Skip to main content

Studio

9 CVEs product

Monthly

CVE-2023-41329 LIB MEDIUM PATCH This Month

WireMock is a tool for mocking HTTP services. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Python Authentication Bypass Docker Python Wiremock Studio +2
NVD GitHub
CVSS 3.1
6.6
EPSS
0.6%
CVE-2023-41327 Maven MEDIUM PATCH This Month

WireMock is a tool for mocking HTTP services. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Docker Studio Wiremock
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-39967 CRITICAL POC Act Now

WireMock is a tool for mocking HTTP services. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Studio
NVD GitHub
CVSS 3.1
10.0
EPSS
0.8%
CVE-2023-38335 MEDIUM POC This Month

Omnis Studio 10.22.00 has incorrect access control. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Studio
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2023-38334 MEDIUM POC This Month

Omnis Studio 10.22.00 has incorrect access control. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Studio
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-31444 HIGH This Week

In Talend Studio before 7.3.1-R2022-10 and 8.x before 8.0.1-R2022-09, microservices allow unauthenticated access to the Jolokia endpoint of the microservice. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Studio
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2020-25803 Maven HIGH PATCH This Week

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker template exposed objects. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Studio
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2020-25802 Maven HIGH PATCH This Week

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy scripting. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Studio
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2018-7472 MEDIUM This Month

INVT Studio 1.2 allows remote attackers to cause a denial of service during import operations. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Studio
NVD
CVSS 3.0
5.5
EPSS
0.4%
EPSS 1% CVSS 6.6
MEDIUM PATCH This Month

WireMock is a tool for mocking HTTP services. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Python Authentication Bypass Docker +4
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

WireMock is a tool for mocking HTTP services. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Docker Studio +1
NVD GitHub
EPSS 1% CVSS 10.0
CRITICAL POC Act Now

WireMock is a tool for mocking HTTP services. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Studio
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC This Month

Omnis Studio 10.22.00 has incorrect access control. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Studio
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Omnis Studio 10.22.00 has incorrect access control. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Studio
NVD
EPSS 1% CVSS 7.5
HIGH This Week

In Talend Studio before 7.3.1-R2022-10 and 8.x before 8.0.1-R2022-09, microservices allow unauthenticated access to the Jolokia endpoint of the microservice. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Studio
NVD
EPSS 1% CVSS 7.2
HIGH PATCH This Week

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker template exposed objects. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Studio
NVD
EPSS 1% CVSS 7.2
HIGH PATCH This Week

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy scripting. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Studio
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

INVT Studio 1.2 allows remote attackers to cause a denial of service during import operations. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Studio
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy