32 matches found
EUVD-2017-15727
Malware in sbrugna...
EUVD-2021-13403
Malware in sbrugna...
EUVD-2021-17053
Malware in sbrugna...
EUVD-2020-6480
Malware in sbrugna...
EUVD-2024-48395
Malicious code in bioql PyPI...
EUVD-2023-51098
Malicious code in bioql PyPI...
EUVD-2022-4259
Malicious code in bioql PyPI...
CVE-2024-8770
A Cross-Site Scripting XSS vulnerability was identified in the repository transfer feature of GitHub Enterprise Server, which allows attackers to steal sensitive user information via social engineering. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version...
CVE-2023-46935
eyoucms v1.6.4 is vulnerable Cross Site Scripting XSS, which can lead to stealing sensitive information of logged-in users...
K000149858: Apache Tomcat vulnerability CVE-2024-52318
Security Advisory Description Incorrect object recycling and reuse vulnerability in Apache Tomcat. This issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96. Users are recommended to upgrade to version 11.0.1, 10.1.32 or 9.0.97, which fixes the issue. CVE-2024-52318 Impact This vulnerability may...
CVE-2025-1271 Reflected Cross-Site Scripting (XSS) vulnerability in H6Web
Reflected Cross-Site Scripting XSS in Anapi Group's h6web. This security flaw could allow an attacker to inject malicious JavaScript code into a URL. When a user accesses that URL, the injected code is executed in their browser, which can result in the theft of sensitive information, identity the...
CVE-2024-7475
An improper access control vulnerability in lunary-ai/lunary version 1.3.2 allows an attacker to update the SAML configuration without authorization. This vulnerability can lead to manipulation of authentication processes, fraudulent login requests, and theft of user information. Appropriate acce...
CVE-2024-56924
CVE-2024-56924 affects Code Astro Internet Banking System 2.0.0. The vulnerability is a Cross Site Request Forgery (CSRF) that can allow remote attackers to have an authenticated admin execute arbitrary JavaScript on the admin page (pages_account), potentially changing account settings or exfiltr...
lunary access control error vulnerability (CNVD-2025-09695)
lunary is lunary open source a production toolkit for LLM . An access control error vulnerability exists in lunary that stems from not properly restricting permissions to update the SAML configuration. An attacker could use this vulnerability to modify the authentication process and steal user...
CVE-2024-7475
An improper access control vulnerability in lunary-ai/lunary version 1.3.2 allows an attacker to update the SAML configuration without authorization. This vulnerability can lead to manipulation of authentication processes, fraudulent login requests, and theft of user information. Appropriate acce...
CVE-2024-7475 Improper Access Control in lunary-ai/lunary
An improper access control vulnerability in lunary-ai/lunary version 1.3.2 allows an attacker to update the SAML configuration without authorization. This vulnerability can lead to manipulation of authentication processes, fraudulent login requests, and theft of user information. Appropriate acce...
CVE-2024-7475 Improper Access Control in lunary-ai/lunary
An improper access control vulnerability in lunary-ai/lunary version 1.3.2 allows an attacker to update the SAML configuration without authorization. This vulnerability can lead to manipulation of authentication processes, fraudulent login requests, and theft of user information. Appropriate acce...
CVE-2024-7475
CVE-2024-7475 describes an improper access control in lunary-ai/lunary 1.3.2 that lets an attacker update the SAML configuration without authorization. This could enable manipulation of authentication processes, fraudulent login requests, and theft of user information. Multiple connected sources ...
CVE-2024-8770
A Cross-Site Scripting XSS vulnerability was identified in the repository transfer feature of GitHub Enterprise Server, which allows attackers to steal sensitive user information via social engineering. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version...
CVE-2024-36421 GHSL-2023-234: Flowise Cors Misconfiguration in packages/server/src/index.ts
Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, A CORS misconfiguration sets the Access-Control-Allow-Origin header to all, allowing arbitrary origins to connect to the website. In the default configuration unauthenticated,...