Lucene search
K

11 matches found

Github Security Blog
Github Security Blog
added 2026/06/16 7:1 p.m.8 views

n8n: Merge Node SQL Mode Prototype Pollution

Impact An authenticated user with permission to create or modify workflows could pollute the sandbox used by the Merge node's SQL Query mode. Because the sandbox context was cached and reused across all workflow executions on the instance, prototype mutations introduced by one user's workflow...

7.7CVSS5.8AI score0.00316EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2026/04/15 5:31 p.m.6 views

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: tomcat10: tomcat10-10.1.54-1.hum1 noarch tomcat10-admin-webapps-10.1.54-1.hum1 noarch tomcat10-common-10.1.54-1.hum1 noarch tomcat10-docs-webapp-10.1.54-1.hum1 noarch...

9.6CVSS6.9AI score0.66535EPSS
Exploits4References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2024-16553

Malicious code in bioql PyPI...

9.6CVSS9.4AI score0.00579EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/02/04 11:3 p.m.7 views

CVE-2024-0765

As a default user on a multi-user instance of AnythingLLM, you could execute a call to the /export-data endpoint of the system and then unzip and read that export that would enable you do exfiltrate data of the system at that save state. This would require the attacked to be granted explicit acce...

9.6CVSS6.8AI score0.00579EPSS
Exploits1References1
Circl
Circl
added 2024/07/11 1:35 a.m.5 views

CVE-2024-39558

creationtimestamp| type| source ---|---|--- 2024-07-11 01:35:25+00:00| seen| https://t.me/cvedetector/608 2025-02-07 22:03:06+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/3842...

7.1CVSS6.5AI score0.00259EPSS
Exploits0References2
OSV
OSV
added 2024/03/03 3:15 p.m.15 views

CVE-2024-0765

As a default user on a multi-user instance of AnythingLLM, you could execute a call to the /export-data endpoint of the system and then unzip and read that export that would enable you do exfiltrate data of the system at that save state. This would require the attacked to be granted explicit acce...

6.5CVSS6.9AI score
Exploits0References2
Prion
Prion
added 2024/03/03 3:15 p.m.17 views

Design/Logic Flaw

As a default user on a multi-user instance of AnythingLLM, you could execute a call to the /export-data endpoint of the system and then unzip and read that export that would enable you do exfiltrate data of the system at that save state. This would require the attacked to be granted explicit acce...

5.5CVSS7.3AI score0.00579EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/03/03 2:13 p.m.25 views

CVE-2024-0765 Default user role exporting save state of instance

As a default user on a multi-user instance of AnythingLLM, you could execute a call to the /export-data endpoint of the system and then unzip and read that export that would enable you do exfiltrate data of the system at that save state. This would require the attacked to be granted explicit acce...

9.6CVSS9.4AI score0.00579EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/03/03 2:13 p.m.11 views

CVE-2024-0765 Default user role exporting save state of instance

As a default user on a multi-user instance of AnythingLLM, you could execute a call to the /export-data endpoint of the system and then unzip and read that export that would enable you do exfiltrate data of the system at that save state. This would require the attacked to be granted explicit acce...

9.6CVSS9.2AI score0.00579EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2022/09/30 8:25 p.m.5 views

CVE-2022-39268 orchest vulnerable to cross-site request forgery that allows control of a user instance

Impact In a CSRF attack, an innocent end user is tricked by an attacker into submitting a web request that they did not intend. This may cause actions to be performed on the website that can include inadvertent client or server data leakage, change of session state, or manipulation of an end user...

8.1CVSS8AI score0.00382EPSS
Exploits0References4
NVD
NVD
added 2021/09/29 2:15 p.m.23 views

CVE-2021-25959

In OpenCRX, versions v4.0.0 through v5.1.0 are vulnerable to reflected Cross-site Scripting XSS, due to unsanitized parameters in the password reset functionality. This allows execution of external javascript files on any user of the openCRX instance...

6.1CVSS0.00838EPSS
Exploits0References2
Rows per page
Query Builder