Lucene search
K

7 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/10/16 8:17 a.m.5 views

Multiple vulnerabilities in ChatLuck

Overview ChatLuck provided by NEOJAPAN Inc. contains multiple vulnerabilities listed below. Cross-site scripting vulnerability in Chat Rooms CWE-79 - CVE-2025-53858 Insufficient granularity of access control vulnerability in Invitation of Guest Users CWE-1220 - CVE-2025-54461 Cross-site scripting...

6.9CVSS6.7AI score0.00296EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-2922

Malicious code in bioql PyPI...

4.3CVSS5.1AI score0.01045EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-51736

Malicious code in bioql PyPI...

8CVSS7.8AI score0.00472EPSS
Exploits0References1
OSV
OSV
added 2024/03/06 11:3 a.m.11 views

BIT-PARSE-2021-41109 LiveQuery publishes user session tokens

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.4, for regular non-LiveQuery queries, the session token is removed from the response, but for LiveQuery payloads it is currently not. If a user has a LiveQuery subscriptio...

7.5CVSS7.4AI score0.01206EPSS
Exploits0References4
Prion
Prion
added 2021/09/30 3:15 p.m.24 views

Session fixation

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.4, for regular non-LiveQuery queries, the session token is removed from the response, but for LiveQuery payloads it is currently not. If a user has a LiveQuery subscriptio...

4.3CVSS7.5AI score0.01206EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2018/06/06 6:19 a.m.24 views

CVE-2018-1000193

A improper neutralization of control sequences vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in HudsonPrivateSecurityRealm.java that allows users to sign up using user names containing control characters that can then appear to have the same name as other users, and canno...

4.3CVSS4.7AI score0.01045EPSS
Exploits0References2
NVD
NVD
added 2018/06/05 9:29 p.m.23 views

CVE-2018-1000193

A improper neutralization of control sequences vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in HudsonPrivateSecurityRealm.java that allows users to sign up using user names containing control characters that can then appear to have the same name as other users, and canno...

4.3CVSS5.5AI score0.01045EPSS
Exploits0References2
Rows per page
Query Builder