Lucene search
K

25 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-41517

Malicious code in bioql PyPI...

5.4CVSS5.8AI score0.00346EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-16698

Malicious code in bioql PyPI...

10CVSS8.7AI score0.00999EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 4:4 a.m.6 views

CVE-2023-37635

UVDesk Community Skeleton v1.1.1 allows unauthenticated attackers to perform brute force attacks on the login page to gain access to the application...

9.8CVSS7.2AI score0.01151EPSS
Exploits1
NVD
NVD
added 2024/04/25 11:15 p.m.20 views

CVE-2024-0916

Unauthenticated file upload allows remote code execution. This issue affects UvDesk Community: from 1.0.0 through 1.1.3...

10CVSS9.8AI score0.00999EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/04/25 11:2 p.m.13 views

CVE-2024-0916 Unauthenticated Remote Code Execution in UvDesk Community

Unauthenticated file upload allows remote code execution. This issue affects UvDesk Community: from 1.0.0 through 1.1.3...

10CVSS7.6AI score0.00999EPSS
Exploits0References2
CVE
CVE
added 2024/04/25 11:2 p.m.79 views

CVE-2024-0916

CVE-2024-0916 affects UVdesk Community (1.0.0–1.1.3) and is due to insufficient input validation that allows unauthenticated file uploads leading to Remote Code Execution (RCE). Public sources describe the vulnerability as an unauthenticated file upload enabling code execution, with references no...

10CVSS9.7AI score0.00999EPSS
Exploits0References2
OSV
OSV
added 2024/04/25 11:2 p.m.15 views

CVE-2024-0916 Unauthenticated Remote Code Execution in UvDesk Community

Unauthenticated file upload allows remote code execution. This issue affects UvDesk Community: from 1.0.0 through 1.1.3...

10CVSS7.5AI score0.00999EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/04/25 12:0 a.m.5 views

PT-2024-15917 · Unknown · Uvdesk Community

Name of the Vulnerable Software and Affected Versions: UvDesk Community versions 1.0.0 through 1.1.3 Description: Unauthenticated file upload allows remote code execution. Recommendations: For UvDesk Community versions 1.0.0 through 1.1.3, consider disabling the file upload feature until a patch ...

10CVSS7.8AI score0.00999EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2024/04/02 12:0 a.m.14 views

CVE-2024-3137 Improper Privilege Management in uvdesk/community-skeleton

Improper Privilege Management in uvdesk/community-skeleton...

7.1CVSS6.9AI score0.00358EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/04/02 12:0 a.m.11 views

PT-2024-24015 · Unknown · Uvdesk Community Skeleton

Name of the Vulnerable Software and Affected Versions: uvdesk/community-skeleton affected versions not specified Description: The issue concerns improper privilege management. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability...

7.1CVSS7.1AI score0.00358EPSS
Exploits0References5
NVD
NVD
added 2023/10/23 9:15 p.m.21 views

CVE-2023-37636

A stored cross-site scripting XSS vulnerability in UVDesk Community Skeleton v1.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field when creating a ticket...

5.4CVSS5.3AI score0.00346EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2023/10/23 9:15 p.m.4 views

CVE-2023-37635

UVDesk Community Skeleton v1.1.1 allows unauthenticated attackers to perform brute force attacks on the login page to gain access to the application...

9.8CVSS7.4AI score0.01151EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2023/10/23 9:15 p.m.6 views

CVE-2023-37636

A stored cross-site scripting XSS vulnerability in UVDesk Community Skeleton v1.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field when creating a ticket...

5.4CVSS6.2AI score0.00346EPSS
Exploits1References2
Prion
Prion
added 2023/10/23 9:15 p.m.15 views

Cross site scripting

A stored cross-site scripting XSS vulnerability in UVDesk Community Skeleton v1.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field when creating a ticket...

4.9CVSS5.2AI score0.00346EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2023/10/23 9:15 p.m.23 views

Code injection

UVDesk Community Skeleton v1.1.1 allows unauthenticated attackers to perform brute force attacks on the login page to gain access to the application...

7.5CVSS9.6AI score0.01151EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/10/23 12:0 a.m.4 views

PT-2023-26052 · Unknown · Uvdesk Community Skeleton

Name of the Vulnerable Software and Affected Versions: UVDesk Community Skeleton version 1.1.1 Description: The issue allows unauthenticated attackers to perform brute force attacks on the login page to gain access to the application. This can be done through the login page, allowing attackers to...

9.8CVSS9.5AI score0.01151EPSS
Exploits1References7
CVE
CVE
added 2023/10/23 12:0 a.m.54 views

CVE-2023-37636

CVE-2023-37636 concerns UVDesk Community Skeleton v1.1.1, with a stored XSS vulnerability in the Message field used when creating a ticket. The issue allows attackers to inject arbitrary web scripts/HTML, potentially affecting users who view crafted tickets. The primary technical detail across so...

5.4CVSS5.2AI score0.00346EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/10/23 12:0 a.m.57 views

CVE-2023-37635

CVE-2023-37635 affects UVDesk Community Skeleton v1.1.1, described as an unauthenticated brute-force login vulnerability that could allow access to the application. Concrete detail: login-page brute-force on UVDesk Community Skeleton 1.1.1. Root cause and exact exploit path are not detailed in th...

9.8CVSS9.6AI score0.01151EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/23 12:0 a.m.12 views

CVE-2023-37636

A stored cross-site scripting XSS vulnerability in UVDesk Community Skeleton v1.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field when creating a ticket...

5.6AI score0.00346EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2023/03/06 6:30 p.m.37 views

uvdesk/community-skeleton vulnerable to Stored Cross-site Scripting

Cross-site Scripting XSS - Stored in GitHub repository uvdesk/community-skeleton prior to 1.1.0...

4.8CVSS5AI score0.00398EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder