Lucene search
K

426 matches found

Debian CVE
Debian CVE
added 2024/10/30 9:21 p.m.15 views

CVE-2024-10086

A vulnerability was identified in Consul and Consul Enterprise such that the server response did not explicitly set a Content-Type HTTP header, allowing user-provided inputs to be misinterpreted and lead to reflected XSS...

6.1CVSS6.9AI score0.00427EPSS
Exploits0
CNNVD
CNNVD
added 2024/10/30 12:0 a.m.3 views

HashiCorp Consul 安全漏洞

HashiCorp Consul is a suite of distributed, highly available data center-aware solutions from HashiCorp, USA. The product is used to connect and configure applications across dynamically distributed infrastructures. A security vulnerability exists in HashiCorp Consul that stems from a server...

6.1CVSS6.3AI score0.00427EPSS
Exploits0References2
CVE
CVE
added 2024/10/30 12:0 a.m.55 views

CVE-2024-48648

CVE-2024-48648 (Sage 1000 v7.0.0) is a Reflected Cross-Site Scripting (XSS) vulnerability where malicious input in a URL is reflected in the server response without proper sanitization. Affected product: Sage 1000, version 7.0.0. The connected sources confirm the vulnerability exists as described...

6.1CVSS5.8AI score0.00325EPSS
Exploits2References1Affected Software1
NVD
NVD
added 2024/10/29 1:15 p.m.20 views

CVE-2024-7010

mudler/localai version 2.17.1 is vulnerable to a Timing Attack. This type of side-channel attack allows an attacker to compromise the cryptosystem by analyzing the time taken to execute cryptographic algorithms. Specifically, in the context of password handling, an attacker can determine valid...

7.5CVSS0.00533EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2024/10/24 3:18 a.m.3 views

SUSE CVE-2024-49999

In the Linux kernel, the following vulnerability has been resolved: afs: Fix the setting of the server responding flag In afswaitforoperation, we set transcribe the call responded flag to the server record that we used after doing the fileserver iteration loop - but it's possible to exit the loop...

5.5CVSS7.7AI score0.0023EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/10/21 12:0 a.m.4 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a potential issue with the afs component in the server response flag setting...

5.5CVSS7.6AI score0.0023EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/09/12 12:0 a.m.5 views

ORDAT FOSS-Online 安全漏洞

ORDAT FOSS-Online is an enterprise resource management solution from ORDAT. A security vulnerability exists in ORDAT FOSS-Online prior to 2.24.01, which stems from the presence of a user enumeration vulnerability that could allow an attacker to determine if an account exists in the application by...

5.3CVSS6.6AI score0.0038EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/09/04 3:43 p.m.49 views

CVE-2024-45052 Fides Webserver Authentication Timing-Based Username Enumeration Vulnerability

Fides is an open-source privacy engineering platform. Prior to version 2.44.0, a timing-based username enumeration vulnerability exists in Fides Webserver authentication. This vulnerability allows an unauthenticated attacker to determine the existence of valid usernames by analyzing the time it...

5.3CVSS0.00552EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.428 views

WordPress Simple Backup File Read

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Simple Backup File Read Vulnerability', 'Description' = %q This module exploits a directory traversal vulnerability in WordPress Plugin...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.283 views

MantisBT Admin SQL Injection Arbitrary File Read

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "MantisBT Admin SQL Injection Arbitrary File Read", 'Description' = %q Versions 1.2.13 through 1.2.16 are vulnerable to a SQL injection attack if ...

6.5CVSS7AI score0.11311EPSS
Exploits8
Hacker One
Hacker One
added 2024/07/30 7:32 a.m.629 views

Zomato: OTP Bypass via Response Manipulation

OTP One-Time Password bypass via response manipulation is a technique where an attacker intercepts and alters the server's response to bypass the OTP verification step. Response Manipulation: The attacker manipulates the server's response. For example, they might change a response indicating OTP...

7.1AI score
Exploits0
AlpineLinux
AlpineLinux
added 2024/07/02 9:28 p.m.26 views

CVE-2024-24791

The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational 200 or higher status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail...

7.5CVSS7.1AI score0.01414EPSS
Exploits0
OSV
OSV
added 2024/06/11 4:15 p.m.6 views

CVE-2024-5813

A medium severity vulnerability in BIPS has been identified where an authenticated attacker with high privileges can access the SSH private keys via an information leak in the server response...

4.9CVSS5.7AI score0.00406EPSS
Exploits0References1
NVD
NVD
added 2024/06/11 4:15 p.m.19 views

CVE-2024-5813

A medium severity vulnerability in BIPS has been identified where an authenticated attacker with high privileges can access the SSH private keys via an information leak in the server response...

5.9CVSS0.00406EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/11 3:34 p.m.22 views

CVE-2024-5813 SSH Private Key Leak in BeyondInsight PasswordSafe

A medium severity vulnerability in BIPS has been identified where an authenticated attacker with high privileges can access the SSH private keys via an information leak in the server response...

5.9CVSS6.5AI score0.00406EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/11 3:34 p.m.32 views

CVE-2024-5813 SSH Private Key Leak in BeyondInsight PasswordSafe

A medium severity vulnerability in BIPS has been identified where an authenticated attacker with high privileges can access the SSH private keys via an information leak in the server response...

5.9CVSS0.00406EPSS
Exploits0References1
CVE
CVE
added 2024/06/11 3:34 p.m.67 views

CVE-2024-5813

CVE-2024-5813 affects BeyondInsight Password Safe (BIPS). An authenticated attacker with high privileges can exploit an information leak in the server response to access SSH private keys, exposing highly sensitive material. The vulnerability targets the confidentiality of SSH keys via a disclosur...

5.9CVSS5.5AI score0.00406EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/06/11 12:0 a.m.5 views

BeyondInsight Information Disclosure Vulnerability

BeyondInsight is a Privileged Access Management PAM reporting platform from BeyondTrust USA. An information disclosure vulnerability exists in BeyondInsight Password Safe, which originates from an authenticated attacker with elevated privileges who can access SSH private keys via information...

5.9CVSS6.1AI score0.00406EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/05/20 5:7 p.m.21 views

Passbolt API Stored XSS on first/last name during setup

Description An administrator can craft a user with a malicious first name and last name, using a payload such as '; ? The user will then receive the invitation email and click on the setup link. The setup start page served by the server will fire the XSS. Impact of issue An administrator could us...

6.9AI score
Exploits0References5Affected Software1
RedHat Linux
RedHat Linux
added 2024/04/30 9:55 a.m.6 views

libnbd: Crash or misbehaviour when NBD server returns an unexpected block size

A flaw was found in libnbd. A server can reply with a block size larger than 2^63 the NBD spec states the size is a 64-bit unsigned value. This issue could lead to an application crash or other unintended behavior for NBD clients that doesn't treat the return value of the nbdgetsize function...

6.5CVSS5.8AI score0.00746EPSS
Exploits1References5
Rows per page
Query Builder