Lucene search
K

137 matches found

Github Security Blog
Github Security Blog
added 2023/07/28 3:34 p.m.44 views

Denial of service from unlimited password lengths

TL;DR This vulnerability affects all Kirby sites with user accounts unless Kirby's API and Panel are disabled in the config. The real-world impact of this vulnerability is limited, however we still recommend to update to one of the patch releases because they also fix more severe vulnerabilities...

7.5CVSS7.2AI score0.01028EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2023/07/27 3:43 p.m.36 views

CVE-2023-38492 Kirby vulnerable to denial of service from unlimited password lengths

Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites with user accounts unless Kirby's API and Panel are disabled in the config. The real-world impact of this vulnerability is limited, however we still...

5.3CVSS7.8AI score0.01028EPSS
Exploits0References9
CNNVD
CNNVD
added 2023/07/27 12:0 a.m.10 views

Kirby 安全漏洞

Kirby is a file-based content management system CMS. A security vulnerability exists in Kirby versions 3.5.8.2 and earlier, 3.6.0 through 3.6.6.2, 3.7.0 through 3.7.5.1, 3.8.0 through 3.8.4, 3.9.0 through 3.9.5, and 3.9.0 and 3.9.5, which stems from an unspecified length of the Kirby authenticati...

7.5CVSS7.3AI score0.01028EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2023/05/23 12:0 a.m.8 views

CVE-2023-31664

A reflected cross-site scripting XSS vulnerability in /authenticationendpoint/login.do of WSO2 API Manager before 4.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tenantDomain parameter...

5.9AI score0.012EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/05/23 12:0 a.m.6 views

WSO2 API Manager 跨站脚本漏洞

WSO2 API Manager is an API lifecycle management solution from WSO2, Inc. A security vulnerability exists in WSO2 API Manager versions prior to 4.2.0, which stems from a security issue in authenticationendpoint/login.do, that could allow an attacker to inject a crafted payload via the tenantDomain...

6.1CVSS6.5AI score0.012EPSS
Exploits1References4
OSV
OSV
added 2023/05/23 12:0 a.m.30 views

CVE-2023-31664

A reflected cross-site scripting XSS vulnerability in /authenticationendpoint/login.do of WSO2 API Manager before 4.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tenantDomain parameter...

6.1CVSS5.9AI score0.012EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2022/11/27 12:0 a.m.10 views

PT-2022-27690 · Unknown · Opendaylight

Name of the Vulnerable Software and Affected Versions: OpenDaylight versions prior to 0.16.5 Description: A SQL injection issue was discovered in the AAA component of OpenDaylight. The deleteUser function in the UserStore.java file is affected when the API interface "/auth/v1/users/" is used...

7.5CVSS7.3AI score0.00543EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/10/19 12:0 a.m.5 views

PT-2022-14228 · Red Hat · Keycloak

Name of the Vulnerable Software and Affected Versions: keycloak version 18.0.0 Description: The issue concerns an open redirect in the authentication endpoint via the redirect uri parameter. However, it has been determined that this is a known misconfiguration, and recommendations to mitigate the...

7AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/10/06 12:0 a.m.2 views

PT-2022-28253 · Etcd · Etcd

Name of the Vulnerable Software and Affected Versions: etcd affected versions not specified Description: The issue is related to authentication in the etcd gateway. It only authenticates endpoints detected from DNS SRV records and does so only once. If an endpoint changes its authentication...

7AI score
Exploits0References3
CNNVD
CNNVD
added 2022/09/06 12:0 a.m.6 views

WatchGuard Firebox 安全漏洞

WatchGuard Firebox is a U.S. WatchGuard company that provides a comprehensive range of network security services, from traditional IPS and GAV, to web site/application control and malicious software prevention. A security vulnerability exists in WatchGuard Firebox that originates from allowing an...

7.5CVSS7.4AI score0.01533EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2022/03/28 12:15 p.m.6 views

CVE-2021-46434

EMQ X Dashboard V3.0.0 is affected by username enumeration in the "/api /v3/auth" interface. When a user login, the application returns different results depending on whether the account is correct, that allowed an attacker to determine if a given username was valid...

5.3CVSS5.9AI score0.00855EPSS
Exploits1References2
OSV
OSV
added 2021/09/07 12:15 p.m.6 views

CVE-2021-38616

In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/user-guid/ user edition endpoint could permit any logged-in user to increase their own permissions via a userpermissions array in a PATCH request. A guest user could modify other users' profiles and much more...

8.8CVSS7.3AI score0.01315EPSS
Exploits0References4
OSV
OSV
added 2021/09/07 12:15 p.m.6 views

CVE-2021-38617

In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/ user creation endpoint allows a standard user to create a super user account with a defined password. This directly leads to privilege escalation...

8.8CVSS5.7AI score0.01413EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/09/07 12:0 a.m.5 views

Eigen NLP 安全漏洞

Eigen NLP is a natural language processing system. A security vulnerability exists in Eigen NLP 3.10.1 that stems from a lack of access control on the /auth/v1/user/ user creation endpoint. The vulnerability allows a standard user to create a superuser account with a defined password, which...

8.8CVSS7.9AI score0.01413EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/06/13 12:0 a.m.1 views

urllib3 资源管理错误漏洞

urllib3 is a Python HTTP library. It features thread-safe connection pooling, file publishing support, and more. Urllib3 suffers from a Resource Management Error vulnerability that originates from adding the @ parameter to the URL of the authentication module, which can be exploited by an attacke...

7.5CVSS7.3AI score0.03273EPSS
Exploits0References30
AlpineLinux
AlpineLinux
added 2020/10/19 4:47 p.m.46 views

CVE-2020-26891

AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to execute an XSS attack on the domain Synapse is hosted on, by supplying the victim user with a malicious URL to the...

6.1CVSS6.1AI score0.01908EPSS
Exploits0
Openbugbounty
Openbugbounty
added 2017/01/06 3:33 p.m.56 views

scsso.fone.sep.gob.mx XSS vulnerability

Vulnerable URL:...

6.3AI score
Exploits0
Rows per page
Query Builder