Lucene search
K

28 matches found

Cvelist
Cvelist
added 2025/01/23 6:6 a.m.15 views

CVE-2024-43710 Kibana server-side request forgery

A server side request forgery vulnerability was identified in Kibana where the /api/fleet/healthcheck API could be used to send requests to internal endpoints. Due to the nature of the underlying request, only endpoints available over https that return JSON could be accessed. This can be carried...

4.3CVSS0.00232EPSS
Exploits0References1
Veracode
Veracode
added 2025/01/23 5:13 a.m.6 views

Excessive Memory Consumption

github.com/t2bot/matrix-media-repo is vulnerable to Excessive Memory Consumption. The vulnerability is due to inadequate handling of large JSON responses, allowing an attacker to exhaust system memory and potentially crash the application...

7.5CVSS6.6AI score0.00728EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2025/01/16 12:0 a.m.7 views

matrix-media-repo 安全漏洞

matrix-media-repo is a highly configurable multi-domain media repository for Matrix open-sourced by t2bot.io. A security vulnerability exists in matrix-media-repo versions prior to v1.3.8, which stems from requests made to other servers during normal operation. These resource owners can return...

7.5CVSS6.8AI score0.00728EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/10/24 6:13 p.m.22 views

OpenRefine's error page lacks escaping, leading to potential Cross-site Scripting on import of malicious project

Summary The built-in "Something went wrong!" error page includes the exception message and exception traceback without escaping HTML tags, enabling injection into the page if an attacker can reliably produce an error with an attacker-influenced message. It appears that the only way to reach this...

6.1CVSS6.9AI score0.00487EPSS
Exploits1References5Affected Software1
UbuntuCve
UbuntuCve
added 2023/12/04 9:15 p.m.25 views

CVE-2023-49080

The Jupyter Server provides the backend i.e. the core services, APIs, and REST endpoints for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. Unhandled errors in API requests coming from an authenticated user include traceback information, which can include path information...

4.3CVSS5.8AI score0.00841EPSS
Exploits0References4
NVD
NVD
added 2023/01/11 8:15 p.m.49 views

CVE-2023-22487

Flarum is a forum software for building communities. Using the mentions feature provided by the flarum/mentions extension, users can mention any post ID on the forum with the special @""p syntax. The following behavior never changes no matter if the actor should be able to read the mentioned post...

7.7CVSS7.4AI score0.00665EPSS
Exploits1References2
Hacker One
Hacker One
added 2019/12/24 12:3 a.m.109 views

Mapbox: Stored XSS | api.mapbox.com | IE 11 | Styles name

On December 24, 2019, user @renekroka reported a stored XSS injection vulnerability on api.mapbox.com that affected users in Internet Explorer 11. An attacker could store XSS injections on Mapbox servers, and then exploit them in IE11 due to JSON responses not including the X-Content-Type-Options...

1.5AI score
Exploits0
CVE
CVE
added 2019/04/25 5:8 p.m.62 views

CVE-2018-1360

Fortinet FortiManager 5.2.x (<=5.2.7) and 5.4.x (

8.1CVSS7.9AI score0.00863EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder