Lucene search
K

56012 matches found

OSV
OSV
added 2025/11/12 5:15 p.m.8 views

AZL-70184 CVE-2025-59088 affecting package python-kdcproxy 0.4.2-5

If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request f...

8.6CVSS5.9AI score0.00397EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/11/12 4:40 p.m.2 views

CVE-2025-59089

If an attacker causes kdcproxy to connect to an attacker-controlled KDC server e.g. through server-side request forgery, they can exploit the fact that kdcproxy does not enforce bounds on TCP response length to conduct a denial-of-service attack. While receiving the KDC's response, kdcproxy copie...

5.9CVSS6.1AI score0.00453EPSS
Exploits0References18
CVE
CVE
added 2025/11/12 4:40 p.m.20 views

CVE-2025-59089

CVE-2025-59089 is a DoS in python-kdcproxy caused by unbounded TCP buffering and permissive handling of response chunks, enabling memory/CPU exhaustion when kdcproxy connects to attacker-controlled KDCs. Related issue CVE-2025-59088 concerns SSRF via DNS SRV discovery for realms, allowing probing...

5.9CVSS6.7AI score0.00453EPSS
Exploits0References17
Cvelist
Cvelist
added 2025/11/12 9:57 a.m.8 views

CVE-2025-37734 Kibana Origin Validation Error

Origin Validation Error in Kibana can lead to Server-Side Request Forgery via a forged Origin HTTP header processed by the Observability AI Assistant...

4.3CVSS0.00197EPSS
Exploits0References1
Veracode
Veracode
added 2025/11/12 5:18 a.m.4 views

Cross-site Request Forgery (CSRF)

Apollo Studio Embeddable Explorer & Embeddable Sandbox are vulnerable to cross-site request forgery CSRF. The vulnerability is due to missing origin validation in the client-side handling of window.postMessage events, which allows an attacker to send forged messages that trigger arbitrary GraphQL...

8.2CVSS6.9AI score0.00149EPSS
Exploits0References3Affected Software2
RedhatCVE
RedhatCVE
added 2025/11/12 3:47 a.m.7 views

CVE-2025-12588

The USB Qr Code Scanner For Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation on the settings page. This makes it possible for unauthenticated attackers to update the plugin's settings...

4.3CVSS5.6AI score0.00131EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/12 12:0 a.m.6 views

Elastic Kibana 安全漏洞

Elastic Kibana is an available data visualization dashboard software from Elastic. A security vulnerability exists in Elastic Kibana that stems from an Origin validation error that could lead to a server-side request forgery attack...

4.3CVSS6.7AI score0.00197EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/12 12:0 a.m.5 views

PT-2025-46566

Name of the Vulnerable Software and Affected Versions Asgaros Forum plugin for WordPress versions prior to 3.2.2 Description The software is susceptible to Cross-Site Request Forgery CSRF. This is caused by a lack of nonce validation within the set subscription level function. An unauthenticated...

4.3CVSS6.5AI score0.00133EPSS
Exploits0References7
AlmaLinux
AlmaLinux
added 2025/11/12 12:0 a.m.5 views

Important: python-kdcproxy security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

8.6CVSS7AI score0.00453EPSS
Exploits0References6
CVE
CVE
added 2025/11/12 12:0 a.m.11 views

CVE-2025-60645

CVE-2025-60645 describes a CSRF in xxl-api v1.3.0 that lets an attacker arbitrarily add users to the management module via a crafted GET request. The root cause is CSRF protection weaknesses in the management endpoints. Documented impact is the ability to mutate user accounts without authorizatio...

6.5CVSS6.3AI score0.00128EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/12 12:0 a.m.5 views

PT-2025-46676

Name of the Vulnerable Software and Affected Versions kdcproxy affected versions not specified Description An attacker can cause a denial-of-service condition by forcing kdcproxy to connect to a KDC server under the attacker’s control, potentially through server-side request forgery. kdcproxy doe...

8.6CVSS6.7AI score0.00453EPSS
Exploits0References33
AlmaLinux
AlmaLinux
added 2025/11/12 12:0 a.m.11 views

Important: idm:DL1 security update

AlmaLinux Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fixes: python-kdcproxy: Unauthenticated SSRF via Realm?Controlled DNS SRV CVE-2025-59088 python-kdcproxy: Remot...

8.6CVSS6.9AI score0.00453EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/11/12 12:0 a.m.5 views

RHEL 9 : python-kdcproxy (RHSA-2025:21139)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:21139 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

8.6CVSS5.7AI score0.00453EPSS
Exploits0References6
OSV
OSV
added 2025/11/12 12:0 a.m.6 views

ALSA-2025:21140 Important: idm:DL1 security update

AlmaLinux Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fixes: python-kdcproxy: Unauthenticated SSRF via Realm?Controlled DNS SRV CVE-2025-59088 python-kdcproxy: Remot...

8.6CVSS6.5AI score0.00453EPSS
Exploits0References6
EUVD
EUVD
added 2025/11/11 3:31 p.m.6 views

EUVD-2025-84343

A local server-side request forgery SSRF security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to trigger outbound SMB requests, enabling the capture of NTLM hashes...

8.9CVSS6AI score0.00153EPSS
Exploits0References2
NVD
NVD
added 2025/11/11 2:15 p.m.6 views

CVE-2025-11696

A local server-side request forgery SSRF security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to trigger outbound SMB requests, enabling the capture of NTLM hashes...

8.9CVSS0.00153EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/11 1:47 p.m.8 views

CVE-2025-11696 Studio 5000 ® Simulation Interface SSRF

A local server-side request forgery SSRF security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to trigger outbound SMB requests, enabling the capture of NTLM hashes...

8.9CVSS0.00153EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/11/11 4:19 a.m.8 views

WordPress Seriously Simple Podcasting plugin <= 3.13.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by daroo in WordPress Plugin Seriously Simple Podcasting versions = 3.13.0...

4.3CVSS7AI score0.00102EPSS
Exploits0Affected Software1
NVD
NVD
added 2025/11/11 4:15 a.m.9 views

CVE-2025-12132

The WP Custom Admin Login Page Logo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.8.4. This is due to missing or incorrect nonce validation on the wpclplsave functionality. This makes it possible for unauthenticated attackers to modify...

4.3CVSS0.00108EPSS
Exploits0References2
CVE
CVE
added 2025/11/11 3:30 a.m.12 views

CVE-2025-12588

CVE-2025-12588 affects the USB Qr Code Scanner For Woocommerce WordPress plugin. The WordPress plugin versions up to 1.0.0 are vulnerable to Cross-Site Request Forgery caused by missing nonce validation on the settings page, allowing unauthenticated attackers to update plugin settings via forged ...

4.3CVSS5.3AI score0.00131EPSS
Exploits0References3
Rows per page
Query Builder