Lucene search
K

185 matches found

CVE
CVE
added 2025/04/19 12:0 a.m.72 views

CVE-2025-43918

CVE-2025-43918 describes a vulnerability in SSL.com prior to 2025-04-19 where the domain validation method 3.2.2.4.14 can cause certificate requests to be processed in a way that allows a trusted TLS certificate to be issued for the requester’s email-domain name, even if the requester lacks admin...

6.4CVSS7AI score0.00089EPSS
Exploits0References2
SUSE Linux
SUSE Linux
added 2025/03/19 11:45 a.m.12 views

Security update for python311

This update for python311 fixes the following issues: Skip PGO with %wantreproduciblebuilds bsc1239210 CVE-2025-0938: Disallows square brackets and in domain names for parsed URLs bsc1236705. Configure externallymanaged with a bcond bsc1228165. Update to 3.11.11: Tools/Demos gh-123418: Update...

8.4CVSS10AI score0.34174EPSS
Exploits6References82
SUSE CVE
SUSE CVE
added 2025/03/16 2:48 a.m.4 views

SUSE CVE-2025-27403

Ratify is a verification engine as a binary executable and on Kubernetes which enables verification of artifact security metadata and admits for deployment only those that comply with policies the user creates. In a Kubernetes environment, Ratify can be configured to authenticate to a private Azu...

7.2CVSS6.5AI score0.00445EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/03/13 5:5 p.m.10 views

CVE-2025-27403

Ratify is a verification engine as a binary executable and on Kubernetes which enables verification of artifact security metadata and admits for deployment only those that comply with policies the user creates. In a Kubernetes environment, Ratify can be configured to authenticate to a private Azu...

7.2CVSS6.9AI score0.00445EPSS
Exploits0References1
Snyk
Snyk
added 2025/03/11 3:27 p.m.3 views

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere due to the improper validation of target registry domains during the token exchange process. An attacker can extract and misuse authentication tokens by directin...

8.2CVSS7AI score0.00445EPSS
Exploits0References2
Snyk
Snyk
added 2025/03/11 3:27 p.m.3 views

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere due to the improper validation of target registry domains during the token exchange process. An attacker can extract and misuse authentication tokens by directin...

8.2CVSS7AI score0.00445EPSS
Exploits0References2
Snyk
Snyk
added 2025/03/11 3:27 p.m.3 views

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere due to the improper validation of target registry domains during the token exchange process. An attacker can extract and misuse authentication tokens by directin...

8.2CVSS6.7AI score0.00445EPSS
Exploits0References2
Snyk
Snyk
added 2025/03/11 3:27 p.m.2 views

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere due to the improper validation of target registry domains during the token exchange process. An attacker can extract and misuse authentication tokens by directin...

8.2CVSS7AI score0.00445EPSS
Exploits0References2
Snyk
Snyk
added 2025/03/11 3:27 p.m.2 views

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere due to the improper validation of target registry domains during the token exchange process. An attacker can extract and misuse authentication tokens by directin...

8.2CVSS7AI score0.00445EPSS
Exploits0References2
SUSE Linux
SUSE Linux
added 2025/02/13 10:11 a.m.1 views

Security update for python3

This update for python3 fixes the following issues: CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. bsc1236705 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

6.3CVSS7.3AI score0.01499EPSS
Exploits0References4
OSV
OSV
added 2025/02/07 5:13 p.m.9 views

SUSE-SU-2025:0386-1 Security update for python39

This update for python39 fixes the following issues: - CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. bsc1236705...

6.3CVSS7.4AI score0.01499EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/01/23 12:0 a.m.6 views

PT-2025-6115 · Lemmy +1 · Lemmy +1

Name of the Vulnerable Software and Affected Versions: Lemmy versions 0.19.8 and prior activitypub federation versions 0.6.2 and prior Description: The vulnerability allows a user to bypass any predefined hardcoded URL path or security anti-Localhost mechanism and perform an arbitrary GET request...

4CVSS7.3AI score0.00389EPSS
Exploits0References12
OSV
OSV
added 2024/12/30 4:49 p.m.4 views

GHSA-8JHW-6PJJ-8723 Better Auth has an Open Redirect Vulnerability in Verify Email Endpoint

Summary An open redirect vulnerability has been identified in the verify email endpoint of Better Auth, potentially allowing attackers to redirect users to malicious websites. This issue affects users relying on email verification links generated by the library. Affected Versions - All versions...

7.9CVSS5.9AI score0.00388EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2024/12/30 4:49 p.m.38 views

Better Auth has an Open Redirect Vulnerability in Verify Email Endpoint

Summary An open redirect vulnerability has been identified in the verify email endpoint of Better Auth, potentially allowing attackers to redirect users to malicious websites. This issue affects users relying on email verification links generated by the library. Affected Versions - All versions...

7.9CVSS6.5AI score0.00388EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/12/30 12:0 a.m.8 views

PT-2024-37047 · Unknown · Better Auth

Name of the Vulnerable Software and Affected Versions: Better Auth versions prior to v1.1.6 Description: An open redirect vulnerability has been identified in the verify email endpoint of Better Auth, potentially allowing attackers to redirect users to malicious websites. This issue affects users...

7.9CVSS7.2AI score0.00388EPSS
Exploits1References12
Vulnrichment
Vulnrichment
added 2024/11/21 5:18 p.m.13 views

CVE-2024-52289 authentik has an insecure default configuration for OAuth2 Redirect URIs

authentik is an open-source identity provider. Redirect URIs in the OAuth2 provider in authentik are checked by RegEx comparison. When no Redirect URIs are configured in a provider, authentik will automatically use the first redirecturi value received as an allowed redirect URI, without escaping...

7.9CVSS6.4AI score0.0106EPSS
Exploits0References2
OSV
OSV
added 2024/10/04 8:15 p.m.2 views

UBUNTU-CVE-2024-47764

cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. A similar escape can be used for path and domain, which could be abused to alter other fields of the cookie. Upgrade to...

6.9CVSS6.7AI score0.00749EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/09/01 12:0 a.m.6 views

Linen 安全漏洞

Linen is a community-based, lightweight Google searchable Slack alternative to Linen open source. A security vulnerability exists in versions prior to Linen cd37c3e that stems from improper domain validation when resetting passwords...

9.8CVSS6.6AI score0.0054EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/09/01 12:0 a.m.22 views

CVE-2024-45522

Linen before cd37c3e does not verify that the domain is linen.dev or www.linen.dev when resetting a password. This occurs in create in apps/web/pages/api/forgot-password/index.ts...

0.0054EPSS
Exploits0References1
Krebs on Security
Krebs on Security
added 2024/07/26 9:31 p.m.16 views

Crooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services

Google says it recently fixed an authentication weakness that allowed crooks to circumvent the email verification required to create a Google Workspace account, and leverage that to impersonate a domain holder at third-party services that allow logins through Googles "Sign in with Google" feature...

8AI score
Exploits0
Rows per page
Query Builder