiff patterns for the R language have been added. - Documentation for "git send-email" has been updated with a bit more credential helper and OAuth information. - "git cat-file --batch" learns to...

9.8CVSS8.1AI score0.02775EPSS

Exploits9References22

SUSE Linux•added 2025/09/22 8:52 a.m.•6 views

Security update for git

This update for git fixes the following issues: Update to 2.51.0 UI, Workflows & Features Userdiff patterns for the R language have been added. Documentation for "git send-email" has been updated with a bit more credential helper and OAuth information. "git cat-file --batch" learns to understand...

8.6CVSS8.4AI score0.02775EPSS

Exploits9References42

Cvelist•added 2025/06/10 11:19 p.m.•24 views

CVE-2024-7457 macOS Stash network-management utility: Unauthorized Manipulation of System Network Preferences

The ws.stash.app.mac.daemon.helper tool contains a vulnerability caused by an incorrect use of macOS’s authorization model. Instead of validating the client's authorization reference, the helper invokes AuthorizationCopyRights using its own privileged context root, effectively authorizing itself...

7.8CVSS0.00139EPSS

Exploits0References1

CVE•added 2025/06/10 11:19 p.m.•59 views

CVE-2024-7457

The CVE-2024-7457 entry concerns ws.stash.app.mac.daemon.helper on macOS. Affected component is the ws.stash.app.mac.daemon.helper, which improperly uses macOS AuthorizationCopyRights() with its own privileged context (root) instead of validating the client’s authorization reference. This allows ...

7.8CVSS7.5AI score0.00139EPSS

Exploits0References1

Vulnrichment•added 2025/06/10 11:19 p.m.•19 views

CVE-2024-7457 macOS Stash network-management utility: Unauthorized Manipulation of System Network Preferences

7.8CVSS7AI score0.00139EPSS

Exploits0References1

CNNVD•added 2025/06/10 12:0 a.m.•0 views

Stash ws.stash.app.mac.daemon.helper 安全漏洞

Stash ws.stash.app.mac.daemon.helper is a system agent component for macOS by Stash. A security vulnerability exists in Stash ws.stash.app.mac.daemon.helper, which stems from an incorrect use of the macOS authorization model, and could allow an unauthorized client to invoke privileged operations...

7.8CVSS6.5AI score0.00139EPSS

Exploits0References2

BDU FSTEC•added 2025/05/27 12:0 a.m.•3 views

The vulnerability of the `gslibctx_stash_sanitized_arg` function in the `base/gslibctx.c` file of the Ghostscript processing, conversion, and generation software set allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the gsLib ctxstashsanitizedarg function in the base/gslibctx.c file of the Ghostscript processing, conversion, and generation software set is related to improper border removal of critical data. Exploiting this vulnerability may allow an attacker to gain unauthorized access t...

4CVSS7.6AI score0.00274EPSS

Exploits0References11Affected Software6

RedhatCVE•added 2025/05/23 10:4 a.m.•5 views

CVE-2024-32231

Stash up to v0.25.1 was discovered to contain a SQL injection vulnerability via the sort parameter...

6.3CVSS8.2AI score0.01179EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 11:13 p.m.•5 views

CVE-2022-34198

Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier does not escape the name and description of Stash Branch parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS5.4AI score0.0071EPSS

Exploits0References1

Krebs on Security•added 2024/09/26 2:54 p.m.•18 views

U.S. Indicts 2 Top Russian Hackers, Sanctions Cryptex

The United States today unveiled sanctions and indictments against the alleged proprietor of Joker 's Stash, a now-defunct cybercrime store that peddled tens of millions of payment cards stolen in some of the largest data breaches of the past decade. The government also indicted and sanctioned a...

6.8AI score

Exploits0

Veracode•added 2024/08/19 7:7 a.m.•10 views

SQL Injection

github.com/stashapp/stash is vulnerable to SQL Injection. The vulnerability is caused due to not validating the values provided in the sort parameter while executing SQL query. This can lead to attacker retrieving data from database or can change values in the database tables...

6.3CVSS7.2AI score0.01179EPSS

Exploits0References6Affected Software1