Lucene search
K

16601 matches found

Cvelist
Cvelist
added 2024/06/06 5:55 p.m.39 views

CVE-2024-4325 Server-Side Request Forgery (SSRF) in gradio-app/gradio

A Server-Side Request Forgery SSRF vulnerability exists in the gradio-app/gradio version 4.21.0, specifically within the /queue/join endpoint and the saveurltocache function. The vulnerability arises when the path value, obtained from the user and expected to be a URL, is used to make an HTTP...

8.6CVSS0.37366EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/06/06 12:0 a.m.5 views

PT-2024-30411 · Gradio · Gradio

Name of the Vulnerable Software and Affected Versions: gradio-app/gradio version 4.21.0 Description: A Server-Side Request Forgery SSRF vulnerability exists, specifically within the "/queue/join" endpoint and the save url to cache function. The vulnerability arises when the path value, obtained...

8.6CVSS8.2AI score0.37366EPSS
Exploits1References11
Github Security Blog
Github Security Blog
added 2024/06/05 4:56 p.m.44 views

Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC

Summary An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. Details The OpenTelemetry Collector handles compressed HTTP requests by recognizing the Content-Encoding header, rewriting the HTTP request body, and allowing...

8.2CVSS8.3AI score0.00994EPSS
Exploits1References7Affected Software2
Cvelist
Cvelist
added 2024/06/05 4:14 p.m.26 views

CVE-2024-20404

A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct an SSRF attack on an affected system. This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that are sent to an affect...

7.2CVSS6.8AI score0.231EPSS
Exploits1References1
CVE
CVE
added 2024/06/05 4:14 p.m.77 views

CVE-2024-20404

CVE-2024-20404 affects Cisco Finesse web-based management interface. The issue is an SSRF caused by insufficient validation of user-supplied input in HTTP requests sent to the device. An unauthenticated, remote attacker can exploit crafted HTTP requests to obtain limited sensitive information fro...

7.2CVSS6.4AI score0.231EPSS
In wildExploits1References1Affected Software1
Veracode
Veracode
added 2024/06/05 11:16 a.m.16 views

Path Traversal

lollms is vulnerable to Path Traversal. The vulnerability is due to improper handling of user-supplied input in the 'listpersonalities' endpoint, allowing an attacker to traverse directories and view the contents of subfolders by manipulating the 'category' parameter in an HTTP request...

4CVSS4.2AI score0.00285EPSS
Exploits1References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/06/05 12:0 a.m.5 views

The vulnerability of the HTTP Request Handler component in FortiWeb network appliances allows attackers to enhance their privileges.

The vulnerability of the HTTP Request Handler component in FortiWeb web applications is related to deficiencies in authentication procedures. Exploiting this vulnerability can allow a malicious actor to gain increased privileges remotely...

9CVSS5.5AI score0.00651EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/06/04 9:49 a.m.16 views

BIT-NODE-2024-27982

The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in ...

6.5CVSS6.8AI score0.01155EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2024/06/03 6:38 p.m.4 views

nodejs: HTTP Request Smuggling via Content Length Obfuscation

An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request...

6.5CVSS7.2AI score0.01155EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/06/03 6:38 p.m.30 views

Important: Red Hat Security Advisory: nodejs security update

An update for nodejs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

8.2CVSS7.1AI score0.87211EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/03 1:36 p.m.45 views

Security Bulletin: Multiple vulnerabilities in eclipse jetty affect IBM Business Automation Workflow

Summary IBM Business Automation Workflow packages a vulnerable version of the eclipse jetty library. Vulnerability Details CVEID:CVE-2020-27216 DESCRIPTION: Eclipse Jetty could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race condition in the creati...

7.8CVSS7.7AI score0.53861EPSS
Exploits3Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/03 12:13 p.m.35 views

Security Bulletin: Gunicorn-20.1.0-py3-none-any.whl is vulnerable to CVE-2024-1135 used in IBM Maximo Application Suite - Edge Data Collector

Summary IBM Maximo Application Suite - Edge Data Collector uses Gunicorn-20.1.0-py3-none-any.whl which is vulnerable to CVE-2024-1135 Vulnerability Details CVEID:CVE-2024-1135 DESCRIPTION: Gunicorn is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP transfer-encoding...

7.5CVSS7.3AI score0.02996EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.21 views

RHEL 9 : nodejs (RHSA-2024:3545)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3545 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

8.2CVSS7.6AI score0.87211EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.24 views

RHEL 7 : webkitgtk3 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - webkitgtk: Use-after-free leading to arbitrary code execution CVE-2021-30858 - Late TLS certificate...

8.8CVSS8.3AI score0.13486EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.20 views

RHEL 9 : butane (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 - Uncontrolled recursio...

7.5CVSS7.4AI score0.01618EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.31 views

RHEL 4 : httpd (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - httpd information disclosure in FileEtag CVE-2003-1418 - httpd: HTTP request smuggling attack against...

5CVSS7.7AI score0.82756EPSS
Exploits14References8
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.20 views

RHEL 9 : haproxy (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - haproxy: malformed HTTP header field name can lead to HTTP request/response smuggling CVE-2023-25950 Note that Ness...

7.3CVSS7.3AI score0.02942EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.24 views

RHEL 5 : others (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - Tomcat/JBossWeb: request smuggling and limited DoS in ChunkedInputFilter CVE-2014-0227 - Apache Tomcat...

6.4CVSS9.2AI score0.29784EPSS
Exploits5References6
Cvelist
Cvelist
added 2024/06/03 12:0 a.m.20 views

CVE-2023-51219

A deep link validation issue in KakaoTalk 10.4.3 allowed a remote adversary to direct users to run any attacker-controlled JavaScript within a WebView. The impact was further escalated by triggering another WebView that leaked its access token in a HTTP request header. Ultimately, this access tok...

6.3AI score0.00523EPSS
Exploits0References2
CISA KEV Catalog
CISA KEV Catalog
added 2024/06/03 12:0 a.m.30 views

Oracle WebLogic Server OS Command Injection Vulnerability

Oracle WebLogic Server, a product within the Fusion Middleware suite, contains an OS command injection vulnerability that allows an attacker to execute arbitrary code via a specially crafted HTTP request that includes a malicious XML document...

7.4CVSS7.6AI score0.96015EPSS
In wildExploits9
Rows per page
Query Builder