Lucene search
K

48 matches found

CNNVD
CNNVD
added 2025/11/13 12:0 a.m.3 views

Anubis 输入验证错误漏洞

Anubis is a tool for Xe Iaso Individual Developers. An input validation error vulnerability exists in Anubis versions prior to 1.23.0, which stems from sub-request authentication not validating the redirection URL, which could result in a redirection to an arbitrary URL scheme...

5.1CVSS6.7AI score0.00483EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2013-1245

Malware in sbrugna...

4.3CVSS6.4AI score0.018EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2010-4655

Malware in sbrugna...

5CVSS6.4AI score0.02029EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2025/07/16 12:0 a.m.4 views

The vulnerability of the Sherpa Orchestrator component of the Sherpa RPA process automation platform allows a hacker to perform a CSRF attack.

The vulnerability of the Sherpa Orchestrator component of the Sherpa RPA process automation platform is related to insufficient verification of the authenticity of executed requests. Exploiting this vulnerability may allow a remote attacker to carry out a CSRF attack...

5CVSS5.5AI score
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 3:3 a.m.9 views

CVE-2013-1205

The Event Center module in Cisco WebEx Meetings Server does not perform request authentication in all intended circumstances, which allows remote attackers to discover host keys and event passwords via crafted URLs, aka Bug ID CSCue62485...

4.3CVSS7.2AI score0.018EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/10/25 12:0 a.m.28 views

CVE-2022-30355

OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /profile/updateProfile via the userId and email parameters. Authentication is required...

0.00459EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/25 12:0 a.m.13 views

CVE-2022-30359

OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserList. Authentication is required. The information disclosed is associated with the all registered users, including user ID, status, email address, roles, user type, license type,...

6.6AI score0.00274EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/09/25 12:0 a.m.6 views

Cisco IOS XE Software 安全漏洞

Cisco IOS XE Software is an operating system from Cisco, Inc. Used as a single operating system for enterprise wired and wireless access, aggregation, core, and WAN, Cisco IOS XE reduces business and network complexity. A security vulnerability exists in Cisco IOS XE Software that stems from...

6.5CVSS6.8AI score0.00417EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/10/10 12:0 a.m.6 views

The vulnerability of Acronis Cyber Protect 15’s data protection software lies in its insufficient verification of the authenticity of executed requests, allowing attackers to access confidential information.

The vulnerability of Acronis Cyber Protect 15 software-related data protection software lies in the insufficient verification of the authenticity of executed requests. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to confidential information...

10CVSS5.3AI score0.00239EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/10/06 12:0 a.m.7 views

The vulnerability of the IoT Cassia Access Controller’s access control software allows a hacker to perform a CSRF attack.

The vulnerability of the IoT Cassia Access Controller software for managing access to wireless networks is related to insufficient verification of the authenticity of the requests being made. Exploiting this vulnerability could allow a malicious actor to execute a CSRF attack from a remote locati...

10CVSS7.8AI score0.00888EPSS
Exploits1References3Affected Software1
0day.today
0day.today
added 2023/04/10 12:0 a.m.235 views

ever gauzy v0.281.9 - JWT weak HMAC secret Vulnerability

Exploit Title: ever gauzy v0.281.9 - JWT weak HMAC secret Author: nu11secur1ty Vendor: https://gauzy.co/ Software: https://github.com/ever-co/ever-gauzy/releases/tag/v0.281.9 Reference: https://portswigger.net/kb/issues/00200903jwt-weak-hmac-secret Description: It was, detected a JWT signed using...

6.8AI score
Exploits0
CNNVD
CNNVD
added 2022/06/02 12:0 a.m.4 views

Horde Groupware Webmail 跨站请求伪造漏洞

Horde Groupware Webmail is a browser-based, enterprise-class communications suite from Horde, Inc. PHP is a scripting language that executes on the server side. A cross-site request forgery vulnerability exists in Horde Groupware Webmail that stems from insufficient authentication of the source o...

8CVSS7.7AI score0.70276EPSS
Exploits1References7
PyPA
PyPA
added 2021/10/06 6:15 p.m.6 views

PYSEC-2021-363

Scrapy is a high-level web crawling and scraping framework for Python. If you use HttpAuthMiddleware i.e. the httpuser and httppass spider attributes for HTTP authentication, all requests will expose your credentials to the request target. This includes requests generated by Scrapy components, su...

6.5CVSS7.1AI score0.01196EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2021/06/11 4:15 p.m.34 views

CVE-2021-22904

The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses authenticateorrequestwithhttptoken or...

7.5CVSS6.8AI score0.04808EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2021/06/11 3:49 p.m.29 views

CVE-2021-22904

The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses authenticateorrequestwithhttptoken or...

7.5CVSS6.5AI score0.04808EPSS
Exploits1
Veracode
Veracode
added 2021/05/06 6:23 a.m.24 views

Denial Of Service (DoS)

actionpack is vulnerable to denial of service. An attacker is able to use authenticateorrequestwithhttptoken or authenticatewithhttptoken for request authentication to cause an application crash...

7.5CVSS3.6AI score0.04808EPSS
Exploits1References4Affected Software3
Github Security Blog
Github Security Blog
added 2021/05/05 7:49 p.m.83 views

Possible DoS Vulnerability in Action Controller Token Authentication

There is a possible DoS vulnerability in the Token Authentication logic in Action Controller. Versions Affected: = 4.0.0 Not affected: 4.0.0 Fixed Versions: 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 Impact ------ Impacted code uses authenticateorrequestwithhttptoken or authenticatewithhttptoken for reques...

7.5CVSS7.6AI score0.04808EPSS
Exploits1References11Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/04/06 12:0 a.m.7 views

The vulnerability of the EEM driver (Ethernet Emulation Mode) of the microprogramming software for smart card readers from the OMNIKEY 5427 and OMNIKEY 5127 series allows a hacker to perform cross-site scripting attacks.

The vulnerability of the EEM driver Ethernet Emulation Mode of the microprogramming software for smart card readers from the OMNIKEY 5427 and OMNIKEY 5127 series is related to insufficient verification of the authenticity of the requests being sent. Exploiting this vulnerability allows a maliciou...

8.8CVSS7.3AI score0.00727EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2019/08/13 12:0 a.m.6 views

The vulnerability of the FortiOS operating system allows a perpetrator to disclose sensitive information or perform unauthorized user disconnection operations.

The vulnerability of the FortiOS operating system relates to an error in the handling of the Payload parameter and the lack of verification of request authenticity. Exploiting this vulnerability allows a malicious actor to perform cross-site forgery of requests to the /logindisconnect/currentadmi...

4.9CVSS5.3AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/05/16 12:0 a.m.4 views

The vulnerability in the web interface for managing Cisco HyperFlex hyper-converged infrastructure allows a attacker to execute arbitrary code.

The vulnerability of the web interface for managing Cisco HyperFlex hyper-converged infrastructure is related to insufficient verification of the authenticity of executed requests. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted link...

6.4CVSS7.5AI score0.00592EPSS
Exploits0References3
Rows per page
Query Builder