Lucene search
K

7 matches found

Snyk
Snyk
added 2026/04/16 9:24 p.m.5 views

Command Injection

Overview electerm is an open-sourced terminal/ssh/telnet/serialport/sftp client Affected versions of this package are vulnerable to Command Injection via the runMac and runLinux functions. An attacker can execute arbitrary system commands and compromise the system by supplying malicious remote...

9.8CVSS6AI score0.01572EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/08 12:0 a.m.14 views

PT-2026-2115

Name of the Vulnerable Software and Affected Versions OWASP Core Rule Set versions prior to 4.22.0 OWASP Core Rule Set versions prior to 3.3.8 Description A bug in rule 922110 affects the processing of multipart requests with multiple parts. When the first rule in a chain iterates over a collecti...

9.3CVSS6AI score0.13124EPSS
Exploits4References64
Github Security Blog
Github Security Blog
added 2025/09/10 8:28 p.m.6 views

Indico vulnerable to Cross-Site Scripting via LaTeX math code

Impact There is a Cross-Site-Scripting vulnerability when rendering LaTeX math code in contribution or abstract descriptions. Patches You should to update to Indico 3.3.8 as soon as possible. See the docs for instructions on how to update. Workarounds Only let trustworthy users create content on...

5.4CVSS7.1AI score0.00189EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2025/09/10 8:27 p.m.3 views

Authorization Bypass Through User-Controlled Key

Overview indico is a conference lifecycle management and meeting/lecture scheduling tool. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the legacy API for retrieving user details. An attacker can access profile information of other users...

5.3CVSS6.5AI score0.00235EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/10 4:3 p.m.9 views

CVE-2025-59035 Indico vulnerable to Cross-Site Scripting via LaTeX math code

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Prior to version 3.3.8, there is a Cross-Site-Scripting vulnerability when rendering LaTeX math code in contribution or abstract descriptions. Users should to update to Indico 3.3.8 as...

4.6CVSS0.00189EPSS
Exploits0References2
OSV
OSV
added 2025/09/10 4:3 p.m.6 views

CVE-2025-59035 Indico vulnerable to Cross-Site Scripting via LaTeX math code

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Prior to version 3.3.8, there is a Cross-Site-Scripting vulnerability when rendering LaTeX math code in contribution or abstract descriptions. Users should to update to Indico 3.3.8 as...

4.6CVSS7AI score0.00189EPSS
Exploits0References4
OSV
OSV
added 2025/09/10 4:1 p.m.7 views

CVE-2025-59034 Indico may disclose unauthorized user details access via legacy API

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Prior to version 3.3.8, a legacy API to retrieve user details could be misused to retrieve profile details of other users without having admin permissions due to a broken access check...

4.3CVSS6.7AI score0.00235EPSS
Exploits0References4
Rows per page
Query Builder