Lucene search
K

28 matches found

CVE
CVE
added 2026/06/22 7:47 a.m.19 views

CVE-2025-62198

CVE-2025-62198 affects Apache Atlas versions 2.4.0 and earlier. The issue is a stored XSS on the Create Entity page that can be triggered by an authenticated user. Affected software is clearly specified as Apache Atlas; the root cause is a stored XSS in the Create Entity flow. The recommended mit...

5.4CVSS5.8AI score0.00315EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/22 7:47 a.m.34 views

CVE-2025-62198 Apache Atlas: Stored XSS in Create Entity page

An authenticated user can perform XSS. This issue affects Apache Atlas versions 2.4.0 and earlier. Users are recommended to upgrade to version 2.5.0, which fixes the issue...

0.00315EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.9 views

CVE-2025-15632

A vulnerability has been found in 1Panel-dev MaxKB up to 2.4.2. Impacted is an unknown function of the file ui/src/chat.ts of the component MdPreview. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed to the public and may be used...

5.1CVSS3.6AI score0.00266EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.9 views

CVE-2026-40563

Description: Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Atlas Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. Attacker can alter Gremlin traversal logic within grammar-allowed characters to access unintended data Affect...

8.1CVSS5.4AI score0.00464EPSS
Exploits0References1
OSV
OSV
added 2026/05/04 6:30 p.m.5 views

GHSA-35XX-9XRG-GWHF Apache Atlas has a Code Injection Vulnerability

Description: Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Atlas. Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. Attacker can alter Gremlin traversal logic within grammar-allowed characters to access unintended data. Affected...

7.1CVSS5.8AI score0.00464EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/04 6:30 p.m.20 views

Apache Atlas has a Code Injection Vulnerability

Description: Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Atlas. Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. Attacker can alter Gremlin traversal logic within grammar-allowed characters to access unintended data. Affected...

8.1CVSS5.8AI score0.00464EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/05/04 4:16 p.m.8 views

CVE-2026-40563

Description: Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Atlas Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. Attacker can alter Gremlin traversal logic within grammar-allowed characters to access unintended data Affect...

8.1CVSS0.00464EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/04 3:17 p.m.9 views

CVE-2026-40563 Apache Atlas: Script injection allows access to unintended data

Description: Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Atlas Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. Attacker can alter Gremlin traversal logic within grammar-allowed characters to access unintended data Affect...

5.8AI score0.00464EPSS
Exploits0References1
CVE
CVE
added 2026/05/04 3:17 p.m.20 views

CVE-2026-40563

CVE-2026-40563 concerns Apache Atlas where an exposed DSL search endpoint accepts user-supplied query strings, enabling a code injection that can alter Gremlin traversal logic and access unintended data. Affected versions range from 0.8 through 2.4.0. For Atlas deployments using non-default confi...

8.1CVSS5.8AI score0.00464EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/04 3:17 p.m.5 views

CVE-2026-40563

Description: Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Atlas Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. Attacker can alter Gremlin traversal logic within grammar-allowed characters to access unintended data Affect...

7.1CVSS5.8AI score0.00464EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/04 3:17 p.m.7 views

EUVD-2026-26979

Description: Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Atlas Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. Attacker can alter Gremlin traversal logic within grammar-allowed characters to access unintended data Affect...

7.1CVSS5.8AI score0.00464EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/13 9:30 a.m.2 views

CVE-2025-15632

A vulnerability has been found in 1Panel-dev MaxKB up to 2.4.2. Impacted is an unknown function of the file ui/src/chat.ts of the component MdPreview. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed to the public and may be used...

5.1CVSS4AI score0.00266EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2026/04/13 9:30 a.m.28 views

CVE-2025-15632 1Panel-dev MaxKB MdPreview chat.ts cross site scripting

A vulnerability has been found in 1Panel-dev MaxKB up to 2.4.2. Impacted is an unknown function of the file ui/src/chat.ts of the component MdPreview. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed to the public and may be used...

5.1CVSS0.00266EPSS
Exploits0References8
Snyk
Snyk
added 2026/03/25 10:6 p.m.4 views

Authorization Bypass Through User-Controlled Key

Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the Source Control feature when configured to use SSH, as the SSH command disables host key verification. An attacker can intercept repository dat...

7.4CVSS5.9AI score0.00288EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/02 12:0 a.m.7 views

PT-2026-1136

Name of the Vulnerable Software and Affected Versions Nuvation Energy Multi-Stack Controller MSC versions 2.3.8 through 2.5.0 Description An authentication bypass issue exists in Nuvation Energy Multi-Stack Controller MSC. This allows unauthenticated attackers to gain full control. The issue...

10CVSS7AI score0.0036EPSS
Exploits0References7
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/20 2:26 p.m.3 views

Security Bulletin: Astronomer with IBM is vulnerable to uncontrolled redirects due to the urllib3 package (CVE-2025-50181, CVE-2025-50182)

Summary urllib3 is used by Astronomer with IBM as part of the HTTP processing functionality. Vulnerability Details CVEID:CVE-2025-50181 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a...

6.1CVSS6AI score0.004EPSS
Exploits1Affected Software1
Snyk
Snyk
added 2025/08/08 12:32 p.m.5 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the FurySerializerFactory class, which handles serialized data. An attacker can execute arbitrary code by submitting crafted input to the affected component. Details Serialization is a process of...

9.8CVSS7.8AI score0.00561EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/08/08 12:32 p.m.12 views

Apache Seata: Deserialization of untrusted Data in Apache Seata Server

Deserialization of Untrusted Data vulnerability in Apache Seata incubating. This issue affects Apache Seata incubating: 2.4.0. Users are recommended to upgrade to version 2.5.0, which fixes the issue...

9.8CVSS6.2AI score0.00561EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2025/06/18 5:50 p.m.2 views

Open Redirect

Overview urllib3 is a HTTP library with thread-safe connection pooling, file post, and more. Affected versions of this package are vulnerable to Open Redirect when used within a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest, due to the retries and redirect...

6.1CVSS6.5AI score0.00313EPSS
Exploits0References2
Snyk
Snyk
added 2025/06/18 5:50 p.m.3 views

Open Redirect

Overview urllib3 is a HTTP library with thread-safe connection pooling, file post, and more. Affected versions of this package are vulnerable to Open Redirect due to the retries parameter being ignored during PoolManager instantiation. An attacker can access unintended resources or endpoints by...

6.1CVSS6.8AI score0.004EPSS
Exploits1References2
Rows per page
Query Builder