Lucene search
K

172 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 1:14 a.m.27 views

CVE-2022-41713

deep-object-diff version 1.1.0 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the 'proto' property to be edited...

5.3CVSS6.7AI score0.00643EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:41 a.m.8 views

CVE-2022-41714

fastest-json-copy version 1.0.1 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the 'proto' property to be edited...

5.3CVSS6.7AI score0.00615EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:39 a.m.8 views

CVE-2022-40276

Zettlr version 2.3.0 allows an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Zettlr. This is possible because the application does not have a CSP policy or at least not strict enough and/or does not properly valida...

5.5CVSS6.6AI score0.00365EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:50 p.m.7 views

CVE-2022-42750

CandidATS version 3.0.0 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the files uploaded by the user...

8.8CVSS7AI score0.00969EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:50 p.m.7 views

CVE-2022-42744

CandidATS version 3.0.0 allows an external attacker to perform CRUD operations on the application databases. This is possible because the application does not correctly validate the entriesPerPage parameter against SQLi attacks...

9.8CVSS6.8AI score0.01197EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:27 p.m.8 views

CVE-2022-40274

Gridea version 0.9.3 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Gridea. This is possible because the application has the 'nodeIntegration' option enabled...

7.8CVSS7.7AI score0.00434EPSS
Exploits1References1
CVE
CVE
added 2025/03/31 11:33 a.m.87 views

CVE-2025-2586

OpenShift Lightspeed Service is affected by unauthenticated API request flooding that can exhaust resources and cause service degradation or unavailability. The vulnerability arises from repeated queries to non-existent endpoints (for example, /api/v1/nonexistent), inflating metrics storage/proce...

7.5CVSS7.5AI score0.00508EPSS
Exploits0References3
NVD
NVD
added 2025/01/30 8:15 p.m.15 views

CVE-2024-10603

Weaknesses in the generation of TCP/UDP source ports and some other header values in Google's gVisor allowed them to be predicted by an external attacker in some circumstances...

6.3CVSS0.00258EPSS
Exploits1References4
OSV
OSV
added 2025/01/30 8:15 p.m.19 views

UBUNTU-CVE-2024-10603

Weaknesses in the generation of TCP/UDP source ports and some other header values in Google's gVisor allowed them to be predicted by an external attacker in some circumstances...

6.3CVSS5.8AI score0.00258EPSS
Exploits1References5
CVE
CVE
added 2025/01/30 7:14 p.m.56 views

CVE-2024-10603

CVE-2024-10603 concerns weaknesses in the generation of TCP/UDP source ports and some other header values in Google’s gVisor that could allow an external attacker to predict them in certain circumstances. The connected Nessus, OSV, NVD, and vendor advisories consistently reference gVisor-related ...

6.3CVSS6.4AI score0.00258EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2025/01/30 7:14 p.m.10 views

CVE-2024-10603

Weaknesses in the generation of TCP/UDP source ports and some other header values in Google's gVisor allowed them to be predicted by an external attacker in some circumstances...

6.3CVSS6.7AI score0.00258EPSS
Exploits1References6
Cvelist
Cvelist
added 2025/01/30 7:14 p.m.30 views

CVE-2024-10603

Weaknesses in the generation of TCP/UDP source ports and some other header values in Google's gVisor allowed them to be predicted by an external attacker in some circumstances...

6.3CVSS0.00258EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/01/30 7:14 p.m.7 views

CVE-2024-10603

Weaknesses in the generation of TCP/UDP source ports and some other header values in Google's gVisor allowed them to be predicted by an external attacker in some circumstances...

6.3CVSS6.5AI score0.00258EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/01/30 12:0 a.m.5 views

PT-2025-1598 · Google · Gvisor

Name of the Vulnerable Software and Affected Versions: gVisor affected versions not specified Description: The issue concerns weaknesses in the generation of TCP/UDP source ports and some other header values in Google's gVisor. This allowed an external attacker to predict these values in certain...

6.3CVSS5.9AI score0.00258EPSS
Exploits1References14
OSV
OSV
added 2024/09/10 3:15 p.m.12 views

CVE-2024-23184

Having a large number of address headers From, To, Cc, Bcc, etc. becomes excessively CPU intensive. With 100k header lines CPU usage is already 12 seconds, and in a production environment we observed 500k header lines taking 18 minutes to parse. Since this can be triggered by external actors...

6.5AI score
Exploits0References3
NVD
NVD
added 2024/09/10 3:15 p.m.35 views

CVE-2024-23184

Having a large number of address headers From, To, Cc, Bcc, etc. becomes excessively CPU intensive. With 100k header lines CPU usage is already 12 seconds, and in a production environment we observed 500k header lines taking 18 minutes to parse. Since this can be triggered by external actors...

5CVSS0.00839EPSS
Exploits2References4
OSV
OSV
added 2024/09/10 3:15 p.m.2 views

DEBIAN-CVE-2024-23184

Having a large number of address headers From, To, Cc, Bcc, etc. becomes excessively CPU intensive. With 100k header lines CPU usage is already 12 seconds, and in a production environment we observed 500k header lines taking 18 minutes to parse. Since this can be triggered by external actors...

5CVSS7.1AI score0.00839EPSS
Exploits2References1
AlpineLinux
AlpineLinux
added 2024/09/10 2:33 p.m.10 views

CVE-2024-23184

Having a large number of address headers From, To, Cc, Bcc, etc. becomes excessively CPU intensive. With 100k header lines CPU usage is already 12 seconds, and in a production environment we observed 500k header lines taking 18 minutes to parse. Since this can be triggered by external actors...

5CVSS6.1AI score0.00839EPSS
Exploits2
Veracode
Veracode
added 2024/08/16 7:4 a.m.13 views

Authorization Bypass

directus is vulnerable to Authorization Bypass. The vulnerability is caused due to a missing validation for the user parameter in the PATCH requests for the end point /presets. This allows an authenticated external attacker to modify presets created by the same user to assign them to another user...

4.3CVSS6.3AI score0.00326EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2024/08/15 3:10 a.m.16 views

CVE-2024-6534 Directus 10.13.0 - Insecure object reference via PATH presets

Directus v10.13.0 allows an authenticated external attacker to modify presets created by the same user to assign them to another user. This is possible because the application only validates the user parameter in the 'POST /presets' request but not in the PATCH request. When chained with...

4.3CVSS6.8AI score0.00326EPSS
Exploits0References2
Rows per page
Query Builder