Lucene search
K

8226 matches found

Veracode
Veracode
added 2025/10/23 5:38 a.m.5 views

Improper Input Validation

Hono is vulnerable to improper input validation. The vulnerability is due to a flaw in the bodyLimit middleware that prioritized the Content-Length header over Transfer-Encoding: chunked, which allows an attacker to bypass the configured request body size limit and potentially cause a denial of...

5.3CVSS6.9AI score0.00416EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/10/22 8:18 p.m.6 views

CVE-2025-61757

Vulnerability in the Identity Manager product of Oracle Fusion Middleware component: REST WebServices. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager...

9.8CVSS7AI score0.88312EPSS
Exploits1References1
NVD
NVD
added 2025/10/21 8:20 p.m.10 views

CVE-2025-61757

Vulnerability in the Identity Manager product of Oracle Fusion Middleware component: REST WebServices. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager...

9.8CVSS0.88312EPSS
Exploits1References3
OSV
OSV
added 2025/10/21 8:20 p.m.5 views

CVE-2025-61757

Vulnerability in the Identity Manager product of Oracle Fusion Middleware component: REST WebServices. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager...

9.8CVSS5.8AI score0.88312EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/21 8:3 p.m.6 views

EUVD-2025-35253

Vulnerability in the Identity Manager product of Oracle Fusion Middleware component: REST WebServices. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager...

9.8CVSS6.6AI score0.88312EPSS
Exploits1References1
CNVD
CNVD
added 2025/10/21 12:0 a.m.1 views

ChurchCRM Authentication Error Vulnerability

ChurchCRM is ChurchCRM open source an open source CRM system for churches. ChurchCRM 5.18.0 and earlier versions have an authentication error vulnerability that stems from a lack of authentication in the AuthMiddleware function in the API Endpoint component, which can be exploited by an attacker ...

9.8CVSS7AI score0.00562EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/10/21 12:0 a.m.4 views

Oracle Fusion Middleware 安全漏洞

Oracle Fusion Middleware Oracle Fusion Middleware is a set of business innovation platforms for enterprise and cloud environments from Oracle USA. The platform provides middleware, software collections, and other capabilities. A security vulnerability exists in Oracle WebLogic Server versions...

7.5CVSS7.3AI score0.00363EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/21 12:0 a.m.4 views

Oracle Fusion Middleware 安全漏洞

Oracle Fusion Middleware Oracle Fusion Middleware is a set of business innovation platforms for enterprise and cloud environments from Oracle Corporation. The platform provides middleware, software collections, and other capabilities.Identity Manager is one of the enterprise identity management...

9.8CVSS7.4AI score0.88312EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/10/21 12:0 a.m.2 views

Oracle Fusion Middleware 安全漏洞

Oracle Fusion Middleware Oracle Fusion Middleware is a set of business innovation platforms for enterprise and cloud environments from Oracle Corporation. The platform provides middleware, software collections, and other capabilities.WebLogic Server is one of the application server components for...

5.3CVSS7AI score0.00239EPSS
Exploits0References2
Veracode
Veracode
added 2025/10/17 12:24 p.m.10 views

Command Injection

Hoverfly is vulnerable to Command Injection. The vulnerability is due to improper input validation in the middleware endpoint due to the binary and script parameters being passed directly into a system without sanitization. This allows an attacker to supply crafted values for those parameters to...

9.8CVSS7.4AI score0.10543EPSS
Exploits7References7Affected Software1
RedhatCVE
RedhatCVE
added 2025/10/16 5:47 p.m.6 views

CVE-2025-62378

CommandKit is the discord.js meta-framework for building Discord bots. In versions 1.2.0-rc.1 through 1.2.0-rc.11, a logic flaw exists in the message command handler that affects how the commandName property is exposed to both middleware functions and command execution contexts when handling...

6.1CVSS7AI score0.00148EPSS
Exploits0References1
NVD
NVD
added 2025/10/15 5:16 p.m.3 views

CVE-2025-62378

CommandKit is the discord.js meta-framework for building Discord bots. In versions 1.2.0-rc.1 through 1.2.0-rc.11, a logic flaw exists in the message command handler that affects how the commandName property is exposed to both middleware functions and command execution contexts when handling...

6.1CVSS0.00148EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/15 5:2 p.m.7 views

CVE-2025-62378 CommandKit exposes incorrect command name in context object for message command aliases

CommandKit is the discord.js meta-framework for building Discord bots. In versions 1.2.0-rc.1 through 1.2.0-rc.11, a logic flaw exists in the message command handler that affects how the commandName property is exposed to both middleware functions and command execution contexts when handling...

6.1CVSS6.7AI score0.00148EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/10/13 5:43 p.m.6 views

CommandKit has incorrect command name exposure in context object for message command aliases

Impact A logic flaw exists in the message command handler of CommandKit that affects how the commandName property is exposed to both middleware functions and command execution contexts when handling command aliases. When a message command is invoked using an alias, the ctx.commandName value...

6.1CVSS7.1AI score0.00148EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2025/10/09 3:15 a.m.2 views

CVE-2025-11529

A security flaw has been discovered in ChurchCRM up to 5.18.0. This impacts the function AuthMiddleware of the file src/ChurchCRM/Slim/Middleware/AuthMiddleware.php of the component API Endpoint. The manipulation results in missing authentication. The attack can be executed remotely. The exploit...

9.8CVSS0.00562EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/10/09 3:2 a.m.1 views

CVE-2025-11529 ChurchCRM API Endpoint AuthMiddleware.php AuthMiddleware missing authentication

A security flaw has been discovered in ChurchCRM up to 5.18.0. This impacts the function AuthMiddleware of the file src/ChurchCRM/Slim/Middleware/AuthMiddleware.php of the component API Endpoint. The manipulation results in missing authentication. The attack can be executed remotely. The exploit...

7.5CVSS6.9AI score0.00562EPSS
Exploits1References6
Cvelist
Cvelist
added 2025/10/09 3:2 a.m.7 views

CVE-2025-11529 ChurchCRM API Endpoint AuthMiddleware.php AuthMiddleware missing authentication

A security flaw has been discovered in ChurchCRM up to 5.18.0. This impacts the function AuthMiddleware of the file src/ChurchCRM/Slim/Middleware/AuthMiddleware.php of the component API Endpoint. The manipulation results in missing authentication. The attack can be executed remotely. The exploit...

7.5CVSS0.00562EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/10/09 12:0 a.m.3 views

PT-2025-41335

Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 5.18.0 Description A security flaw exists in ChurchCRM impacting the AuthMiddleware function within the src/ChurchCRM/Slim/Middleware/AuthMiddleware.php file of the API Endpoint component. This allows for missing...

7.5CVSS7.5AI score0.00562EPSS
Exploits1References12
RedhatCVE
RedhatCVE
added 2025/10/07 4:27 p.m.5 views

CVE-2025-59152

Litestar is an Asynchronous Server Gateway Interface ASGI framework. In version 2.17.0, rate limits can be completely bypassed by manipulating the X-Forwarded-For header. This renders IP-based rate limiting ineffective against determined attackers. Litestar's RateLimitMiddleware uses...

7.5CVSS6.9AI score0.00442EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/10/07 4:38 a.m.5 views

Malicious code in webpack-dev-serve-middleware (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fb201f67e4df2c2951dcebb70620a58ed8d7c1862d4697b4e14b2e95b6673d84 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
Rows per page
Query Builder