Lucene search
K

25 matches found

RedhatCVE
RedhatCVE
added 2026/07/03 11:3 a.m.11 views

CVE-2026-38969

A flaw was found in WEBrick, a Ruby web server toolkit. This vulnerability allows a remote attacker to perform request smuggling by manipulating the Content-Length header in HTTP/1.1 requests. WEBrick incorrectly re-parses the trailer Content-Length, leading to a desynchronization between the pro...

6.5CVSS5.9AI score0.00352EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/04 12:46 p.m.6 views

CVE-2026-43926

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the password reset confirmation endpoint /client/reset-password-confirm/:hash is handled by a non-API controller and is not covered by FOSSBilling's rate limiter, which only applies to /api/ routes...

6.3CVSS5.8AI score0.00217EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/01 9:31 a.m.3 views

GHSA-6HCW-QQR8-PJJ8 Apache Airflow: Authenticated users can bypass the `is_safe_url` check

A bug in the login redirect route in Apache Airflow allowed authenticated users to craft URLs that bypassed the issafeurl check, enabling redirection from a trusted Airflow domain to an attacker-controlled origin. Users are advised to upgrade to apache-airflow 3.2.2 or later. As a defense-in-dept...

7.2CVSS6AI score0.00649EPSS
Exploits0References5
NVD
NVD
added 2026/06/01 9:16 a.m.15 views

CVE-2026-40961

A bug in the login redirect route in Apache Airflow allowed authenticated users to craft URLs that bypassed the issafeurl check, enabling redirection from a trusted Airflow domain to an attacker-controlled origin. Users are advised to upgrade to apache-airflow 3.2.2 or later. As a defense-in-dept...

7.2CVSS0.00649EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/01 7:55 a.m.46 views

CVE-2026-40961 Apache Airflow: Open Redirect Bypass Vulnerability

A bug in the login redirect route in Apache Airflow allowed authenticated users to craft URLs that bypassed the issafeurl check, enabling redirection from a trusted Airflow domain to an attacker-controlled origin. Users are advised to upgrade to apache-airflow 3.2.2 or later. As a defense-in-dept...

0.00649EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 7:55 a.m.11 views

CVE-2026-40961

A bug in the login redirect route in Apache Airflow allowed authenticated users to craft URLs that bypassed the issafeurl check, enabling redirection from a trusted Airflow domain to an attacker-controlled origin. Users are advised to upgrade to apache-airflow 3.2.2 or later. As a defense-in-dept...

5.8AI score0.00649EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.24 views

PT-2026-45364

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.2.2 Description A bug in the login redirect route allows authenticated users to craft URLs that bypass the is safe url check. This enables the redirection of users from a trusted Airflow domain to an origin...

7.2CVSS6AI score0.00649EPSS
Exploits0References14
EUVD
EUVD
added 2026/05/22 8:13 p.m.12 views

EUVD-2026-31499

JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, bypassing XSRF checks. The JSON API is not affecte...

5.4CVSS5.8AI score0.00159EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/05/05 6:10 p.m.15 views

JupyterHub has cross-origin form POSTs bypass XSRF (CWE-352)

Summary JupyterHub's XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, which they are not, bypassing XSRF checks. The JSON API is not affected, only HTTP form endpoints, such as /hub/spawn and /hub/accept-share, meaning attacke...

5.4CVSS5.8AI score0.00159EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/05 3:12 a.m.20 views

CVE-2026-39852

A flaw was found in io.quarkus:quarkus-vertx-http. A remote attacker can exploit an authorization bypass vulnerability by including semicolons, also known as matrix parameters, in HTTP requests. This allows bypassing path-based HTTP security policies, enabling unauthorized access to protected...

8.8CVSS5.8AI score0.00444EPSS
Exploits0References4
Snyk
Snyk
added 2026/03/27 6:17 p.m.6 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of request body size limits in unauthenticated HTTP endpoints. An attacker can exhaust server memory and cause process restarts by sending large or repeated HTTP...

8.7CVSS5.9AI score0.00434EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/14 10:1 p.m.17 views

CVE-2025-64752

grist-core is a spreadsheet hosting server. Prior to version 1.7.7, a user with access to any document on a Grist installation can use a feature for fetching from a URL that is executed on the server. The privileged network access of server-side requests could offer opportunities for attack...

6.8CVSS6.6AI score0.00222EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/13 9:43 p.m.6 views

EUVD-2025-177190

grist-core is a spreadsheet hosting server. Prior to version 1.7.7, a user with access to any document on a Grist installation can use a feature for fetching from a URL that is executed on the server. The privileged network access of server-side requests could offer opportunities for attack...

6.8CVSS6.2AI score0.00222EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/13 9:43 p.m.3 views

CVE-2025-64752 grist-core has path to server-side requests via websocket

grist-core is a spreadsheet hosting server. Prior to version 1.7.7, a user with access to any document on a Grist installation can use a feature for fetching from a URL that is executed on the server. The privileged network access of server-side requests could offer opportunities for attack...

6.8CVSS6.3AI score0.00222EPSS
Exploits0References2
CVE
CVE
added 2025/11/13 9:43 p.m.20 views

CVE-2025-64752

CVE-2025-64752 (grist-core) affects versions prior to 1.7.7, where a user with access to any document can trigger a server-side URL fetch. This grants the server privileged network access and could enable attack escalation via the websocket/URL-fetch feature. Resolution: fixed in 1.7.7; mitigatio...

6.8CVSS6.3AI score0.00222EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/11/13 9:43 p.m.6 views

CVE-2025-64752 grist-core has path to server-side requests via websocket

grist-core is a spreadsheet hosting server. Prior to version 1.7.7, a user with access to any document on a Grist installation can use a feature for fetching from a URL that is executed on the server. The privileged network access of server-side requests could offer opportunities for attack...

6.8CVSS6.6AI score0.00222EPSS
Exploits0References4
Snyk
Snyk
added 2025/10/10 5:33 p.m.6 views

Allocation of Resources Without Limits or Throttling

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...

8.7CVSS7AI score0.00605EPSS
Exploits0References2
Snyk
Snyk
added 2025/05/15 9:45 p.m.1 views

Allocation of Resources Without Limits or Throttling

Overview tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the multipart/form-data parser. An attacker can generate an extremel...

8.7CVSS6.8AI score0.00672EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/03/19 12:0 a.m.7 views

PT-2025-12331

Apache Druid and Affected Versions Apache Druid versions prior to 31.0.2 and prior to 32.0.1 Description Apache Druid is susceptible to Server-Side Request Forgery SSRF, Cross-Site Scripting XSS, and Open Redirect issues. When the Druid management proxy is used, a specially crafted URL in a reque...

7.5CVSS5.7AI score0.01656EPSS
Exploits0References26
CVE
CVE
added 2025/01/03 3:37 p.m.110 views

CVE-2024-56320

GoCD before 24.5.0 is vulnerable to admin privilege escalation via improper authorization of the admin “Configuration XML” UI and related API. An authenticated GoCD user with an existing account can access information intended only for admins or elevate privileges to admin, with exploitation requ...

9.4CVSS6.5AI score0.00727EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder