Lucene search
K
OsvMost viewed

905908 matches found

OSV
OSV
•added 2024/02/06 4:15 p.m.•156 views

CVE-2024-24015

A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL via /sys/user/exit...

9.8CVSS8.1AI score
Exploits0References2
OSV
OSV
•added 2022/09/27 12:0 a.m.•156 views

GHSA-6HRG-QMVC-2XH8 joblib vulnerable to arbitrary code execution

The package joblib from 0 and before 1.2.0 is vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...

9.8CVSS8.3AI score0.01893EPSS
Exploits1References17
OSV
OSV
•added 2022/05/24 5:27 p.m.•156 views

GHSA-HXRM-9W7P-39CC Cookie parsing failure

A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.The security update addresses...

7.5CVSS7.2AI score0.06624EPSS
Exploits0References14
OSV
OSV
•added 2025/01/31 6:31 p.m.•155 views

GHSA-WXCC-2F3Q-4H58 Grafana Alerting VictorOps integration could be exposed to users with Viewer permission

Grafana is an open-source platform for monitoring and observability. The Grafana Alerting VictorOps integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 11.5.0, 11.4.1, 11.3.3, 11.2.6, 11.1.11, 11.0.11 and 10.4.15...

4.3CVSS4.6AI score0.00368EPSS
Exploits0References6
OSV
OSV
•added 2025/01/16 5:15 p.m.•155 views

CVE-2025-0518

Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/afpan.C . This issue affects FFmpeg: 7.1. Issue was fixed: ...

5.3CVSS7.1AI score
Exploits0References2
OSV
OSV
•added 2024/06/28 7:25 a.m.•155 views

BIT-GITLAB-2024-2191 Improper Access Control in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows merge request title to be visible publicly despite being set as project members only...

5.3CVSS5.2AI score0.00432EPSS
Exploits0References3
OSV
OSV
•added 2023/11/09 9:30 p.m.•155 views

GHSA-4QHC-V8R6-8VWM HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability

HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory. A large number of these requests may lead to denial-of-service. Fixed in Vault 1.15.2, 1.14.6, and 1.13.10...

7.5CVSS6.3AI score0.00719EPSS
Exploits0References4
OSV
OSV
•added 2023/11/02 7:26 a.m.•155 views

BIT-2023-46118

RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service DoS attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API...

4.9CVSS6.6AI score0.01077EPSS
Exploits0References1Affected Software1
OSV
OSV
•added 2023/09/29 9:14 p.m.•155 views

PYSEC-2023-184

opencv-python-headless versions before v4.8.1.78 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863. opencv-python-headless v4.8.1.78 upgrades the bundled libwebp binary to v1.3.2...

8.8CVSS6.8AI score0.99739EPSS
Exploits9References3
OSV
OSV
•added 2022/02/15 1:57 a.m.•155 views

GHSA-WC9W-WVQ2-FFM9 Server Side Request Forgery in Grafana

The avatar feature in Grafana github.com/grafana/grafana/pkg/api/avatar 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue that allows remote code execution. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result t...

5.8CVSS8.6AI score0.99856EPSS
Exploits5References31
OSV
OSV
•added 2020/10/12 5:33 p.m.•155 views

GHSA-269G-PWP5-87PP TemporaryFolder on unix-like systems does not limit access to created files

Vulnerability The JUnit4 test rule TemporaryFolder contains a local information disclosure vulnerability. Example of vulnerable code: java public static class HasTempFolder @Rule public TemporaryFolder folder = new TemporaryFolder; @Test public void testUsingTempFolder throws IOException...

4.4CVSS6.8AI score0.01674EPSS
Exploits1References41
OSV
OSV
•added 2025/04/22 4:56 p.m.•154 views

GO-2025-3603 Query smuggling in ch-go library in github.com/ClickHouse/ch-go

Query smuggling in ch-go library in github.com/ClickHouse/ch-go...

5.9CVSS6.7AI score0.00342EPSS
Exploits0References3
OSV
OSV
•added 2025/03/13 7:16 a.m.•154 views

BIT-MYSQL-CLIENT-2023-52968

MariaDB Server 10.4 before 10.4.33, 10.5 before 10.5.24, 10.6 before 10.6.17, 10.7 through 10.11 before 10.11.7, 11.0 before 11.0.5, and 11.1 before 11.1.4 calls fixfieldsifneeded under mysqlderivedprepare when derived is not yet prepared, leading to a findfieldintable crash...

4.9CVSS5AI score0.00396EPSS
Exploits0References2
OSV
OSV
•added 2025/03/13 7:15 a.m.•154 views

BIT-MYSQL-CLIENT-2023-52970

MariaDB Server 10.4 through 10.5., 10.6 through 10.6., 10.7 through 10.11., 11.0 through 11.0., and 11.1 through 11.4. crashes in Itemdirectviewref::derivedfieldtransformerforwhere...

4.9CVSS5.1AI score0.00423EPSS
Exploits0References3
OSV
OSV
•added 2024/12/05 7:6 a.m.•154 views

BIT-HAPROXY-2024-53008

Inconsistent interpretation of HTTP requests 'HTTP Request/Response Smuggling' issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL Access Control List set on the product. As a result, the attacker may obtain sensitive...

5.3CVSS5AI score0.01043EPSS
Exploits0References7
OSV
OSV
•added 2024/11/28 7:22 p.m.•154 views

BIT-GITLAB-2024-11668 Insufficient Session Expiration in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Long-lived connections could potentially bypass authentication controls, allowing unauthorized access to streaming results...

5.3CVSS4.8AI score0.00326EPSS
Exploits0References2
OSV
OSV
•added 2024/07/17 1:30 a.m.•154 views

CVE-2024-6595 Uncontrolled Search Path Element in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 11.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 where it was possible to upload an NPM package with conflicting package data...

3CVSS5.4AI score0.00462EPSS
Exploits1References5
OSV
OSV
•added 2024/02/08 1:15 a.m.•154 views

CVE-2024-24025

An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: upload. An attacker can pass in specially crafted filename parameter to perform arbitrary File download...

9.8CVSS7.2AI score
Exploits0References2
OSV
OSV
•added 2023/11/02 10:2 p.m.•154 views

GO-2023-2158 Google Sheet API key disclosure in github.com/grafana/google-sheets-datasource

Error messages for the Google Sheets data source plugin were improperly sanitized. The Google Sheet API-key could potentially be exposed...

7.5CVSS6.3AI score0.00389EPSS
Exploits0References1
OSV
OSV
•added 2021/08/04 9:3 p.m.•154 views

GHSA-CMHX-CQ75-C4MJ Regular Expression Denial of Service in System.Text.RegularExpressions

A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981...

7.5CVSS7.5AI score0.05719EPSS
Exploits0References3
OSV
OSV
•added 2024/07/13 7:23 a.m.•152 views

BIT-GITLAB-2024-2880 Improper Access Control in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 in which a user with admingroupmember custom role permission could ban group members...

2.7CVSS3.4AI score0.00349EPSS
Exploits0References3
OSV
OSV
•added 2020/11/04 5:50 p.m.•152 views

GHSA-G3WG-6MCF-8JJ6 Local Temp Directory Hijacking Vulnerability

Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the...

7CVSS7.7AI score0.043EPSS
Exploits1References147
OSV
OSV
•added 2025/03/13 7:15 a.m.•151 views

BIT-MYSQL-CLIENT-2023-52971

MariaDB Server 10.10 through 10.11. and 11.0 through 11.4. crashes in JOIN::fixallsplittingsinplan...

4.9CVSS5.1AI score0.00443EPSS
Exploits0References2
OSV
OSV
•added 2025/03/13 7:15 a.m.•151 views

BIT-MYSQL-CLIENT-2025-21490

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise...

4.9CVSS4.4AI score0.01236EPSS
Exploits0References4
OSV
OSV
•added 2024/07/11 6:57 a.m.•151 views

CVE-2024-5257 Improper Access Control in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Developer user with admincomplianceframework custom role may have been able to modify the URL for a group namespace...

4.9CVSS5.3AI score0.0042EPSS
Exploits0References5
OSV
OSV
•added 2024/04/06 6:17 p.m.•151 views

BIT-APACHE-2024-24795 Apache HTTP Server: HTTP Response Splitting in multiple modules

HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue...

6.3CVSS6.2AI score0.02874EPSS
Exploits0References11
OSV
OSV
•added 2023/04/30 12:0 a.m.•151 views

DLA-3408-1 jruby - security update

Bulletin has no description...

8.1CVSS7AI score0.0576EPSS
Exploits3
OSV
OSV
•added 2022/05/02 3:47 a.m.•151 views

GHSA-C73W-4RCJ-2622 Typo3 API Install Tool vulnerable to Cross-site Scripting

Cross-site scripting XSS vulnerability in the Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters...

4.3CVSS5.3AI score0.01962EPSS
Exploits0References7
OSV
OSV
•added 2024/06/28 7:22 a.m.•150 views

BIT-GITLAB-2024-3115 Exposure of Sensitive Information to an Unauthorized Actor in GitLab

An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows an attacker to access issues and epics without having an SSO session using Duo Chat...

4.3CVSS4.5AI score0.00337EPSS
Exploits0References3
OSV
OSV
•added 2024/04/06 6:17 p.m.•150 views

BIT-APACHE-2023-38709 Apache HTTP Server: HTTP response splitting

Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58...

7.3CVSS7.3AI score0.03914EPSS
Exploits0References12
OSV
OSV
•added 2022/06/17 1:16 a.m.•150 views

GHSA-7V28-G2PQ-GGG8 Ghost vulnerable to remote code execution in locale setting change

Impact A vulnerability in an upstream library means an authenticated attacker can abuse locale input to execute arbitrary commands from a file that has previously been uploaded using the file upload functionality in the post editor. Patches Fixed in 5.2.3, all 5.x sites should update as soon as...

6.6CVSS8AI score
Exploits0References2
OSV
OSV
•added 2022/05/14 1:17 a.m.•150 views

GHSA-Q9XF-JWR4-V445 Authentication Bypass in Apache Tomcat

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the...

5CVSS4.9AI score0.0854EPSS
Exploits0References8
OSV
OSV
•added 2022/03/03 12:0 a.m.•150 views

GHSA-GCX5-3P5F-F8VP Prototype Pollution in jquery.cookie

jQuery Cookie 1.4.1 is affected by prototype pollution, which can lead to DOM cross-site scripting XSS...

6.1CVSS6AI score0.01123EPSS
Exploits1References3
OSV
OSV
•added 2021/07/27 12:1 a.m.•150 views

OSV-2021-1066 UNKNOWN READ in helper_uc_tracecode

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36571 Crash type: UNKNOWN READ Crash state: helpeructracecode...

7.2AI score
Exploits0References1
OSV
OSV
•added 2025/04/10 1:30 p.m.•149 views

CVE-2025-2469 Debug Messages Revealing Unnecessary Information in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.9.6, and 17.10 before 17.10.4. The runtime profiling data of a specific service was accessible to unauthenticated users...

3.7CVSS6.6AI score0.00344EPSS
Exploits1References5
OSV
OSV
•added 2025/02/06 12:33 p.m.•149 views

BIT-PYTHON-2024-12254 Unbounded memory buffering in SelectorSocketTransport.writelines()

Starting in Python 3.12.0, the asyncio.SelectorSocketTransport.writelines method would not "pause" writing and signal to the Protocol to drain the buffer to the wire once the write buffer reached the "high-water mark". Because of this, Protocols would not periodically drain the write buffer...

8.7CVSS7.6AI score0.0188EPSS
Exploits0References9
OSV
OSV
•added 2024/05/29 7:22 a.m.•149 views

BIT-GITLAB-2024-2874 Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. A runner registered with a crafted description has the potential to disrupt the loading of targeted GitLab web resources...

6.5CVSS6.2AI score0.00632EPSS
Exploits1References3
OSV
OSV
•added 2023/10/12 11:21 p.m.•149 views

MAL-2023-8346 Malicious code in situs-slot-gacor-pragmatic-play-dijamin-menang-tahun-2023 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4cd7a331fb814fa537c53d27be98d58490ef24e73e0720abf83775b181ba3501 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
•added 2022/03/07 12:0 a.m.•149 views

GHSA-PH3V-2HQ5-5QFQ Code injection in RazorEngine

In the IsolatedRazorEngine component of Antaris RazorEngine through 4.5.1-alpha001, an attacker can execute arbitrary .NET code in a sandboxed environment if users can externally control template contents. NOTE: This vulnerability only affects products that are no longer supported by the maintain...

9.8CVSS9.6AI score0.01832EPSS
Exploits2References3
OSV
OSV
•added 2020/12/01 12:0 a.m.•149 views

ASB-A-162844689

In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.2CVSS8AI score0.00268EPSS
Exploits0References3
OSV
OSV
•added 2025/04/12 3:41 a.m.•148 views

GHSA-M454-3XV7-QJ85 CVE-2025-1386- Query smuggling in ch-go library

Impact When using the ch-go library, under a specific condition when the query includes a large, uncompressed malicious external data, it is possible for an attacker in control of such data to smuggle another query packet into the connection stream. Patches If you are using ch-go library, we...

5.9CVSS6.8AI score0.00342EPSS
Exploits0References5
OSV
OSV
•added 2024/03/06 11:3 a.m.•148 views

BIT-REDMINE-2023-47258

Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in a Markdown formatter...

6.1CVSS5.8AI score0.00377EPSS
Exploits0References2
OSV
OSV
•added 2022/05/01 6:3 p.m.•148 views

GHSA-HC39-RJWP-QFFQ Apache Tomcat XSS Vulnerabilities in Examples Web Application

Multiple cross-site scripting XSS vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via...

4.3CVSS6.3AI score0.77376EPSS
Exploits1References19
OSV
OSV
•added 2022/02/15 1:57 a.m.•148 views

GHSA-X6MJ-W4JF-JMGW Server Side Request Forgery (SSRF) in Kubernetes

The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery SSRF that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints...

6.3CVSS5.2AI score0.03679EPSS
Exploits0References8
OSV
OSV
•added 2025/04/02 7:15 a.m.•147 views

CVE-2024-36469

Execution time for an unsuccessful login differs when using a non-existing username compared to using an existing one...

3.1CVSS7.2AI score
Exploits0References2
OSV
OSV
•added 2024/05/29 7:25 a.m.•147 views

BIT-GITLAB-2024-1947 Improper Handling of Highly Compressed Data (Data Amplification) in GitLab

A denial of service DoS condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this vulnerability an attacker could create a DoS condition by sending crafted API calls...

6.5CVSS5AI score0.00476EPSS
Exploits0References3
OSV
OSV
•added 2021/07/22 7:47 p.m.•147 views

GHSA-G973-978J-2C3P Denial of Service in SheetJS Pro

SheetJS Pro through 0.16.9 allows attackers to cause a denial of service CPU consumption via a crafted .xlsx document that is mishandled when read by xlsx.js...

5.5CVSS5.4AI score0.0088EPSS
Exploits0References5
OSV
OSV
•added 2025/04/02 7:15 a.m.•146 views

CVE-2024-42325

Zabbix API user.get returns all users that share common group with the calling user. This includes media and other information, such as login attempts, etc...

3.5CVSS7.1AI score
Exploits0References2
OSV
OSV
•added 2024/06/28 7:22 a.m.•146 views

BIT-GITLAB-2024-4011 Improper Access Control in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows non-project member to promote key results to objectives...

4.3CVSS4.2AI score0.00323EPSS
Exploits0References3
OSV
OSV
•added 2021/03/25 5:4 p.m.•146 views

GHSA-5MG8-W23W-74H3 Information Disclosure in Guava

A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava com.google.common.io.Files.createTempDir. The permissions granted to the directory created defau...

3.3CVSS6.6AI score0.00964EPSS
Exploits1References82
Total number of security vulnerabilities5000