Lucene search
K

2728 matches found

Nuclei
Nuclei
added yesterday101 views

DataEase <= 2.4.1 - Sensitive Information Exposure

DataEase, an open source data visualization and analysis tool, has a database configuration information exposure vulnerability prior to version 2.5.0. Visiting the /de2api/engine/getEngine;.js path via a browser reveals that the platform's database configuration is returned. id: CVE-2024-30269...

5.3CVSS6.1AI score0.16EPSS
Exploits2References3
NVD
NVD
added last week9 views

CVE-2026-55647

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, dashboard text components render stored component content with Vue v-html without server-side HTML sanitization, allowing an authenticated user who can edit dashboard component data to inject HTML with executable...

5.1CVSS0.00269EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.9 views

PT-2026-56248

Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description An issue exists in the H2 database JDBC URL validation logic where special Unicode characters can be used to bypass security checks. This occurs because the case-conversion behavior of these...

8.7CVSS6.2AI score0.00375EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.8 views

PT-2026-56244

Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description The /de2api/share/proxyInfo share interface generates and returns an X-DE-LINK-TOKEN before validating the share password or ticket. This allows unauthenticated attackers who possess a protected...

8.7CVSS6.1AI score0.00285EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.8 views

PT-2026-56251

Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description An authenticated attacker can bypass previous fixes for the H2 zip protocol and file dropper. By uploading a zip archive disguised with a .ttf extension via the FontManage.saveFile function, the...

8.7CVSS6.2AI score0.00501EPSS
Exploits0References8
OSV
OSV
added 2026/07/01 6:41 p.m.3 views

GHSA-GVPP-V77H-5W8G Cortex has Untrusted Project Bootstrap Code Execution via `CLAUDE_PROJECT_DIR`

Untrusted Project Bootstrap Code Execution via CLAUDEPROJECTDIR Summary The Cortex MCP server neuro-cortex-memory treats the CLAUDEPROJECTDIR environment variable — automatically set by Claude Code to the currently open project directory — as a trusted Cortex developer checkout. When the...

8.5CVSS6.6AI score
Exploits0References3
OSV
OSV
added 2026/06/26 2:2 p.m.8 views

JLSEC-2026-633 vtk vtk-dicom vtkDICOMItem::NewDataElement heap-based buffer overflow vulnerability

vtk vtk-dicom vtkDICOMItem::NewDataElement heap-based buffer overflow vulnerability...

8.1CVSS6AI score0.0032EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/26 12:32 a.m.6 views

EUVD-2026-39582

vtk vtk-dicom vtkDICOMItem::NewDataElement heap-based buffer overflow vulnerability...

8.1CVSS6.1AI score0.0032EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 10:17 p.m.7 views

CVE-2026-22879

vtk vtk-dicom vtkDICOMItem::NewDataElement heap-based buffer overflow vulnerability...

8.1CVSS0.0032EPSS
Exploits0References2
Wolfi
Wolfi
added 2026/06/18 2:36 p.m.14 views

GHSA-8RFP-98V4-MMR6 vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server...

5.2AI score
Exploits0
Wolfi
Wolfi
added 2026/06/18 2:36 p.m.10 views

GHSA-GJ48-438W-JH9V vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server...

5.2AI score
Exploits0
Chainguard
Chainguard
added 2026/06/18 2:16 p.m.8 views

GHSA-GJ48-438W-JH9V vulnerabilities

Vulnerabilities for packages: label-studio, kubeflow-pipelines-visualization-server...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/06/18 2:16 p.m.10 views

GHSA-8RFP-98V4-MMR6 vulnerabilities

Vulnerabilities for packages: label-studio, kubeflow-pipelines-visualization-server...

6.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.10 views

CVE-2026-0393

The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerability affects only login operations within an active visualization session...

6.9CVSS5.5AI score0.00244EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/06/05 2:0 p.m.9 views

Chromium: CVE-2026-10918 Use after free in Viz

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.3CVSS5.4AI score0.00286EPSS
Exploits0
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.11 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 contained a resource management vulnerability. This vulnerability stemmed from the reuse of Viz components after their release, which could allow remote attackers to achieve sandbox escape by...

8.3CVSS5.3AI score0.00286EPSS
Exploits0References3
NVD
NVD
added 2026/05/21 12:16 p.m.27 views

CVE-2026-0393

The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerability affects only login operations within an active visualization session...

6.9CVSS0.00244EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/21 10:44 a.m.14 views

CVE-2026-0393 CODESYS Visualization - Insufficiently Protected Credentials

The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerability affects only login operations within an active visualization session...

6.9CVSS5.8AI score0.00244EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/21 10:44 a.m.7 views

CVE-2026-0393

The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerability affects only login operations within an active visualization session...

6.9CVSS5.8AI score0.00244EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/21 10:44 a.m.51 views

CVE-2026-0393 CODESYS Visualization - Insufficiently Protected Credentials

The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerability affects only login operations within an active visualization session...

6.9CVSS0.00244EPSS
Exploits0References1
Rows per page
Query Builder