Lucene search
+L

8 matches found

github
github
added 2026/04/24 12:30 p.m.8 views

Apache DolphinScheduler RPC module has a Deserialization of Untrusted Data vulnerability

Deserialization of Untrusted Data vulnerability in Apache DolphinScheduler RPC module. This issue affects Apache DolphinScheduler: Version = 3.2.0 and 3.3.1. Attackers who can access the Master or Worker nodes can compromise the system by creating a StandardRpcRequest, injecting a malicious class...

6.3CVSS5.8AI score0.00537EPSS
Exploits0References4Affected Software2
cve
cve
added 2025/06/12 6:45 p.m.53 views

CVE-2025-49577

Citizen is a MediaWiki skin; multiple connected sources describe a stored XSS vulnerability in the preference menu headings caused by unsanitized insertion of messages into raw HTML. Affected versions are prior to 3.3.1, and the issue is fixed in 3.3.1. Remediation: upgrade citizen-skin to versio...

6.5CVSS6.3AI score0.0035EPSS
Exploits1References3Affected Software1
cvelist
cvelist
added 2025/06/12 6:45 p.m.17 views

CVE-2025-49577 Citizen allows stored XSS in preference menu headings

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Various preferences messages are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This vulnerability is fixed in 3.3.1...

6.5CVSS0.0035EPSS
Exploits1References3
redhatcve
redhatcve
added 2025/05/09 6:7 p.m.9 views

CVE-2025-46828

WeGIA is a web manager for charitable institutions. An unauthenticated SQL Injection vulnerability was identified in versions up to and including 3.3.0 in the endpoint /html/socio/sistema/getsocios.php, specifically in the query parameter. This issue allows attackers to inject and execute arbitra...

10CVSS8.8AI score0.00496EPSS
Exploits1References1
github
github
added 2025/02/06 6:31 a.m.13 views

module-from-string prototype pollution

A prototype pollution in the lib.requireFromString function of module-from-string v3.3.1 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...

7.5CVSS6.7AI score0.00527EPSS
Exploits0References3Affected Software1
nvd
nvd
added 2025/02/05 10:15 p.m.9 views

CVE-2024-57072

A prototype pollution in the lib.requireFromString function of module-from-string v3.3.1 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...

7.5CVSS0.00527EPSS
Exploits0References1
cnvd
cnvd
added 2024/01/11 12:0 a.m.11 views

GTKWave buffer overflow vulnerability (CNVD-2024-04846)

GTKWave is a full-featured, GTK+-based waveform viewer from GTKWave. A buffer overflow vulnerability exists in GTKWave version 3.3.115, which can be exploited by an attacker to cause arbitrary code execution via specially crafted .fst files...

7.8CVSS7.7AI score0.00438EPSS
Exploits1References1
osv
osv
added 2022/11/23 2:15 a.m.5 views

CVE-2020-23590

A vulnerability in Optilink OP-XT71000N Hardware version: V2.2 , Firmware Version: OPV3.3.1-191028 allows an unauthenticated remote attacker to conduct a cross-site request forgery CSRF attack to change the Password for "WLAN SSID" through "wlwpa.asp"...

6.5CVSS5.7AI score0.00428EPSS
Exploits0References1
Rows per page
Query Builder