Lucene search
K

92 matches found

Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.12 views

PT-2026-1559

Name of the Vulnerable Software and Affected Versions OpenFlagr versions prior to and including 1.1.18 Description The software contains an authentication bypass issue in the HTTP middleware. Improper path normalization within the whitelist logic allows crafted requests to bypass authentication,...

9.3CVSS6.7AI score0.00439EPSS
Exploits0References9
Veracode
Veracode
added 2025/12/17 1:14 p.m.8 views

Improper Path Handling

formio is vulnerable to improper path handling. The vulnerability is due to improper validation of crafted request paths, which allows an unauthenticated or unauthorized attacker to bypass API access controls and retrieve data from protected endpoints...

8.7CVSS7.1AI score0.00273EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/12 1:6 a.m.5 views

CVE-2025-67718

Form.io is a combined Form and API platform for Serverless applications. Versions 3.5.6 and below and 4.0.0-rc.1 through 4.4.2 contain a flaw in path handling which could allow an attacker to access protected API endpoints by sending a crafted request path. An unauthenticated or unauthorized...

8.7CVSS6.7AI score0.00273EPSS
Exploits0References1
Snyk
Snyk
added 2025/12/11 1:49 a.m.1 views

Improper Handling of Case Sensitivity

Overview org.webjars.npm:formio is an A Form and Data Management Platform for Progressive Web Applications Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity via improper handling of the path parameter. An attacker can gain unauthorized access to protected A...

8.7CVSS6.9AI score0.00273EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/11 1:49 a.m.4 views

Improper Handling of Case Sensitivity

Overview formio is an A Form and Data Management Platform for Progressive Web Applications Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity via improper handling of the path parameter. An attacker can gain unauthorized access to protected API endpoints by...

8.7CVSS6.9AI score0.00273EPSS
Exploits0References2
NVD
NVD
added 2025/12/11 1:16 a.m.6 views

CVE-2025-67718

Form.io is a combined Form and API platform for Serverless applications. Versions 3.5.6 and below and 4.0.0-rc.1 through 4.4.2 contain a flaw in path handling which could allow an attacker to access protected API endpoints by sending a crafted request path. An unauthenticated or unauthorized...

8.7CVSS0.00273EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/11 12:58 a.m.27 views

CVE-2025-67718 Formio improperly authorized permission elevation through specially crafted request path

Form.io is a combined Form and API platform for Serverless applications. Versions 3.5.6 and below and 4.0.0-rc.1 through 4.4.2 contain a flaw in path handling which could allow an attacker to access protected API endpoints by sending a crafted request path. An unauthenticated or unauthorized...

8.7CVSS0.00273EPSS
Exploits0References2
OSV
OSV
added 2025/12/11 12:58 a.m.6 views

CVE-2025-67718 Formio improperly authorized permission elevation through specially crafted request path

Form.io is a combined Form and API platform for Serverless applications. Versions 3.5.6 and below and 4.0.0-rc.1 through 4.4.2 contain a flaw in path handling which could allow an attacker to access protected API endpoints by sending a crafted request path. An unauthenticated or unauthorized...

8.7CVSS6.6AI score0.00273EPSS
Exploits0References4
CVE
CVE
added 2025/12/11 12:58 a.m.11 views

CVE-2025-67718

Form.io exposes a path-handling vulnerability that can let unauthenticated/unauthorized requests access protected API endpoints by sending crafted request paths. Affected versions: 3.5.6 and earlier, and 4.0.0-rc.1 through 4.4.2. Impact is data exposure from endpoints that should be protected. Fi...

8.7CVSS6.3AI score0.00273EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/11 12:58 a.m.5 views

CVE-2025-67718 Formio improperly authorized permission elevation through specially crafted request path

Form.io is a combined Form and API platform for Serverless applications. Versions 3.5.6 and below and 4.0.0-rc.1 through 4.4.2 contain a flaw in path handling which could allow an attacker to access protected API endpoints by sending a crafted request path. An unauthenticated or unauthorized...

8.7CVSS6.3AI score0.00273EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/11 12:0 a.m.7 views

PT-2025-50565

Form.io is a combined Form and API platform for Serverless applications. Versions 3.5.6 and below and 4.0.0-rc.1 through 4.4.2 contain a flaw in path handling which could allow an attacker to access protected API endpoints by sending a crafted request path. An unauthenticated or unauthorized...

8.7CVSS6.7AI score0.00273EPSS
Exploits0References3
OSV
OSV
added 2025/12/10 8:11 p.m.2 views

GHSA-M654-769V-QJV7 Formio improperly authorized permission elevation through specially crafted request path

Security Advisory: Unauthorized permission elevation through specially crafted request path Summary: A flaw in path handling could allow an attacker to access protected API endpoints by sending a crafted request path. This issue could result in unauthorized data disclosure under certain...

8.7CVSS6.2AI score0.00273EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/10/30 9:32 p.m.4 views

CVE-2013-10072 Nagios XI < 2012R1.6 Auto-Discovery Missing Authorization

Nagios XI versions prior to 2012R1.6 contain an authorization flaw in the Auto-Discovery functionality. Users with read-only roles could directly reach Auto-Discovery endpoints and pages that should require elevated permissions, exposing discovery results and allowing unintended access to discove...

7.2CVSS6.4AI score0.00688EPSS
Exploits0References2
CVE
CVE
added 2025/10/17 2:7 a.m.13 views

CVE-2025-6892

CVE-2025-6892, -6893, and -6894 relate to Moxa network security devices. The connected Red Hat advisories describe a set of API/authorization flaws in Moxa appliances: (CVE-2025-6892) an Incorrect Authorization flaw in API authentication that allows unauthorized privileged operations after login;...

8.7CVSS6.6AI score0.00637EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-31126

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00394EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-19645

Malicious code in bioql PyPI...

6.9CVSS6.6AI score0.0055EPSS
Exploits0References5
NVD
NVD
added 2025/09/25 4:15 p.m.7 views

CVE-2025-59841

Flag Forge is a Capture The Flag CTF platform. In versions from 2.2.0 to before 2.3.1, the FlagForge web application improperly handles session invalidation. Authenticated users can continue to access protected endpoints, such as /api/profile, even after logging out. CSRF tokens are also still...

9.8CVSS0.00394EPSS
Exploits0References2
OSV
OSV
added 2025/09/25 3:15 p.m.3 views

CVE-2025-59841 FlagForgeCTF's Improper Session Handling Allows Access After Logout

Flag Forge is a Capture The Flag CTF platform. In versions from 2.2.0 to before 2.3.1, the FlagForge web application improperly handles session invalidation. Authenticated users can continue to access protected endpoints, such as /api/profile, even after logging out. CSRF tokens are also still...

9.8CVSS6.7AI score0.00394EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/09/25 12:0 a.m.4 views

PT-2025-39418

Name of the Vulnerable Software and Affected Versions Flag Forge versions 2.2.0 through 2.3.0 Description Flag Forge improperly manages session invalidation. After a user logs out, they can still access protected endpoints, such as /api/profile, and CSRF tokens remain valid. This allows continued...

9.8CVSS6.6AI score0.00394EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/08/12 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2022-42260

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NVIDIA vGPU Display Driver for Linux guest contains a vulnerability in a D-Bus configuration file, where an unauthorized user in the guest VM can impact protect...

7.8CVSS7.3AI score0.00255EPSS
Exploits0References3
Rows per page
Query Builder