Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Github Security Blog
Github Security Blogadded 2024/05/01 4:35 p.m.23 views

Wagtail has permission check bypass when editing a model with per-field restrictions through `wagtail.contrib.settings` or `ModelViewSet`

Impact If a model has been made available for editing through the wagtail.contrib.settings module or ModelViewSet, and the permission argument on FieldPanel has been used to further restrict access to one or more fields of the model, a user with edit permission over the model but not the specific...

2.7CVSS6.9AI score0.00083EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blogadded 2022/01/21 11:43 p.m.20 views

Comment reply notifications sent to incorrect users

Impact When notifications for new replies in comment threads are sent, they are sent to all users who have replied or commented anywhere on the site, rather than only in the relevant threads. This means that a user could listen in to new comment replies on pages they have not had editing access t...

4.3CVSS1.3AI score0.00231EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blogadded 2021/04/20 2:2 p.m.36 views

Improper validation of URLs ('Cross-site Scripting') in Wagtail rich text fields

Impact When saving the contents of a rich text field in the admin interface, Wagtail does not apply server-side checks to ensure that link URLs use a valid protocol. A malicious user with access to the admin interface could thus craft a POST request to publish content with javascript: URLs...

6.1CVSS5.4AI score0.00274EPSS
Exploits0References8Affected Software1
Veracode
Veracodeadded 2019/01/15 8:55 a.m.28 views

Information Disclosure

rhc-chk.rb in Red Hat OpenShift Origin is vulnerable to information disclosure. When -d debug mode is used, the output of the process contains confidential information such as the plaintext database passwords. This leads to unintentional disclosure of confidential in support channels such as a...

2.1CVSS5.5AI score0.00063EPSS
Exploits0References40Affected Software20
Prion
Prionadded 2018/12/28 5:29 p.m.10 views

Design/Logic Flaw

DISPUTED main.aspx in Microstrategy Analytics 10.4.0026.0049 and earlier has CSRF. NOTE: The vendor claims that documentation for preventing a CSRF attack has been provided https://community.microstrategy.com/s/article/KB37643-New-security-feature-introduced-in-MicroStrategy-Web-9-0?language=enUS...

6.8CVSS8.6AI score0.00229EPSS
Exploits1References3Affected Software1
NVD
NVDadded 2013/02/24 10:55 p.m.15 views

CVE-2012-5658

rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d debug mode is used, outputs the password and other sensitive information in cleartext, which allows context-dependent attackers to obtain sensitive information, as demonstrated by including log files or Bugzilla reports in support channel...

2.1CVSS6.2AI score0.00063EPSS
Exploits0References2
Prion
Prionadded 2013/02/24 10:55 p.m.28 views

Design/Logic Flaw

rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d debug mode is used, outputs the password and other sensitive information in cleartext, which allows context-dependent attackers to obtain sensitive information, as demonstrated by including log files or Bugzilla reports in support channel...

2.1CVSS6.6AI score0.00063EPSS
Exploits0References2Affected Software2
Rows per page
Query Builder