Lucene search
K

385 matches found

OSV
OSV
added 2024/05/14 6:30 p.m.22 views

GHSA-338X-HFX8-VX9X Apache Karaf Cave: Cave SSRF and arbitrary file access

This issue affects all versions of Apache Karaf Cave. As this project is retired, there are no plans to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that ar...

9.1CVSS9.2AI score0.01161EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/03/14 12:0 a.m.2 views

IBM Integration Bus 跨站请求伪造漏洞

IBM Integration Bus IBM WebSphere Message Broker is an enterprise service bus ESB product from International Business Machines IBM. The product provides connectivity and common data transformation for Service Oriented Architecture SOA environments and non-SOA environments. A cross-site request...

6.5CVSS6.6AI score0.00239EPSS
Exploits0References2
OSV
OSV
added 2024/03/06 11:7 a.m.28 views

BIT-DISCOURSE-2022-21684 User can bypass approval when invited to Discourse

Discourse is an open source discussion platform. Versions prior to 2.7.13 in stable, 2.8.0.beta11 in beta, and 2.8.0.beta11 in tests-passed allow some users to log in to a community before they should be able to do so. A user invited via email to a forum with mustapproveusers enabled is going to ...

8.8CVSS5.9AI score0.00964EPSS
Exploits0References4
OSV
OSV
added 2024/03/06 10:53 a.m.15 views

BIT-GHOST-2022-28397

An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file. NOTE: Vendor states as detailed in Ghost's security documentation, files can only be uploaded and published by trusted users, this is intentional...

9.8CVSS7.5AI score0.0325EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2024/03/06 12:0 a.m.2 views

PT-2024-2109 · Jenkins · Jenkins Html Publisher Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins HTML Publisher Plugin versions 1.32 and earlier Description: The issue exists due to the lack of protection for the web page structure. This can be exploited by a remote attacker to conduct cross-site scripting attacks. The...

9CVSS4.5AI score0.00681EPSS
Exploits0References12
OSV
OSV
added 2024/01/19 2:15 a.m.7 views

CVE-2023-47718

IBM Maximo Asset Management 7.6.1.3 and Manage Component 8.10 through 8.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 271843...

8.8CVSS5.7AI score0.00295EPSS
Exploits0References3
Gentoo Linux
Gentoo Linux
added 2024/01/14 12:0 a.m.40 views

libgit2: Privilege Escalation Vulnerability

Background libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API. Description A vulnerability has been discovered in libgit2. Please review the CVE identifier referenced below for details. Impact Usages of a malicious craft...

7.8CVSS7.3AI score0.00441EPSS
Exploits0
OSV
OSV
added 2024/01/05 9:21 p.m.13 views

GHSA-7HFX-H3J3-RWQ4 D-Tale server-side request forgery through Web uploads

Impact Users hosting D-Tale publicly can be vulnerable to server-side request forgery SSRF allowing attackers to access files on the server. Patches Users should upgrade to version 3.9.0 where the "Load From the Web" input is turned off by default. You can find out more information on how to turn...

7.5CVSS7.4AI score0.00711EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/01/05 9:11 p.m.1 views

CVE-2024-21642 D-Tale server-side request forgery through Web uploads

D-Tale is a visualizer for Pandas data structures. Users hosting versions D-Tale prior to 3.9.0 publicly can be vulnerable to server-side request forgery SSRF, allowing attackers to access files on the server. Users should upgrade to version 3.9.0, where the Load From the Web input is turned off ...

7.5CVSS7.1AI score0.00711EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/01/05 9:11 p.m.43 views

CVE-2024-21642 D-Tale server-side request forgery through Web uploads

D-Tale is a visualizer for Pandas data structures. Users hosting versions D-Tale prior to 3.9.0 publicly can be vulnerable to server-side request forgery SSRF, allowing attackers to access files on the server. Users should upgrade to version 3.9.0, where the Load From the Web input is turned off ...

7.5CVSS7.8AI score0.00711EPSS
Exploits0References3
OSV
OSV
added 2023/12/01 8:15 p.m.6 views

CVE-2023-38268

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 260585...

8.8CVSS5.7AI score0.00299EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/10/30 12:0 a.m.5 views

baserCMS 跨站请求伪造漏洞

baserCMS is an enterprise-level content management system CMS from the baserCMS team. A cross-site request forgery vulnerability exists in baserCMS versions prior to 4.8.0, which stems from the content preview feature not adequately verifying whether a request comes from a trusted user. This...

9.8CVSS6.7AI score0.00347EPSS
Exploits0References4
NVD
NVD
added 2023/10/25 9:15 p.m.22 views

CVE-2023-46134

D-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data structures. Prior to version 3.7.0, users hosting D-Tale publicly can be vulnerable to remote code execution, allowing attackers to run malicious code on the server. This issue has been patched in...

9.8CVSS7.1AI score0.00756EPSS
Exploits0References2
OSV
OSV
added 2023/10/25 8:51 p.m.21 views

CVE-2023-46134 D-Tale vulnerable to Remote Code Execution through the Custom Filter Input

D-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data structures. Prior to version 3.7.0, users hosting D-Tale publicly can be vulnerable to remote code execution, allowing attackers to run malicious code on the server. This issue has been patched in...

6.1CVSS9.2AI score0.00756EPSS
Exploits0References4
OSV
OSV
added 2023/10/25 2:20 p.m.31 views

GHSA-JQ6C-R9XF-QXJM dtale vulnerable to Remote Code Execution through the Custom Filter Input

Impact Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Patches Users should upgrade to version 3.7.0 where the "Custom Filter" input is turned off by default. You can find out more information on how to turn it back ...

6.1CVSS8.2AI score0.00756EPSS
Exploits0References4
Veracode
Veracode
added 2023/08/31 10:27 a.m.20 views

Deserialization Of Untrusted Data

Apache Airflow Spark Provider is vulnerable to deserialization of untrusted data. The vulnerability occurs when an authorized Airflow user configures Spark hooks on an Airflow node pointing it to a malicious Spark server in an Airflow deployment causing arbitrary code to be run on that Airflow...

8.8CVSS6.9AI score0.01413EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2023/08/28 8:15 a.m.18 views

CVE-2023-40195

Deserialization of Untrusted Data, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Software Foundation Apache Airflow Spark Provider. When the Apache Spark provider is installed on an Airflow deployment, an Airflow user that is authorized to configure Spark hooks...

8.8CVSS8.7AI score0.01413EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2023/08/16 4:49 p.m.78 views

CVE-2023-32360

A vulnerability was found in OpenPrinting CUPS. Unauthorized users are permitted to fetch documents over local or remote networks, leading to confidentiality breach. Mitigation The user can either set 'PreserveJobFiles No' in cupsd.conf which will completely shut off the saving the job files,...

6.5CVSS5.7AI score0.00347EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/07/21 12:0 a.m.6 views

PT-2023-26171 · Indico · Indico

Name of the Vulnerable Software and Affected Versions: Indico versions prior to 3.2.6 Description: There is a Cross-Site-Scripting issue in confirmation prompts used when deleting content from Indico. Exploitation requires someone with at least submission privileges and then someone else to attem...

5.4CVSS5.2AI score0.00433EPSS
Exploits0References11
Prion
Prion
added 2023/06/16 4:15 a.m.26 views

Privilege escalation

Bludit v3.14.1 was discovered to contain an arbitrary file upload vulnerability in the component /admin/new-content. This vulnerability allows attackers to execute arbitrary web scripts or HTML via uploading a crafted SVG file. NOTE: the product's security model is that users are trusted by the...

4.9CVSS5.9AI score0.00804EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder