Lucene search
K

214 matches found

Positive Technologies
Positive Technologies
added 2024/04/15 12:0 a.m.4 views

PT-2024-23314 · Mintplex · Anything-Llm

Name of the Vulnerable Software and Affected Versions: anything-llm affected versions not specified Description: The application is susceptible to a flaw due to improper input validation. An attacker can exploit this by sending a malformed JSON payload to the /system/enable-multi-user endpoint...

9CVSS8.9AI score0.00731EPSS
Exploits1References7
Exploit DB
Exploit DB
added 2024/03/14 12:0 a.m.433 views

Viessmann Vitogate 300 2.1.3.0 - Remote Code Execution (RCE)

Exploit Title: Viessmann Vitogate 300 = 2.1.3.0 - Remote Code Execution RCE - Shodan Dork: http.title:'Vitogate 300' - Exploit Author: ByteHunter - Email: [email protected] - Version: versions up to 2.1.3.0 - Tested on: 2.1.1.0 - CVE : CVE-2023-5702 & CVE-2023-5222 import argparse import...

9.8CVSS6.9AI score0.74697EPSS
Exploits4
Github Security Blog
Github Security Blog
added 2024/01/25 9:32 p.m.26 views

Quarkus Improper Handling of Insufficient Permissions or Privileges and Improper Handling of Exceptional Conditions vulnerability

A flaw was found in the json payload. If annotation based security is used to secure a REST resource, the JSON body that the resource may consume is being processed deserialized prior to the security constraints being evaluated and applied. This does not happen with configuration based security...

9.8CVSS6.7AI score0.00719EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2024/01/25 7:15 p.m.60 views

CVE-2023-6267

A flaw was found in the json payload. If annotation based security is used to secure a REST resource, the JSON body that the resource may consume is being processed deserialized prior to the security constraints being evaluated and applied. This does not happen with configuration based security...

9.8CVSS9.3AI score0.00719EPSS
Exploits0References4
Prion
Prion
added 2024/01/25 7:15 p.m.23 views

Design/Logic Flaw

A flaw was found in the json payload. If annotation based security is used to secure a REST resource, the JSON body that the resource may consume is being processed deserialized prior to the security constraints being evaluated and applied. This does not happen with configuration based security...

7.5CVSS6.8AI score0.00719EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2024/01/25 6:12 p.m.45 views

CVE-2023-6267

A flaw was found in the json payload. If annotation based security is used to secure a REST resource, the JSON body that the resource may consume is being processed deserialized prior to the security constraints being evaluated and applied. This does not happen with configuration based security...

8.6CVSS6.8AI score0.00719EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/01/25 6:12 p.m.47 views

CVE-2023-6267 Quarkus: json payload getting processed prior to security checks when rest resources are used with annotations.

A flaw was found in the json payload. If annotation based security is used to secure a REST resource, the JSON body that the resource may consume is being processed deserialized prior to the security constraints being evaluated and applied. This does not happen with configuration based security...

8.6CVSS9.5AI score0.00719EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/01/25 6:12 p.m.1 views

CVE-2023-6267 Quarkus: json payload getting processed prior to security checks when rest resources are used with annotations.

A flaw was found in the json payload. If annotation based security is used to secure a REST resource, the JSON body that the resource may consume is being processed deserialized prior to the security constraints being evaluated and applied. This does not happen with configuration based security...

8.6CVSS7AI score0.00719EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/01/25 1:52 p.m.47 views

Important: Red Hat Security Advisory: Red Hat build of Quarkus 3.2.9.SP1 release and security update

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more informatio...

9.8CVSS6.9AI score0.00719EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/01/09 7:18 p.m.4 views

CVE-2024-21664 Parsing JSON serialized payload without protected field can lead to segfault

jwx is a Go module implementing various JWx JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE technologies. Calling jws.Parse with a JSON serialized payload where the signature field is present while protected is absent can lead to a nil pointer dereference. The vulnerability can be used to crash/DOS ...

4.3CVSS7AI score0.00864EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2023/09/14 5:10 p.m.36 views

PocketMine-MP server crash with certain invalid JSON payloads in `LoginPacket` due to dependency vulnerability (again)

Impact An attacker could crash PocketMine-MP by sending malformed JSON in LoginPacket. This happened due to the particular handling of NULL types in the json mapper which accepts NULL type values in typed arrays which PocketMine-MP did not expect. Code processing arrays in the JSON data could the...

7.2AI score
Exploits0References3Affected Software1
0day.today
0day.today
added 2023/07/11 12:0 a.m.343 views

Spring Cloud 3.2.2 - Remote Command Execution Exploit

Exploit Title: Spring Cloud 3.2.2 - Remote Command Execution RCE Exploit Author: GatoGamer1155, 0bfxgh0st Vendor Homepage: https://spring.io/projects/spring-cloud-function/ Description: Exploit to execute commands exploiting CVE-2022-22963 Software Link:...

9.8CVSS7.1AI score0.99939EPSS
Exploits36
OSV
OSV
added 2023/05/16 6:30 p.m.22 views

GHSA-VGFW-766V-7Q82 Jenkins AppSpider Plugin Cross-Site Request Forgery vulnerability

A cross-site request forgery CSRF vulnerability in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials...

4.3CVSS8.7AI score0.00502EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/05/16 6:30 p.m.23 views

Jenkins AppSpider Plugin missing permission check

Jenkins AppSpider Plugin 1.0.15 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified...

4.3CVSS6.6AI score0.00509EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/05/16 6:30 p.m.27 views

Jenkins AppSpider Plugin Cross-Site Request Forgery vulnerability

A cross-site request forgery CSRF vulnerability in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials...

8.8CVSS8.2AI score0.00502EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/05/16 5:15 p.m.1 views

CVE-2023-32999

A missing permission check in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials...

4.3CVSS5.8AI score0.00509EPSS
Exploits0References1
NVD
NVD
added 2023/05/16 5:15 p.m.23 views

CVE-2023-32998

A cross-site request forgery CSRF vulnerability in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials...

8.8CVSS8.7AI score0.00502EPSS
Exploits0References1
OSV
OSV
added 2023/05/16 5:15 p.m.3 views

CVE-2023-32996

A missing permission check in Jenkins SAML Single Sign OnSSO Plugin 2.0.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request with JSON body containing attacker-specified content, to miniOrange's API for sending emails...

4.3CVSS5.8AI score0.00425EPSS
Exploits0References1
Prion
Prion
added 2023/05/16 5:15 p.m.16 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials...

6.8CVSS8.6AI score0.00502EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/05/16 5:15 p.m.23 views

Design/Logic Flaw

A missing permission check in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials...

4CVSS4.4AI score0.00509EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder