Lucene search
K

183 matches found

OSV
OSV
added 2023/12/15 11:15 p.m.4 views

CVE-2023-28022

HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data...

6.5CVSS5.8AI score0.00502EPSS
Exploits0References1
NVD
NVD
added 2023/12/15 11:15 p.m.16 views

CVE-2023-28022

HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data...

6.5CVSS0.00502EPSS
Exploits0References1
CVE
CVE
added 2023/12/15 10:42 p.m.42 views

CVE-2023-28022

CVE-2023-28022 affects HCL Connections and is described as an information-disclosure vulnerability caused by improper handling of request data. The NVD entry assigns CVSS v3.1 base score 6.5 (Medium) with Network attack vector, Low attack complexity, Privileges required: Low, User interaction: No...

6.5CVSS4.4AI score0.00502EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/12/15 10:42 p.m.21 views

CVE-2023-28022 HCL Connections is vulnerable to sensitive information disclosure

HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data...

3.5CVSS6.4AI score0.00502EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/12/15 12:0 a.m.4 views

HCL Technologies HCL Connections Security Breach

HCL Technologies HCL Connections is a suite of enterprise collaboration platforms from US-based HCL Technologies. HCL Connections suffers from a security vulnerability that stems from susceptibility to an information disclosure vulnerability that could allow users to obtain sensitive information ...

6.5CVSS6AI score0.00502EPSS
Exploits0References2
OSV
OSV
added 2023/12/06 6:31 p.m.3 views

GHSA-XFV5-JQGP-VQHJ Quarkus Cache Runtime exposes sensitive information to an unauthorized actor

A flaw was found in the Quarkus Cache Runtime. When request processing utilizes a Uni cached using @CacheResult and the cached Uni reuses the initial "completion" context, the processing switches to the cached Uni instead of the request context. This is a problem if the cached Uni context contain...

5.3CVSS5.9AI score0.00631EPSS
Exploits0References8
Packet Storm
Packet Storm
added 2023/12/04 12:0 a.m.280 views

PHPJabbers Appointment Scheduler 3.0 Missing Rate Limiting

Exploit Title: PHPJabbers Apointment Scheduler v3.0 - No Rate Limit in Email Date: 19/11/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/appointment-scheduler/ Version: v3.0 Tested on: Windows...

7.4AI score0.01051EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/12/04 12:0 a.m.521 views

PHPJabbers Time Slots Booking Calendar 4.0 Missing Rate Limiting

Exploit Title: PHPJabbers Time Slots Booking Calendar v4.0 - No Rate Limit in Email Date: 19/11/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/time-slots-booking-calendar/ Version: v4.0 Tested...

7.4AI score0.01051EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2023/11/29 12:12 p.m.12 views

python-werkzeug: high resource usage when parsing multipart form data with many fields

A flaw was found in python-werkzeug. Werkzeug is multipart form data parser, that will parse an unlimited number of parts, including file parts. These parts can be a small amount of bytes, but each requires CPU time to parse, and may use more memory as Python data. If a request can be made to an...

7.5CVSS7AI score0.0142EPSS
Exploits0References7
0day.today
0day.today
added 2023/11/20 12:0 a.m.450 views

GaatiTrack Courier Management System 1.0 Cross Site Scripting Vulnerability

Exploit Title: GaatiTrack Courier Management System v1.0 - Multiple Cross-site scripting Exploit Author: BugsBD Security Researcher Rahad Chowdhury Vendor Homepage: https://www.mayurik.com/ Software Link: https://www.mayurik.com/source-code/P0998/best-courier-management-system-project-in-php...

6.1CVSS6.3AI score0.00615EPSS
Exploits3
Positive Technologies
Positive Technologies
added 2023/11/13 12:0 a.m.4 views

PT-2023-31538 · Camera · Camera

Name of the Vulnerable Software and Affected Versions: Camera affected versions not specified Description: A flaw has been discovered that allows for authenticated command injection on the camera. An attacker could inject malicious data into request packets to execute commands. Recommendations: A...

7.2CVSS7.4AI score0.01513EPSS
Exploits0References5
OSV
OSV
added 2023/10/10 6:15 p.m.7 views

DEBIAN-CVE-2023-42795

Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling...

5.3CVSS7AI score0.0216EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/10/10 12:0 a.m.7 views

Apache Tomcat Security Vulnerability

Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server . Used to implement support for Servlet and JavaServer Page JSP. A security vulnerability exists in Apache Tomcat, which stems from a security hole when recycling internal objects, leading to the...

5.3CVSS8.9AI score0.0216EPSS
Exploits1References12
Positive Technologies
Positive Technologies
added 2023/09/19 12:0 a.m.5 views

PT-2023-6629 · Mastodon · Mastodon

Name of the Vulnerable Software and Affected Versions: Mastodon versions 4.2.0-beta1 through 4.2.0-rc1 Description: The issue is related to insufficient request validation on the server side, allowing attackers to inject arbitrary data into HTTP requests issued by Mastodon. This can be used to...

7.8CVSS7.3AI score0.00386EPSS
Exploits0References17
RedHat Linux
RedHat Linux
added 2023/05/18 12:14 a.m.1 views

python-werkzeug: high resource usage when parsing multipart form data with many fields

A flaw was found in python-werkzeug. Werkzeug is multipart form data parser, that will parse an unlimited number of parts, including file parts. These parts can be a small amount of bytes, but each requires CPU time to parse, and may use more memory as Python data. If a request can be made to an...

7.5CVSS7AI score0.0142EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2023/04/19 7:17 p.m.2 views

python-werkzeug: high resource usage when parsing multipart form data with many fields

A flaw was found in python-werkzeug. Werkzeug is multipart form data parser, that will parse an unlimited number of parts, including file parts. These parts can be a small amount of bytes, but each requires CPU time to parse, and may use more memory as Python data. If a request can be made to an...

7.5CVSS7AI score0.0142EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2023/03/15 7:58 p.m.26 views

python-werkzeug: high resource usage when parsing multipart form data with many fields

A flaw was found in python-werkzeug. Werkzeug is multipart form data parser, that will parse an unlimited number of parts, including file parts. These parts can be a small amount of bytes, but each requires CPU time to parse, and may use more memory as Python data. If a request can be made to an...

7.5CVSS7AI score0.0142EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2023/03/01 9:45 p.m.6 views

keycloak: user impersonation via stolen uuid code

A flaw was found in Keycloak's OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issu...

5CVSS6.3AI score0.01274EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:7 a.m.4 views

SUSE CVE-2008-4308

The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request...

2.6CVSS5.1AI score0.03914EPSS
Exploits2References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:39 a.m.4 views

SUSE CVE-2013-2071

java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other application...

2.6CVSS6.2AI score0.06501EPSS
Exploits2References4
Rows per page
Query Builder