Lucene search
K

406 matches found

BDU FSTEC
BDU FSTEC
added 2025/03/24 12:0 a.m.7 views

The vulnerability of the VMware Aria Automation (formerly vRealize Automation) automation software and the VMware Cloud Foundation virtualization platform, related to insufficient validation of incoming requests, allows a attacker to perform an SSRF attack.

The vulnerability of the VMware Aria Automation formerly vRealize Automation and VMware Cloud Foundation virtualization platform lies in the insufficient verification of incoming requests. Exploiting this vulnerability allows a malicious actor to execute an SSRF attack by sending a specially...

4.3CVSS5.5AI score0.00252EPSS
Exploits0References3
OSV
OSV
added 2025/03/19 6:12 p.m.7 views

GHSA-WQ9G-9VFC-CFQ9 Improper Handling of Highly Compressed Data (Data Amplification) in github.com/getkin/kin-openapi/openapi3filter

Summary When validating a request with a multipart/form-data schema, if the OpenAPI schema allows it, an attacker can upload a crafted ZIP file e.g., a ZIP bomb, causing the server to consume all available system memory. Details The root cause comes from the ZipFileBodyDecoder, which is registere...

7.5CVSS7.1AI score0.00497EPSS
Exploits0References8
OSV
OSV
added 2025/03/13 10:38 p.m.4 views

GHSA-H42X-XX2Q-6V6G Flowise Pre-auth Arbitrary File Upload

Summary An unauthorized attacker can leverage the whitelisted route /api/v1/attachments to upload arbitrary files when the storageType is set to local default. Details When a new request arrives, the system first checks if the URL starts with /api/v1/. If it does, the system then verifies whether...

9.3CVSS7.5AI score0.00611EPSS
Exploits1References3
Veracode
Veracode
added 2025/03/12 10:34 a.m.16 views

Cross-Site Request Forgery (CSRF)

org.jenkins-ci.main, jenkins-core is vulnerable to Cross-site request forgery CSRF. The vulnerability is due to improper request validation, which allows unauthorized state changes in Jenkins' UI when a user unknowingly triggers a malicious request...

5.4CVSS6.6AI score0.0041EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/03/11 12:0 a.m.6 views

PT-2025-10924 · Unknown · Skrill Official

Name of the Vulnerable Software and Affected Versions: Skrill Official versions 1.0.0 through 1.0.65 Description: The issue is related to a Cross-Site Request Forgery CSRF problem. This means that an attacker can trick a user into performing unintended actions on a web application that the user i...

8.8CVSS9.3AI score0.0018EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/02/13 12:0 a.m.9 views

PT-2025-7193

Name of the Vulnerable Software and Affected Versions: Post Thumbs versions n/a through 1.5 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application,...

7.1CVSS7.4AI score0.00129EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/02/13 12:0 a.m.3 views

GatesAir Maxiva 安全漏洞

GatesAir Maxiva is a series of transmitters from GatesAir USA. A security vulnerability exists in the GatesAir Maxiva UAXT Transmitter and VAXT Transmitter that stems from improperly validated POST request processing when debug mode is enabled, resulting in remote code execution...

7.2CVSS7.9AI score0.00932EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 11:29 a.m.7 views

CVE-2024-34084

Minder's HandleGithubWebhook is susceptible to a denial of service attack from an untrusted HTTP request. The vulnerability exists before the request has been validated, and as such the request is still untrusted at the point of failure. This allows an attacker with the ability to send requests t...

7.5CVSS6.5AI score0.00593EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 9:18 a.m.6 views

CVE-2024-56200

Altair is a fork of Misskey v12. Affected versions lack of request validation and lack of authentication in the image proxy for compressing and resizing remote files could allow attacks that could affect availability, such as by abnormally increasing the CPU usage of the server on which this...

8.6CVSS7.1AI score0.00579EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/16 12:0 a.m.3 views

PT-2025-5101 · Unknown · Style Admin

Name of the Vulnerable Software and Affected Versions: Style Admin versions n/a through 1.4.3 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web applicatio...

7.1CVSS9.3AI score0.00195EPSS
Exploits0References3
Ubuntu
Ubuntu
added 2025/01/14 1:40 p.m.20 views

USN-7203-1: PowerDNS vulnerabilities

Wei Hao discovered that PowerDNS Authoritative Server incorrectly handled memory when accessing certain files. An attacker could possibly use this issue to achieve arbitrary code execution. CVE-2018-1046 It was discovered that PowerDNS Authoritative Server and PowerDNS Recursor incorrectly handle...

9.3CVSS7AI score0.06041EPSS
Exploits0
NVD
NVD
added 2024/12/19 7:15 p.m.13 views

CVE-2024-56200

Altair is a fork of Misskey v12. Affected versions lack of request validation and lack of authentication in the image proxy for compressing and resizing remote files could allow attacks that could affect availability, such as by abnormally increasing the CPU usage of the server on which this...

8.6CVSS0.00579EPSS
Exploits0References3
OSV
OSV
added 2024/12/19 6:43 p.m.4 views

CVE-2024-56200 Uncontrolled Recursion and Asymmetric Resource Consumption in Altair media/file proxy

Altair is a fork of Misskey v12. Affected versions lack of request validation and lack of authentication in the image proxy for compressing and resizing remote files could allow attacks that could affect availability, such as by abnormally increasing the CPU usage of the server on which this...

8.6CVSS7AI score0.00579EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/12/19 6:43 p.m.21 views

CVE-2024-56200 Uncontrolled Recursion and Asymmetric Resource Consumption in Altair media/file proxy

Altair is a fork of Misskey v12. Affected versions lack of request validation and lack of authentication in the image proxy for compressing and resizing remote files could allow attacks that could affect availability, such as by abnormally increasing the CPU usage of the server on which this...

8.6CVSS0.00579EPSS
Exploits0References3
CVE
CVE
added 2024/12/19 6:43 p.m.50 views

CVE-2024-56200

CVE-2024-56200 affects Altair (fork of Misskey v12). Affected versions lack request validation and authentication in the image proxy used for compressing/resizing remote files, enabling attacks that can degrade availability by spiking CPU or network load. The issue is fixed in v12.24Q4.1; upgradi...

8.6CVSS8.7AI score0.00579EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2024/12/18 12:0 a.m.8 views

The vulnerability of the Ruijie Reyee OS operating system’s proxy server allows a hacker to execute an SSRF attack.

The vulnerability of the Ruijie Reyee OS operating system’s proxy server is related to insufficient checking of requests on the server side. Exploiting this vulnerability allows a remote attacker to execute an SSRF attack...

10CVSS8.3AI score0.00605EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/12/16 12:0 a.m.4 views

PT-2024-36254 · Gitsync · Gitsync

Name of the Vulnerable Software and Affected Versions: GitSync versions n/a through 1.1.0 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Code Injection. This means an attacker can trick a user into performing unintended actions on a web application,...

9.6CVSS7.2AI score0.00282EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/12/16 12:0 a.m.6 views

PT-2024-36272 · Unknown · Push Monkey Pro – Web Push Notifications +1

Name of the Vulnerable Software and Affected Versions: Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart versions n/a through 3.9 Description: The issue is a Cross-Site Request Forgery CSRF problem, which allows for Cross Site Request Forgery. This means an attacker can tric...

7.1CVSS7AI score0.00206EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2024/12/12 12:0 a.m.20 views

The vulnerability of the Adobe Document Service component in the SAP NetWeaver AS for Java software for creating and deploying web applications allows a attacker to perform an SSRF attack.

The vulnerability of the Adobe Document Service component in the SAP NetWeaver AS for Java web application development and deployment framework is related to insufficient validation of incoming requests. Exploiting this vulnerability allows a malicious actor to execute an SSRF attack using a...

9.1CVSS8AI score0.00892EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/12/02 12:0 a.m.6 views

The vulnerability of the Notes Station application for QNAP network storage, related to insufficient validation of incoming requests, allows a intruder to gain unauthorized access to protected information.

The vulnerability of the Notes Station application for QNAP network storage devices is related to insufficient checking of incoming requests. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information by manipulating requests sent...

9CVSS5.5AI score0.0063EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder