Lucene search
K

734 matches found

CVE
CVE
added 2025/03/20 10:9 a.m.70 views

CVE-2024-7819

A CVE-2024-7819 entry concerns danswer-ai/danswer v1.4.1. The vulnerability is a CORS misconfiguration caused by improper validation of the origin header, enabling malicious web pages to issue unauthorized requests to the application's API and potentially disclose sensitive data (e.g., chat conte...

7.4CVSS6.5AI score0.00261EPSS
Exploits0References1
OSV
OSV
added 2025/03/18 5:32 p.m.3 views

CLSA-2025-1742319123 java-11-openjdk: Fix of 11 CVEs

Upgrade to openjdk-11.0.26+4. The following CVEs were fixed: - CVE-2024-21131: potential UTF8 size overflow - CVE-2024-21138: excessive symbol length can lead to infinite loop - CVE-2024-21140: range Check Elimination RCE pre-loop limit overflow - CVE-2024-21144: Pack200 increase loading time due...

7.4CVSS6.7AI score0.01257EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/03/16 2:48 a.m.2 views

SUSE CVE-2025-1736

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line characters may prevent certain headers from being sent or lead to certain headers be misinterpreted...

7.3CVSS7AI score0.00511EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2024-35973

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: geneve: fix header validation in geneve6xmitskb syzbot is able to trigger an uninit-value in...

5.5CVSS6.2AI score0.0025EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.21 views

openSUSE 15 Security Update : phpMyAdmin (openSUSE-SU-2025:0081-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025:0081-1 advisory. Update to version 5.2.2: - CVE-2025-24530: XSS in the 'Check Tables' feature bsc1236312. - CVE-2025-24529: XSS in the 'Insert' tab bsc1236311. -...

7.3CVSS7.5AI score0.8833EPSS
Exploits16References13
OSV
OSV
added 2025/03/03 9:28 a.m.13 views

OPENSUSE-SU-2025:0081-1 Security update for phpMyAdmin

This update for phpMyAdmin fixes the following issues: Update to version 5.2.2: - CVE-2025-24530: XSS in the 'Check Tables' feature bsc1236312. - CVE-2025-24529: XSS in the 'Insert' tab bsc1236311. - CVE-2024-2961: glibc/iconv: out-of-bounds writes when writing escape sequences bsc1222992. -...

7.3CVSS6.7AI score0.8833EPSS
Exploits16References9
RedhatCVE
RedhatCVE
added 2025/02/21 11:21 p.m.7 views

CVE-2024-37359

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. CWE-918 Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0 an...

8.6CVSS6.8AI score0.00476EPSS
Exploits0References1
NVD
NVD
added 2025/02/19 11:15 p.m.4 views

CVE-2024-37359

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. CWE-918 Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0...

8.6CVSS0.00476EPSS
Exploits0References1
CVE
CVE
added 2025/02/19 10:58 p.m.34 views

CVE-2024-37359

Hitachi Vantara Pentaho Business Analytics Server is affected by a server-side request forgery issue due to not validating the Host header of incoming HTTP/HTTPS requests. Affected versions include Pentaho Server prior to 10.2.0.0 and 9.3.0.9, including 8.3.x. The issue allows an attacker to prov...

8.6CVSS8.6AI score0.00476EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/19 10:58 p.m.10 views

CVE-2024-37359 Hitachi Vantara Pentaho Business Analytics Server – Server Side Request Forgery

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. CWE-918 Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0...

8.6CVSS0.00476EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/14 12:0 a.m.4 views

WatchGuard Fireware OS 安全漏洞

WatchGuard Fireware OS is a software from WatchGuard USA that runs on Firebox. A security vulnerability exists in WatchGuard Fireware OS versions 12.0 through 12.11, which stems from improper validation of the HTTP Host header and could lead to cache poisoning or malicious redirection...

5.1CVSS6.6AI score0.00215EPSS
Exploits0References2
Snyk
Snyk
added 2025/02/12 9:5 p.m.1 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the X-Islandora-Args header. An attacker can execute arbitrary code on the server by sending a crafted request containing malicious inp...

9.5CVSS7.7AI score
Exploits0References2
GithubExploit
GithubExploit
added 2025/02/09 12:14 a.m.109 views

Exploit for Improper Control of Dynamically-Managed Code Resources in Lightningai Pytorch_Lightning

CVE-2024-5452 01. RCE 와 pytorch-lightning 개요 - 1 RCE 와...

9.8CVSS7.9AI score0.26488EPSS
Exploits3
OSV
OSV
added 2025/01/23 6:15 p.m.4 views

CVE-2024-55926

A vulnerability found in Xerox Workplace Suite allows arbitrary file read, upload, and deletion on the server through crafted header manipulation. By exploiting improper validation of headers, attackers can gain unauthorized access to data...

9.8CVSS5.9AI score0.00409EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/23 12:0 a.m.7 views

PT-2025-3153 · Xerox · Xerox Workplace Suite

Name of the Vulnerable Software and Affected Versions: Xerox Workplace Suite versions prior to 5.6.701.9 Description: The issue involves an API security bypass through header manipulation. In Xerox Workplace Suite, an API restricted to specific hosts can be bypassed by manipulating the "Host"...

7.5CVSS9.6AI score0.0035EPSS
Exploits0References11
Snyk
Snyk
added 2025/01/21 9:13 p.m.5 views

Interpretation Conflict

Overview codeigniter4/framework is a PHP full-stack web framework that is light, fast, flexible, and secure. Affected versions of this package are vulnerable to Interpretation Conflict due to a lack of validations of the header name and value. Workaround Users who are unable to upgrade to the fix...

6.9CVSS7AI score0.00477EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/01/21 9:13 p.m.27 views

Missing validation of header name and value in codeigniter4/framework

Impact Lack of proper header validation for its name and value. The potential attacker can construct deliberately malformed headers with Header class. This could disrupt application functionality, potentially causing errors or generating invalid HTTP requests. In some cases, these malformed...

5.3CVSS6.7AI score0.00477EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2025/01/21 9:13 p.m.20 views

GHSA-X5MQ-JJR3-VMX6 Missing validation of header name and value in codeigniter4/framework

Impact Lack of proper header validation for its name and value. The potential attacker can construct deliberately malformed headers with Header class. This could disrupt application functionality, potentially causing errors or generating invalid HTTP requests. In some cases, these malformed...

5.3CVSS6AI score0.00477EPSS
Exploits0References6
NVD
NVD
added 2025/01/20 4:15 p.m.16 views

CVE-2025-24013

CodeIgniter is a PHP full-stack web framework. Prior to 4.5.8, CodeIgniter lacked proper header validation for its name and value. The potential attacker can construct deliberately malformed headers with Header class. This could disrupt application functionality, potentially causing errors or...

5.3CVSS0.00477EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/01/20 3:57 p.m.14 views

CVE-2025-24013 CodeIgniter validation of header name and value

CodeIgniter is a PHP full-stack web framework. Prior to 4.5.8, CodeIgniter lacked proper header validation for its name and value. The potential attacker can construct deliberately malformed headers with Header class. This could disrupt application functionality, potentially causing errors or...

5.3CVSS6.9AI score0.00477EPSS
Exploits0References4
Rows per page
Query Builder