Lucene search
K

18 matches found

Cvelist
Cvelist
added 2026/06/01 10:10 a.m.33 views

CVE-2026-49328 Apache Fesod (Incubating): Improper validation of user-supplied URLs leading to SSRF

Server-Side Request Forgery SSRF in the UrlImageConverter component of Apache Fesod Incubating fesod-sheet before 2.0.2-incubating allows attackers to cause outbound network requests to internal or otherwise restricted resources via a user-supplied image URL. Users are recommended to upgrade to...

0.00502EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.13 views

PT-2026-45399

Name of the Vulnerable Software and Affected Versions Apache Fesod Incubating fesod-sheet versions prior to 2.0.2-incubating Description Server-Side Request Forgery SSRF in the UrlImageConverter component allows attackers to trigger outbound network requests to internal or restricted resources by...

5.3CVSS5.8AI score0.00502EPSS
Exploits0References9
Snyk
Snyk
added 2026/04/23 2:28 p.m.6 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the put function. An attacker can overwrite or create arbitrary files in the webroot by enticing a user to visit a malicious website, which then issues crafted PUT requests through the victim's browse...

7.1CVSS5.9AI score0.00165EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/22 2:52 p.m.9 views

Insecure Default Initialization of Resource

Overview engramx is a The context spine for AI coding agents. 9 built-in providers + mcpConfig plugin contract wrap any MCP server in 10 lines, generic MCP-client aggregator stdio, pre-mortem mistake-guard, bi-temporal mistake memory, Anthropic Auto-Memory bridge, SSE stre Affected versions of th...

8.6CVSS5.8AI score
Exploits0References5
Snyk
Snyk
added 2026/03/27 5:56 p.m.3 views

Permissive List of Allowed Inputs

Overview express-xss-sanitizer is an Express 4.x middleware which sanitizes user input data in req.body, req.query, req.headers and req.params to prevent Cross Site Scripting XSS attack. Affected versions of this package are vulnerable to Permissive List of Allowed Inputs through the...

8.8CVSS5.9AI score0.00382EPSS
Exploits1References3
F5 Networks
F5 Networks
added 2026/01/26 3:44 p.m.20 views

K000159707: NPM vulnerability CVE-2025-59145

Security Advisory Description color-name is a JSON with CSS color names. On 8 September 2025, an npm publishing account for color-name was taken over after a phishing attack. Version 2.0.1 was published, functionally identical to the previous patch version, but with a malware payload added...

8.8CVSS5.9AI score0.00473EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/22 11:24 a.m.8 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in multer-2.0.1.tgz

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in multer-2.0.1.tgz Vulnerability Details CVEID:CVE-2025-7338 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. A vulnerability that is present starting in version 1.4.4-lts....

7.5CVSS6.4AI score0.00644EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2025/09/15 8:32 p.m.11 views

CVE-2025-59145 [email protected] contains malware after npm account takeover

color-name is a JSON with CSS color names. On 8 September 2025, an npm publishing account for color-name was taken over after a phishing attack. Version 2.0.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrenc...

8.8CVSS0.00473EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/04/04 12:0 a.m.7 views

PT-2025-14932 · Joomsky · Joomsky Js Job Manager

Name of the Vulnerable Software and Affected Versions: JoomSky JS Job Manager versions n/a through 2.0.2 Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion' vulnerability. This allows PHP Loca...

8.8CVSS9AI score0.00669EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/18 4:58 p.m.27 views

Security Bulletin: Vulnerability in Perl affects IBM watsonx.data

Summary For CVE-2020-10878, if a user submits a specially-crafted regular expression and it is used in a regex by watsonx.data, this may cause an instruction injection. Currently, IBM watsonx.data is not vulnerable to the vulnerabilities described in CVE-2020-10543, CVE-2020-12723 and...

8.6CVSS8.5AI score0.12608EPSS
Exploits1Affected Software1
Positive Technologies
Positive Technologies
added 2024/03/05 12:0 a.m.10 views

PT-2024-22139

Name of the Vulnerable Software and Affected Versions TOMP Bare Server versions prior to 2.0.2 Description A vulnerability in TOMP Bare Server relates to insecure handling of HTTP requests by the @tomphttp/bare-server-node package. This flaw potentially exposes the users of the package to...

9.8CVSS9AI score0.00823EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2024/01/21 12:0 a.m.7 views

PT-2024-10571 · Go4Rayyan · Scumblr

Name of the Vulnerable Software and Affected Versions: go4rayyan Scumblr versions up to 2.0.1a Description: A problematic issue has been found in the component Task Handler, leading to cross site scripting. The manipulation can be launched remotely. It is estimated that some unknown functionality...

6.1CVSS6.5AI score0.00592EPSS
Exploits0References8
Snyk
Snyk
added 2023/06/26 3:15 p.m.5 views

Command Injection

Overview git-commit-info is a Get the info of an specific commit hash Affected versions of this package are vulnerable to Command Injection such that the package-exported method gitCommitInfo fails to sanitize its parameter commit, which later flows into a sensitive command execution API. As a...

9.8CVSS7.4AI score0.03638EPSS
Exploits1References2
OSV
OSV
added 2022/11/10 8:15 p.m.3 views

UBUNTU-CVE-2022-39394

Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's C API implementation where the definition of the wasmtimetrapcode does not match its declared signature in the wasmtime/trap.h header file. This discrepancy causes the function implementation to...

9.8CVSS7.3AI score0.00315EPSS
Exploits0References4
OSV
OSV
added 2022/11/10 8:15 p.m.2 views

UBUNTU-CVE-2022-39393

Wasmtime is a standalone runtime for WebAssembly. Prior to versions 2.0.2 and 1.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator where when a linear memory is reused for another instance the initial heap snapshot of the prior instance can be visible, erroneously ...

8.6CVSS5.7AI score0.00657EPSS
Exploits0References4
Snyk
Snyk
added 2022/07/01 8:50 a.m.4 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data using YAML.load if the response is a YAML type. This is exploitable only if the attacker is in control of an opensearch server and convinces the victim to connect to it. Details Serialization is a proce...

8.8CVSS7AI score0.01501EPSS
Exploits1References2
Snyk
Snyk
added 2021/03/15 5:8 p.m.3 views

Open Redirect

Overview koa-remove-trailing-slashes is a Koa middleware that makes sure all requests does not have trailing slashes Affected versions of this package are vulnerable to Open Redirect via the use of trailing double slashes in the URL when accessing the vulnerable endpoint such as...

5.8CVSS7AI score0.00835EPSS
Exploits1References2
Snyk
Snyk
added 2020/12/14 10:10 p.m.1 views

Command Injection

Overview image-tiler is a package that creates zoom tile pyramids from a large image. There are other packages very similar to this one, but none did exactly what I needed, so I made mine. Affected versions of this package are vulnerable to Command Injection. PoC var tile =...

9.8CVSS6.9AI score0.01222EPSS
Exploits1References2
Rows per page
Query Builder