Lucene search
+L

33 matches found

ptsecurity
ptsecurity
added 2025/08/29 12:0 a.m.7 views

PT-2025-35332

Name of the Vulnerable Software and Affected Versions Rancher Manager versions 2.9.12, 2.10.9, 2.11.5, and 2.12.1 Description A high-severity Denial of Service DoS flaw exists in Rancher Manager, allowing attackers to crash servers by sending oversized API requests to certain public unauthenticat...

9.9CVSS6.5AI score0.10543EPSS
Exploits21References58
ptsecurity
ptsecurity
added 2025/02/14 12:0 a.m.5 views

PT-2025-7178 · Rupeeweb · Rupeeweb

Name of the Vulnerable Software and Affected Versions: RupeeWeb trading platform affected versions not specified Description: The issue is caused by missing rate limiting on OTP requests in certain API endpoints. An authenticated remote attacker could exploit this by sending multiple OTP requests...

5.1CVSS6.4AI score0.00433EPSS
Exploits0References4
pypa
pypa
added 2024/12/03 5:15 p.m.60 views

PYSEC-2024-287

Synapse is an open-source Matrix homeserver. Synapse before version 1.106 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the...

5.3CVSS6.4AI score0.00419EPSS
Exploits0References2Affected Software1
osv
osv
added 2024/12/03 5:15 p.m.3 views

UBUNTU-CVE-2024-37303

Synapse is an open-source Matrix homeserver. Synapse before version 1.106 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the...

5.3CVSS5.5AI score0.00419EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2024/12/03 12:0 a.m.43 views

PT-2024-27461 · Matrix · Synapse

Name of the Vulnerable Software and Affected Versions: Synapse versions prior to 1.106 Description: Synapse, an open-source Matrix homeserver, allows unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. This...

8.7CVSS6.6AI score0.00715EPSS
Exploits0References19
cnnvd
cnnvd
added 2023/10/25 12:0 a.m.6 views

Nautobot Security Vulnerability

Nautobot is a web automation platform from the individual developers of Nautobot. A security vulnerability exists in versions of Nautobot prior to 2.0.3 that stems from certain REST API endpoints that, in combination with a query parameter, can expose hashed user passwords stored in a database to...

6.5CVSS6.5AI score0.00529EPSS
Exploits1References4
nvd
nvd
added 2023/04/16 7:15 a.m.25 views

CVE-2023-29506

XWiki Commons are technical libraries common to several other top level XWiki projects. It was possible to inject some code using the URL of authenticated endpoints. This problem has been patched on XWiki 13.10.11, 14.4.7 and 14.10...

6.1CVSS5.8AI score0.01721EPSS
Exploits1References3
prion
prion
added 2023/04/16 7:15 a.m.18 views

Code injection

XWiki Commons are technical libraries common to several other top level XWiki projects. It was possible to inject some code using the URL of authenticated endpoints. This problem has been patched on XWiki 13.10.11, 14.4.7 and 14.10...

5.8CVSS6.2AI score0.01721EPSS
Exploits1References3Affected Software1
vulnrichment
vulnrichment
added 2023/04/16 6:49 a.m.7 views

CVE-2023-29506 org.xwiki.platform:xwiki-platform-security-authentication-default XSS with authenticated endpoints

XWiki Commons are technical libraries common to several other top level XWiki projects. It was possible to inject some code using the URL of authenticated endpoints. This problem has been patched on XWiki 13.10.11, 14.4.7 and 14.10...

5.4CVSS6.3AI score0.01721EPSS
Exploits1References3
redhatcve
redhatcve
added 2020/02/07 2:44 p.m.37 views

CVE-2020-5397

A flaw was found in springframework. CSRF attacks through CORS preflight requests that target Spring MVC spring-webmvc module or Spring WebFlux spring-webflux module endpoints are possible. Only non-authenticated endpoints are vulnerable because preflight requests should not include credentials a...

5.3CVSS2.2AI score0.02382EPSS
Exploits1References3
osv
osv
added 2020/01/17 7:15 p.m.24 views

CVE-2020-5397

Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC spring-webmvc module or Spring WebFlux spring-webflux module endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not inclu...

5.3CVSS6.8AI score0.02382EPSS
Exploits1References7
osv
osv
added 2019/06/18 3:38 p.m.14 views

GHSA-4VR3-9V7H-5F8V Low severity vulnerability that affects Gw2Sharp

Leaking cached authenticated requests Impact If you've been using one MemoryCacheMethod object in multiple instances of Gw2WebApiClient and are requesting authenticated endpoints with different access tokens, then you are likely to run into this bug. When using an instance of MemoryCacheMethod an...

6.7AI score
Exploits0References3
github
github
added 2019/06/18 3:38 p.m.14 views

Low severity vulnerability that affects Gw2Sharp

Leaking cached authenticated requests Impact If you've been using one MemoryCacheMethod object in multiple instances of Gw2WebApiClient and are requesting authenticated endpoints with different access tokens, then you are likely to run into this bug. When using an instance of MemoryCacheMethod an...

1.7AI score
Exploits0References2Affected Software1
Rows per page
Query Builder