Lucene search
K

1123 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/30 12:11 p.m.4 views

CVE-2024-13971

Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobsterpro prior to version 4.12.6-GA. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services...

7.7CVSS5.5AI score0.0047EPSS
Exploits2References2
NVD
NVD
added 2026/04/30 7:16 a.m.8 views

CVE-2024-39847

Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services...

8.7CVSS0.00447EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2026/04/30 7:10 a.m.4 views

CVE-2024-39847

Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services...

8.7CVSS5.5AI score0.00447EPSS
Exploits2References3
EUVD
EUVD
added 2026/04/30 7:10 a.m.8 views

EUVD-2024-55562

Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services...

8.7CVSS5.5AI score0.00447EPSS
Exploits2References2
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.11 views

Lobster_pro 代码问题漏洞

Lobsterpro is a middleware platform developed by the German company Lobster, used for enterprise data integration and process orchestration. Versions of Lobsterpro prior to 4.12.6-GA contained code vulnerabilities. These vulnerabilities stemmed from weaknesses in the XML parser’s functionality,...

7.7CVSS6.1AI score0.0047EPSS
Exploits2References2
Github Security Blog
Github Security Blog
added 2026/04/29 9:54 p.m.10 views

Admidio has CSRF on Admin Preferences that Triggers Unauthorized Backup, .htaccess Write, and Email Send

Summary Several administrative operations in Admidio's preferences module database backup, test email, htaccess generation fire via GET requests with no CSRF token validation. Because SameSite=Lax cookies travel with top-level GET navigations, an attacker forces an authenticated admin to trigger...

3.5CVSS5.6AI score0.00117EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/29 9:54 p.m.26 views

GHSA-RW74-VC9H-534J Admidio has CSRF on Admin Preferences that Triggers Unauthorized Backup, .htaccess Write, and Email Send

Summary Several administrative operations in Admidio's preferences module database backup, test email, htaccess generation fire via GET requests with no CSRF token validation. Because SameSite=Lax cookies travel with top-level GET navigations, an attacker forces an authenticated admin to trigger...

3.5CVSS5.8AI score0.00117EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/28 10:43 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the requestToMsgGet process. An attacker can exhaust CPU and memory resources by sending oversized DNS-over-HTTPS GET requests with large dns query parameters, causing the...

8.7CVSS5.8AI score0.00672EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/22 5:6 p.m.4 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the GET routes that change state. An attacker can cause authenticated users to unintentionally delete files or create directories by tricking them into visiting a crafted URL, as there is no validatio...

8.1CVSS5.4AI score0.00143EPSS
Exploits1References2
Veracode
Veracode
added 2026/04/16 9:21 a.m.9 views

Cross-site Request Forgery

RedwoodSDK is vulnerable to Cross-site Request Forgery. The vulnerability is due to server functions exported from 'use server' files being invoked via GET requests, bypassing their intended HTTP method, where browsers send SameSite=Lax cookies on top-level GET requests and an attacker could...

8.1CVSS5.8AI score0.0021EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/15 12:0 a.m.4 views

CVE-2026-30996

An issue in the file handling logic of the component download.php of SAC-NFe v2.0.02 allows attackers to execute a directory traversal and read arbitrary files from the system via a crafted GET request...

7.5CVSS5.9AI score0.00738EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.9 views

PT-2026-33232

Name of the Vulnerable Software and Affected Versions goshs versions 2.0.0-beta.4 through 2.0.0-beta.5 Description goshs contains a cross-site request forgery issue in its state-changing HTTP GET routes. An external attacker can cause an authenticated browser to trigger destructive actions becaus...

8.1CVSS5.8AI score0.00143EPSS
Exploits1References7
Cvelist
Cvelist
added 2026/04/12 12:28 p.m.33 views

CVE-2019-25707 eBrigade ERP 4.5 SQL Injection via pdf.php

eBrigade ERP 4.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to pdf.php with crafted SQL payloads in the 'id' parameter to extract sensitive...

7.1CVSS0.00269EPSS
Exploits1References4
CVE
CVE
added 2026/04/10 6:32 p.m.11 views

CVE-2026-33705

CVE-2026-33705 affects Chamilo LMS. Prior to 1.11.38, Twig template files under /main/template/default/ were accessible without authentication via HTTP GET, exposing internal application logic, variable names, AJAX endpoint URLs, and admin panel structure. The issue is fixed in 1.11.38. Reported ...

5.3CVSS5.8AI score0.00245EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/04/09 10:16 p.m.3 views

CVE-2026-39848

Dockyard is a Docker container management app. Prior to 1.1.0, Docker container start and stop operations are performed through GET requests without CSRF protection. A remote attacker can cause a logged-in administrator's browser to request /apps/action.php?action=stop&name= or...

6.5CVSS0.00107EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/09 9:44 p.m.1 views

CVE-2026-39848

Dockyard is a Docker container management app. Prior to 1.1.0, Docker container start and stop operations are performed through GET requests without CSRF protection. A remote attacker can cause a logged-in administrator's browser to request /apps/action.php?action=stop= or...

6.5CVSS6AI score0.00107EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/04/09 9:44 p.m.4 views

EUVD-2026-21210

Dockyard is a Docker container management app. Prior to 1.1.0, Docker container start and stop operations are performed through GET requests without CSRF protection. A remote attacker can cause a logged-in administrator's browser to request /apps/action.php?action=stop&name= or...

6.5CVSS6AI score0.00107EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/09 9:44 p.m.2 views

CVE-2026-39848 Dockyard's Unauthenticated Cron Endpoint in Dockyard Enables Container Enumeration and Database Manipulation

Dockyard is a Docker container management app. Prior to 1.1.0, Docker container start and stop operations are performed through GET requests without CSRF protection. A remote attacker can cause a logged-in administrator's browser to request /apps/action.php?action=stop&name= or...

6.5CVSS5.8AI score0.00107EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.8 views

PT-2026-31809

Name of the Vulnerable Software and Affected Versions Dockyard versions prior to 1.1.0 Description Dockyard is a Docker container management app. Prior to version 1.1.0, Docker container start and stop operations are performed through GET requests without Cross-Site Request Forgery CSRF protectio...

6.5CVSS5.8AI score0.00107EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.9 views

Dockyard 访问控制错误漏洞

Dockyard is a lightweight Docker container management web interface developed by Ismail as an individual developer. Versions of Dockyard prior to 1.1.0 contained an access control vulnerability. This vulnerability stemmed from the fact that Docker container startup and shutdown operations were...

6.5CVSS5.8AI score0.00107EPSS
Exploits0References1
Rows per page
Query Builder