Lucene search
K

110 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-29105

Malicious code in bioql PyPI...

5.3CVSS4.9AI score0.00317EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2021-29963

Malicious code in bioql PyPI...

6.1CVSS6.3AI score0.02293EPSS
Exploits4References3
NVD
NVD
added 2025/09/14 2:15 a.m.4 views

CVE-2025-10386

A vulnerability was found in Yida ECMS Consulting Enterprise Management System 1.0. This affects an unknown part of the file /login.do of the component POST Request Handler. The manipulation of the argument requestUrl results in cross site scripting. It is possible to launch the attack remotely...

5.3CVSS0.00317EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/09/14 1:32 a.m.11 views

CVE-2025-10386 Yida ECMS Consulting Enterprise Management System POST Request login.do cross site scripting

A vulnerability was found in Yida ECMS Consulting Enterprise Management System 1.0. This affects an unknown part of the file /login.do of the component POST Request Handler. The manipulation of the argument requestUrl results in cross site scripting. It is possible to launch the attack remotely...

5.3CVSS0.00317EPSS
Exploits0References4
NVD
NVD
added 2025/09/09 9:15 p.m.11 views

CVE-2025-58765

wabac.js provides a full web archive replay system, or 'wayback machine', using Service Workers. A Reflected Cross-Site Scripting XSS vulnerability exists in the 404 error handling logic of wabac.js v2.23.10 and below. The parameter requestURL derived from the original request target is directly...

7.1CVSS0.00237EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/09/09 8:16 p.m.3 views

CVE-2025-58765 wabac.js has XSS vulnerability in 404 error handling logic

wabac.js provides a full web archive replay system, or 'wayback machine', using Service Workers. A Reflected Cross-Site Scripting XSS vulnerability exists in the 404 error handling logic of wabac.js v2.23.10 and below. The parameter requestURL derived from the original request target is directly...

7.1CVSS5.3AI score0.00237EPSS
Exploits0References3
OSV
OSV
added 2025/09/09 8:16 p.m.4 views

CVE-2025-58765 wabac.js has XSS vulnerability in 404 error handling logic

wabac.js provides a full web archive replay system, or 'wayback machine', using Service Workers. A Reflected Cross-Site Scripting XSS vulnerability exists in the 404 error handling logic of wabac.js v2.23.10 and below. The parameter requestURL derived from the original request target is directly...

7.1CVSS5.7AI score0.00237EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/09/09 12:0 a.m.9 views

PT-2025-36954

Name of the Vulnerable Software and Affected Versions: wabac.js versions 2.23.10 and below Description: wabac.js provides a full web archive replay system using Service Workers. A Reflected Cross-Site Scripting XSS vulnerability exists in the 404 error handling logic. The requestURL parameter,...

7.1CVSS5.5AI score0.00237EPSS
Exploits0References12
CNNVD
CNNVD
added 2025/09/09 12:0 a.m.3 views

wabac.js 跨站脚本漏洞

wabac.js is an open source archive browsing client for Webrecorder. A cross-site scripting vulnerability exists in wabac.js version 2.23.10 and earlier, which stems from an uncleaned and unescaped requestURL parameter that could lead to a reflective cross-site scripting attack...

7.1CVSS5.8AI score0.00237EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/22 3:54 p.m.7 views

CVE-2020-15769

An issue was discovered in Gradle Enterprise 2020.2 - 2020.2.4. An XSS issue exists via the request URL...

6.1CVSS6.1AI score0.00655EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/21 9:43 p.m.8 views

CVE-2008-7191

Unspecified vulnerability in Polipo before 1.0.4 allows remote attackers to cause a denial of service crash via a long request URL...

5CVSS6.8AI score0.01158EPSS
Exploits0References1
Veracode
Veracode
added 2025/04/10 7:59 a.m.8 views

Host Header Injection

@react-router/express, @remix-run/express is vulnerable to Host header injection. The vulnerability exists due to improper validation of the Host and X-Forwarded-Host headers, allowing attackers to spoof the request URL by injecting a pathname into the port section of the header...

7.5CVSS7.4AI score0.01151EPSS
Exploits0References3Affected Software2
Snyk
Snyk
added 2024/12/20 6:31 p.m.2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization through the manipulation of the notification ID in the request URL by a logged-in attacker. This issue due to insufficient authorization checks, enabling attackers to view sensitive mail details belonging to othe...

5.3CVSS6.7AI score0.00274EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/10/29 12:46 p.m.27 views

CVE-2024-7474 IDOR in lunary-ai/lunary

In version 1.3.2 of lunary-ai/lunary, an Insecure Direct Object Reference IDOR vulnerability exists. A user can view or delete external users by manipulating the 'id' parameter in the request URL. The application does not perform adequate checks on the 'id' parameter, allowing unauthorized access...

9.1CVSS0.00477EPSS
Exploits1References2
CVE
CVE
added 2024/08/13 3:36 a.m.97 views

CVE-2024-33003

CVE-2024-33003 affects SAP Commerce Cloud via the OCC API Endpoint component. The root issue is that certain OCC API endpoints may include PII (passwords, emails, mobile numbers, coupon/voucher codes) in the request URL as query or path parameters, leading to potential disclosure and integrity im...

9.1CVSS7.4AI score0.00475EPSS
Exploits0References2Affected Software1
Kitploit
Kitploit
added 2024/06/24 12:30 p.m.96 views

Hfinger - Fingerprinting HTTP Requests

Tool for Fingerprinting HTTP requests of malware. Based on Tshark and written in Python3. Working prototype stage :- Its main objective is to provide unique representations fingerprints of malware requests, which help in their identification. Unique means here that each fingerprint should be seen...

7AI score
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/04/22 12:0 a.m.50 views

Request URL Override

Web application components can sometimes rely on request HTTP headers like 'X-Original-URL' or 'X-Rewrite-URL' to override the original path of this request. Attackers can leverage this vulnerability to conduct further attacks in order to bypass restrictions or conduct cache poisonning attacks. N...

6.5CVSS7.2AI score0.58061EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2024/04/04 12:0 a.m.6 views

The vulnerability of the Grafana monitoring and observation platform, related to deficiencies in access control lists (ACLs), allows attackers to circumvent existing access restrictions.

The vulnerability of the Grafana monitoring and observation platform relates to bypassing a list of restrictions by using punycode encoding in the request URL. Exploiting this vulnerability allows an attacker to circumvent existing access restrictions remotely...

8.3CVSS7.2AI score0.01082EPSS
Exploits0References3Affected Software2
Veracode
Veracode
added 2024/02/14 8:16 a.m.16 views

Path Traversal

mapshaper is vulnerable to Path Traversal. The vulnerability is caused due to not sanitizing the request URL path when a request is received. This allows an attacker to read any file in the system with privilege of the user running the mapshaper-gui...

7.1CVSS6.9AI score0.00408EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2024/01/24 2:3 p.m.17 views

Path Traversal

@hono/node-server is vulnerable to Path Traversal. The vulnerability is due to improper url string validation in src/request.ts, allowing an attacker to use .. in the request URL to access arbitrary files on the static server...

5.3CVSS6.8AI score0.00722EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder