17 matches found
PT-2026-47446
Name of the Vulnerable Software and Affected Versions Nginx Proxy Manager versions 2.9.14 through 2.15.1 Description An authenticated remote code execution issue exists via OS command injection in the setupCertbotPlugins function located in backend/setup.js. Attackers with certificates:manage...
Moderate: Red Hat Security Advisory: Red Hat Advanced Cluster Management for Kubernetes v2.15.1 security update
Red Hat Advanced Cluster Management for Kubernetes 2.15 General Availability release images, which add new features and enhancements, bug fixes, and updated container images. Red Hat Advanced Cluster Management for Kubernetes 2.15 images Red Hat Advanced Cluster Management for Kubernetes provides...
EUVD-2024-47117
Malicious code in bioql PyPI...
EUVD-2023-1760
Malicious code in bioql PyPI...
BIT-MLFLOW-2024-8859 Path Traversal in mlflow/mlflow
A path traversal vulnerability exists in mlflow/mlflow version 2.15.1. When users configure and use the dbfs service, concatenating the URL directly into the file protocol results in an arbitrary file read vulnerability. This issue occurs because only the path part of the URL is checked, while...
CVE-2024-5083
A stored Cross-site Scripting vulnerability has been discovered in Sonatype Nexus Repository 2 This issue affects Nexus Repository 2 OSS/Pro versions up to and including 2.15.1...
CVE-2023-36827
Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. A path traversal directory traversal vulnerability affects fides versions lower than version 2.15.1, allowing...
CVE-2023-3445
Cross-site Scripting XSS - Stored in GitHub repository spinacms/spina prior to 2.15.1...
CVE-2024-8859 Path Traversal in mlflow/mlflow
A path traversal vulnerability exists in mlflow/mlflow version 2.15.1. When users configure and use the dbfs service, concatenating the URL directly into the file protocol results in an arbitrary file read vulnerability. This issue occurs because only the path part of the URL is checked, while...
EUVD-2024-47116
A Remote Code Execution vulnerability has been discovered in Sonatype Nexus Repository 2. This issue affects Nexus Repository 2 OSS/Pro versions up to and including 2.15.1...
PT-2024-9211 · Sonatype · Sonatype Nexus Repository
Name of the Vulnerable Software and Affected Versions: Sonatype Nexus Repository 2 versions up to and including 2.15.1 Description: A Remote Code Execution issue has been discovered, related to incorrect code generation management. This allows a remote attacker to execute arbitrary code by...
Fides Cross-Site Scripting Vulnerability
Fides is an open source privacy engineering platform for managing the implementation of data privacy requests in the runtime environment and the enforcement of privacy regulations in code. A cross-site scripting vulnerability exists in Fides 2.15.1 and earlier versions, which stems from the...
PYSEC-2023-107
Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. A path traversal directory traversal vulnerability affects fides versions lower than version 2.15.1, allowing...
CVE-2023-3445 Cross-site Scripting (XSS) - Stored in spinacms/spina
Cross-site Scripting XSS - Stored in GitHub repository spinacms/spina prior to 2.15.1...
PYSEC-2018-67
In the marshmallow library before 2.15.1 and 3.x before 3.0.0b9 for Python, the schema "only" option treats an empty list as implying no "only" option, which allows a request that was intended to expose no fields to instead expose all fields if the schema is being filtered dynamically using the...
MantisBT 2.1.0 - 2.15.0 'View Filters' And 'Edit Filter' Pages XSS Vulnerabilities - Linux
MantisBT is prone to multiple cross-site scripting XSS vulnerabilities. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...
Input validation
GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, or have their traffic modified in a...