Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

CVE
CVEadded 2023/03/28 8:2 p.m.60 views

CVE-2023-28637

CVE-2023-28637 affects DataEase when using the AWS Redshift data source ; lack of data sanitization can enable remote code execution . The issue is tied to how input is sanitized by the Redshift source, and multiple sources reiterate this vulnerability. A fix is available in DataEase ≥ 1.18.5 ; u...

8.8CVSS8.6AI score0.01804EPSS
Exploits1References1Affected Software1
NVD
NVDadded 2023/03/24 9:15 p.m.10 views

CVE-2023-28435

Dataease is an open source data visualization and analysis tool. The permissions for the file upload interface is not checked so users who are not logged in can upload directly to the background. The file type also goes unchecked, users could upload any type of file. These vulnerabilities has bee...

6.5CVSS6.7AI score0.00629EPSS
Exploits1References2
Github Security Blog
Github Security Blogadded 2021/11/30 10:21 p.m.24 views

XSS via prototype pollution in NodeBB

Impact A prototype pollution vulnerability in the uploader module allowed a malicious user to inject arbitrary data i.e. javascript into the DOM, theoretically allowing for an account takeover when used in conjunction with a path traversal vulnerability disclosed at the same time as this report...

9CVSS1.3AI score0.0041EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blogadded 2021/11/30 10:20 p.m.29 views

NodeBB vulnerable to path traversal in translator module

Impact Prior to v1.18.5, a path traversal vulnerability was present that allowed users to access JSON files outside of the expected languages/ directory. Patches The vulnerability has been patched as of v1.18.5. Workarounds Cherry-pick commit hash c8b2fc46dc698db687379106b3f01c71b80f495f to recei...

5CVSS1.8AI score0.0252EPSS
Exploits1References6Affected Software1
OSV
OSVadded 2021/11/29 8:15 p.m.12 views

CVE-2021-43787

Nodebb is an open source Node.js based forum software. In affected versions a prototype pollution vulnerability in the uploader module allowed a malicious user to inject arbitrary data i.e. javascript into the DOM, theoretically allowing for an account takeover when used in conjunction with a pat...

6.1CVSS6.6AI score
Exploits0References4
CVE
CVEadded 2021/11/29 7:30 p.m.53 views

CVE-2021-43787

NodeBB (NodeBB) contains a prototype pollution vulnerability in the uploader module affecting multiple 1.x versions, leading to arbitrary data injection into the DOM and potential account takeover when combined with a path traversal issue. The issue is documented under CVE-2021-43787 and has been...

9CVSS6.4AI score0.0041EPSS
Exploits1References4Affected Software1
Cvelist
Cvelistadded 2021/11/29 7:30 p.m.9 views

CVE-2021-43787 XSS via prototype pollution

Nodebb is an open source Node.js based forum software. In affected versions a prototype pollution vulnerability in the uploader module allowed a malicious user to inject arbitrary data i.e. javascript into the DOM, theoretically allowing for an account takeover when used in conjunction with a pat...

9CVSS9.2AI score0.0041EPSS
Exploits1References4
Rows per page
Query Builder