Lucene search
K

80 matches found

RedHat Linux
RedHat Linux
added 2025/04/23 10:20 a.m.2 views

mod_auth_openidc: mod_auth_openidc allows OIDCProviderAuthRequestMethod POSTs to leak protected data

A flaw was found in modauthopenidc, an OpenID Connect authentication module for Apache HTTP Server. This vulnerability allows unauthenticated users to access protected content via crafted HTTP POST requests to protected resources when no application-level gateway is present...

8.2CVSS5.8AI score0.00542EPSS
Exploits0References6
OSV
OSV
added 2025/04/18 1:50 p.m.2 views

OESA-2025-1444 mod_auth_openidc security update

This module enables an Apache 2.x web server to operate as an OpenID Connect Relying PartyRP to an OpenID Connect ProviderOP. Security Fixes: modauthopenidc is an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Par...

8.2CVSS7AI score0.00542EPSS
Exploits0References2
OSV
OSV
added 2025/04/18 1:50 p.m.2 views

OESA-2025-1443 mod_auth_openidc security update

This module enables an Apache 2.x web server to operate as an OpenID Connect Relying PartyRP to an OpenID Connect ProviderOP. Security Fixes: modauthopenidc is an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Par...

8.2CVSS7AI score0.00542EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/04/16 10:34 a.m.4 views

mod_auth_openidc: mod_auth_openidc allows OIDCProviderAuthRequestMethod POSTs to leak protected data

A flaw was found in modauthopenidc, an OpenID Connect authentication module for Apache HTTP Server. This vulnerability allows unauthenticated users to access protected content via crafted HTTP POST requests to protected resources when no application-level gateway is present...

8.2CVSS5.8AI score0.00542EPSS
Exploits0References6
OSV
OSV
added 2025/04/06 8:15 p.m.6 views

AZL-61786 CVE-2025-31492 affecting package mod_auth_openidc 2.4.14.2-2

modauthopenidc is an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. Prior to 2.4.16.11, a bug in a modauthopenidc results in disclosure of protected content to unauthenticated users. The...

8.2CVSS7AI score0.00542EPSS
Exploits0References1
OSV
OSV
added 2025/04/06 8:15 p.m.2 views

DEBIAN-CVE-2025-31492

modauthopenidc is an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. Prior to 2.4.16.11, a bug in a modauthopenidc results in disclosure of protected content to unauthenticated users. The...

8.2CVSS6.1AI score0.00542EPSS
Exploits0References1
OSV
OSV
added 2025/04/06 8:15 p.m.5 views

AZL-59592 CVE-2025-31492 affecting package mod_auth_openidc 2.4.14.2-1

modauthopenidc is an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. Prior to 2.4.16.11, a bug in a modauthopenidc results in disclosure of protected content to unauthenticated users. The...

8.2CVSS7AI score0.00542EPSS
Exploits0References1
OSV
OSV
added 2025/04/06 8:15 p.m.2 views

UBUNTU-CVE-2025-31492

modauthopenidc is an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. Prior to 2.4.16.11, a bug in a modauthopenidc results in disclosure of protected content to unauthenticated users. The...

8.2CVSS7AI score0.00542EPSS
Exploits0References5
NVD
NVD
added 2024/12/20 4:15 a.m.17 views

CVE-2024-44223

This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. An attacker with physical access to a Mac may be able to view protected content from the Login Window...

4.6CVSS0.00275EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/20 4:6 a.m.10 views

CVE-2024-44223

This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. An attacker with physical access to a Mac may be able to view protected content from the Login Window...

5.6AI score0.00275EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/20 12:0 a.m.6 views

Apple macOS 安全漏洞

Apple macOS is a specialized operating system developed by Apple for Mac computers. Apple macOS suffers from an information disclosure vulnerability that can be exploited by an attacker to view protected content from a login window...

4.6CVSS5.9AI score0.00275EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/10/28 12:0 a.m.7 views

PT-2024-31052 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 15.1 Description: This issue was addressed through improved state management. An attacker with physical access to a Mac may be able to view protected content from the Login Window. Recommendations: For versions prior t...

4.6CVSS5.9AI score0.00275EPSS
Exploits0References8
CVE
CVE
added 2024/10/22 3:25 p.m.49 views

CVE-2024-47819

CVE-2024-47819 – Umbraco XSS (Dictionary section) Affected: Umbraco CMS (.NET) versions 14.0.0 up to, but not including, 14.3.1 and 15.0.0.Root cause: cross-site scripting vulnerability in the Dictionary section that can be triggered by an admin-privileged user to execute injected scripts.Impact:...

8.7CVSS4.8AI score0.00326EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/04/09 7:15 p.m.20 views

CVE-2024-2093

The VK All in One Expansion Unit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 9.95.0.1 via social meta tags. This makes it possible for unauthenticated attackers to view limited password protected content...

6.5CVSS6.4AI score0.00678EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/04/09 6:59 p.m.16 views

CVE-2024-2093

The VK All in One Expansion Unit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 9.95.0.1 via social meta tags. This makes it possible for unauthenticated attackers to view limited password protected content...

6.5CVSS7.2AI score0.00678EPSS
Exploits1References3
WPVulnDB
WPVulnDB
added 2024/03/26 12:0 a.m.21 views

VK All in One Expansion Unit < 9.96.0.0 - Unauthenticated Password Protected Content Access

Description The plugin is vulnerable to Sensitive Information Exposure via social meta tags, allowing unauthenticated attackers to view limited password protected content...

6.5CVSS7.2AI score0.00678EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2024/03/05 2:15 a.m.5 views

CVE-2024-1769

The JM Twitter Cards plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 12 via the meta description data. This makes it possible for unauthenticated attackers to view password protected post content when viewing the page source...

5.3CVSS5.8AI score0.00611EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/03/04 12:0 a.m.8 views

PT-2024-18290 · WordPress · Jm Twitter Cards

Name of the Vulnerable Software and Affected Versions: JM Twitter Cards plugin for WordPress versions up to, and including, 12 Description: The issue allows unauthenticated attackers to view password protected post content when viewing the page source, due to Information Exposure via the meta...

5.3CVSS7.5AI score0.00611EPSS
Exploits0References6
NVD
NVD
added 2024/02/03 6:15 a.m.31 views

CVE-2024-0909

The Anonymous Restricted Content plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.6.2. This is due to insufficient restrictions through the REST API on the posts/pages that protections are being place on. This makes it possible for unauthenticat...

7.5CVSS5.7AI score0.00608EPSS
Exploits0References3
OSV
OSV
added 2024/02/03 6:15 a.m.3 views

CVE-2024-0909

The Anonymous Restricted Content plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.6.2. This is due to insufficient restrictions through the REST API on the posts/pages that protections are being place on. This makes it possible for unauthenticat...

7.5CVSS7.2AI score0.00608EPSS
Exploits0References3
Rows per page
Query Builder