Lucene search
K

52 matches found

Spring Security Advisories
Spring Security Advisories
added 2026/06/10 12:0 a.m.6 views

CVE-2026-41000: WSS4J validation does not use configured replay cache

Wss4jSecurityInterceptor did not consistently wire Apache WSS4J ReplayCache instances into RequestData for validation-time checks. As a result, protections against replay of UsernameToken nonces and creation timestamps, Timestamp elements, and certain SAML one-time-use semantics could be...

3.7CVSS5.8AI score0.00223EPSS
Exploits0References1Affected Software1
HackRead
HackRead
added 2026/05/04 10:55 a.m.9 views

Cyber-Secure Philanthropy: Tech Infrastructure for Global Donations

Secure philanthropy needs hardened payments, API security, and compliance controls to protect global donations from fraud and attacks...

5.8AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2004-1036

Malware in sbrugna...

7.2CVSS6.4AI score0.00483EPSS
Exploits0References22
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2021-12367

Malware in sbrugna...

7.5CVSS7.5AI score0.00385EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2025/08/07 12:0 a.m.2 views

RL-MoE: an Image-Based Privacy Preserving Approach in Intelligent Transportation System

The proliferation of AI-powered cameras in Intelligent Transportation Systems ITS creates a severe conflict between the need for rich visual data and the fundamental right to privacy. Existing privacy-preserving mechanisms, such as blurring or encryption, are often insufficient, creating an...

6.8AI score
Exploits0
SUSE Linux
SUSE Linux
added 2025/07/23 12:44 p.m.7 views

Security update 5.0.5 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2024-38822: Fixed Minion token validation bsc1244561 CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport bsc1244564 CVE-2024-38824: Fixed directory traversal...

9.6CVSS7.6AI score0.00959EPSS
Exploits0References52
HackRead
HackRead
added 2025/06/04 11:54 a.m.8 views

How to Protect Your Online Presence from Devastating DDoS Attacks

Today, your internet presence is much more than just a website or social media profile, it's like your…...

7.3AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 7:47 p.m.8 views

CVE-2021-3332

WPS Hide Login 1.6.1 allows remote attackers to bypass a protection mechanism via postpassword...

5.3CVSS7AI score0.01815EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:26 p.m.5 views

CVE-2021-25471

A lack of replay attack protection in Security Mode Command process prior to SMR Oct-2021 Release 1 can lead to denial of service on mobile network connection and battery depletion...

7.5CVSS6.9AI score0.00385EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:13 p.m.7 views

CVE-2020-8168

We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:Attackers can abuse multiple end-points not protected against cross-site reques...

8.8CVSS7.2AI score0.00693EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2025/03/25 12:0 a.m.248 views

WordPress Iron Security 2.2.3 IP Spoofing

WordPress Iron Security plugin versions 2.2.3 and below suffer from a source IP spoofing vulnerability. Wordpress Plugin Iron Security - IP Spoofing Exploit Author: bRpsd | cyatlive.no Date: March 20, 2025 Product: https://wordpress.org/plugins/iron-security/ Version: 2.2.3 and below CVE : N/A...

7.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.15 views

RHEL 6 : perltidy (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - perltidy: insecure temporary file creation CVE-2014-2277 - perltidy through 20160302, as used by...

7.1CVSS6.6AI score0.00354EPSS
Exploits0References2
CVE
CVE
added 2023/10/31 12:0 a.m.33 views

CVE-2023-43139

Summary: CVE-2023-43139 affects franfinance prior to v2.0.27 (PrestaShop integration). The vulnerability allows a remote attacker to execute arbitrary code via the validation.php and controllers/front/validation.php components. The NVD records a CVSSv3.1 base score of 9.8 (CRITICAL) with network ...

9.8CVSS9.6AI score0.00948EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/10/10 5:15 p.m.28 views

CVE-2023-36478

Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in MetaDataBuilder.checkSize allows for HTTP/2 HPACK header values to exceed their size limit. MetaDataBuilder.java determines if a...

7.5CVSS7.7AI score0.03754EPSS
Exploits1References10
CNVD
CNVD
added 2023/02/20 12:0 a.m.19 views

Fortinet FortiWeb Cross-Site Scripting Vulnerability (CNVD-2023-18299)

Fortinet FortiWeb is a Web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures Web applications and protects sensitive database content. A cross-site scripting vulnerability exists...

6.1CVSS6.1AI score0.00668EPSS
Exploits0References1
Palo Alto Networks
Palo Alto Networks
added 2022/08/10 4:0 p.m.58 views

PAN-OS: Reflected Amplification Denial-of-Service (DoS) Vulnerability in URL Filtering

A PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service RDoS attacks. The DoS attack would appear to originate from a Palo Alto Networks PA-Series hardware, VM-Series virtual and CN-Series container firewall...

8.6CVSS0.5AI score0.02041EPSS
Exploits0References1
Code423n4
Code423n4
added 2022/08/06 12:0 a.m.18 views

Missing EIP-155 replay attack protection

Lines of code Vulnerability details Impact publishProject/addMember/escrow in Community and inviteContractor/updateProjectHash/addTasks/setComplete/changeOrder in Project use ecrecover for signed messages to check access. However, all signed messages that is used to check access do not include an...

6.8AI score
Exploits0
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.9 views

Mageia: Security Advisory (MGASA-2017-0301)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS5.6AI score0.0032EPSS
Exploits0References4
CNVD
CNVD
added 2021/12/13 12:0 a.m.20 views

Fortinet FortiWeb Cross-Site Scripting Vulnerability (CNVD-2021-99662)

Fortinet FortiWeb is a Web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures Web applications and protects sensitive database content. A cross-site scripting vulnerability exists,...

6.1CVSS0.6AI score0.00652EPSS
Exploits0References1
NVD
NVD
added 2021/10/06 6:15 p.m.11 views

CVE-2021-25471

A lack of replay attack protection in Security Mode Command process prior to SMR Oct-2021 Release 1 can lead to denial of service on mobile network connection and battery depletion...

7.5CVSS0.00385EPSS
Exploits0References1
Rows per page
Query Builder