Lucene search
K

9 matches found

EUVD
EUVD
added 2026/06/22 6:55 a.m.9 views

EUVD-2025-210295

Apache Doris MCP Server contains a SQL injection vulnerability in a metadata query path. A user-controlled database name is directly interpolated into a SQL query, and the query is executed without passing the caller's authorization context. This may allow an authenticated attacker, or an anonymo...

8.1CVSS5.9AI score0.00375EPSS
Exploits0References1
OSV
OSV
added 2026/05/29 7:8 p.m.15 views

GHSA-3CV2-H65G-FGMM astral-tokio-tar has a PAX Header Desynchronization issue

Impact Versions of astral-tokio-tar prior to 0.6.2 contain a PAX header interpretation bug that allows manipulated entries to be made selectively visible or invisible during extraction with astral-tokio-tar versus other tar implementations. An attacker could use this differential to smuggle...

6.9CVSS5.8AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/06 5:26 p.m.20 views

astral-tokio-tar is Vulnerable to PAX Header Desynchronization

Impact Versions of astral-tokio-tar prior to 0.6.1 contain a PAX header interpretation bug that allows manipulated entries to be made selectively visible or invisible during extraction with astral-tokio-tar versus other tar implementations. An attacker could use this differential to smuggle...

5.8AI score
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/04/20 3:49 p.m.8 views

SQL Injection

Overview doris-mcp-server is an Enterprise-grade Model Context Protocol MCP server implementation for Apache Doris Affected versions of this package are vulnerable to SQL Injection due to improper neutralization in the query context handling process. An attacker can execute unintended SQL...

6.9CVSS6.1AI score0.00655EPSS
Exploits0References2
Snyk
Snyk
added 2024/12/01 6:31 a.m.2 views

Access Control Bypass

Overview docksible is a Deploy and set up Docker Compose based web apps with Ansible Affected versions of this package are vulnerable to Access Control Bypass. This vulnerability allows attackers to exploit the /xmlrpc.php endpoint in WordPress, enabling brute force attacks, DDoS attacks, and...

7.3CVSS8AI score
Exploits0References3
Snyk
Snyk
added 2024/11/12 6:43 p.m.3 views

Arbitrary Code Injection

Overview torchgeo is a TorchGeo: datasets, samplers, transforms, and pre-trained models for geospatial data Affected versions of this package are vulnerable to Arbitrary Code Injection via the handling of specific data inputs. An attacker can execute arbitrary code on the system. Remediation...

9.2CVSS8.2AI score0.01221EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/07/01 12:0 a.m.4 views

PT-2024-28437 · Toy-Blog · Toy-Blog

Name of the Vulnerable Software and Affected Versions: toy-blog versions 0.5.4 through 0.6.0 Description: The issue allows articles with private visibility to be read without proper credentials. This can lead to unauthorized access to sensitive information. Users are advised to upgrade to a newer...

6.5CVSS7AI score0.00367EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/02/12 12:0 a.m.5 views

PT-2023-11360 · Unknown · Simple-Markdown

Name of the Vulnerable Software and Affected Versions: simple-markdown version 0.6.0 Description: A problematic vulnerability was found in the simple-markdown software, affecting an unknown function of the file simple-markdown.js. The issue arises from inefficient regular expression complexity wh...

7.5CVSS7.1AI score0.01097EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2019/12/05 12:0 a.m.7 views

PT-2019-6839

Name of the Vulnerable Software and Affected Versions haskell-tls-extra versions prior to 0.6.1 Description The issue concerns a problem with certificate validation where the Basic Constraints attribute is not properly checked. This means any certificate is treated as a CA certificate, allowing a...

7.4CVSS7.5AI score0.01047EPSS
Exploits0References11
Rows per page
Query Builder