33 matches found
PT-2025-35332
Name of the Vulnerable Software and Affected Versions Rancher Manager versions 2.9.12, 2.10.9, 2.11.5, and 2.12.1 Description A high-severity Denial of Service DoS flaw exists in Rancher Manager, allowing attackers to crash servers by sending oversized API requests to certain public unauthenticat...
PT-2025-7178 · Rupeeweb · Rupeeweb
Name of the Vulnerable Software and Affected Versions: RupeeWeb trading platform affected versions not specified Description: The issue is caused by missing rate limiting on OTP requests in certain API endpoints. An authenticated remote attacker could exploit this by sending multiple OTP requests...
PYSEC-2024-287
Synapse is an open-source Matrix homeserver. Synapse before version 1.106 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the...
UBUNTU-CVE-2024-37303
Synapse is an open-source Matrix homeserver. Synapse before version 1.106 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the...
PT-2024-27461 · Matrix · Synapse
Name of the Vulnerable Software and Affected Versions: Synapse versions prior to 1.106 Description: Synapse, an open-source Matrix homeserver, allows unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. This...
Nautobot Security Vulnerability
Nautobot is a web automation platform from the individual developers of Nautobot. A security vulnerability exists in versions of Nautobot prior to 2.0.3 that stems from certain REST API endpoints that, in combination with a query parameter, can expose hashed user passwords stored in a database to...
CVE-2023-29506
XWiki Commons are technical libraries common to several other top level XWiki projects. It was possible to inject some code using the URL of authenticated endpoints. This problem has been patched on XWiki 13.10.11, 14.4.7 and 14.10...
Code injection
XWiki Commons are technical libraries common to several other top level XWiki projects. It was possible to inject some code using the URL of authenticated endpoints. This problem has been patched on XWiki 13.10.11, 14.4.7 and 14.10...
CVE-2023-29506 org.xwiki.platform:xwiki-platform-security-authentication-default XSS with authenticated endpoints
XWiki Commons are technical libraries common to several other top level XWiki projects. It was possible to inject some code using the URL of authenticated endpoints. This problem has been patched on XWiki 13.10.11, 14.4.7 and 14.10...
CVE-2020-5397
A flaw was found in springframework. CSRF attacks through CORS preflight requests that target Spring MVC spring-webmvc module or Spring WebFlux spring-webflux module endpoints are possible. Only non-authenticated endpoints are vulnerable because preflight requests should not include credentials a...
CVE-2020-5397
Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC spring-webmvc module or Spring WebFlux spring-webflux module endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not inclu...
GHSA-4VR3-9V7H-5F8V Low severity vulnerability that affects Gw2Sharp
Leaking cached authenticated requests Impact If you've been using one MemoryCacheMethod object in multiple instances of Gw2WebApiClient and are requesting authenticated endpoints with different access tokens, then you are likely to run into this bug. When using an instance of MemoryCacheMethod an...
Low severity vulnerability that affects Gw2Sharp
Leaking cached authenticated requests Impact If you've been using one MemoryCacheMethod object in multiple instances of Gw2WebApiClient and are requesting authenticated endpoints with different access tokens, then you are likely to run into this bug. When using an instance of MemoryCacheMethod an...