CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

287 matches found

CNNVD•added 2022/01/06 12:0 a.m.•6 views

Pac4j 数据伪造问题漏洞

Pac4j is a simple yet powerful Java security engine. Used to authenticate users, obtain their profiles and manage authorization to protect Web applications and Web services.Pac4j has a data forgery problem vulnerability that stems from the product not using a valid algorithm when validating ID...

7.5CVSS5.6AI score0.00895EPSS

Exploits0References4

CNVD•added 2021/12/01 12:0 a.m.•13 views

Nodebb licensing issue vulnerability

NodeBB is a forum system built by the Design Create Play team using Node.js, a web application platform built on top of Google's V8 JavaScript engine. an authorization issue vulnerability exists in Nodebb, which stems from a faulty token authentication logic in the product, and could be exploited...

9.8CVSS2AI score0.02294EPSS

Exploits1References1

CNNVD•added 2021/11/29 12:0 a.m.•4 views

NodeBB 授权问题漏洞

9.8CVSS5.6AI score0.02294EPSS

Exploits1References4

RedHat Linux•added 2021/11/16 3:43 p.m.•3 views

rails: Possible DoS Vulnerability in Action Controller Token Authentication

A flaw was found in RubyGem Actionpack which is framework for handling and responding to web requests in Rails. A possible DoS vulnerability was found in the Token Authentication logic in Action Controller...

7.5CVSS6.7AI score0.04808EPSS

Exploits1References5

BDU FSTEC•added 2021/10/27 12:0 a.m.•3 views

The vulnerability of the Token Authentication logic in the Action Controller component of the actionpack plugin for the Ruby on Rails software framework allows a hacker to cause a service failure due to uncontrolled resource consumption.

The vulnerability of the Token Authentication logic in the Action Controller component of the actionpack plugin for the Ruby on Rails software framework is related to insufficiently strict regular expressions. Exploiting this vulnerability could allow an attacker to cause a service failure...

7.5CVSS6.7AI score0.04808EPSS

Exploits1References10Affected Software5

Huntr•added 2021/08/04 9:53 a.m.•13 views

Cross-Site Request Forgery (CSRF) in zhongshaofa/easyadmin

✍️ Description Attacker able to add any rule with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks it is...

0.9AI score

Exploits0

CNVD•added 2021/07/23 12:0 a.m.•14 views

Combodo iTop Cross-Site Request Forgery Vulnerability (CNVD-2021-54384)

Combodo iTop is a set of open source web applications developed by Combodo France based on ITIL and used for daily operations in IT environments. The application provides event management, configuration management and issue management. iTop versions prior to Combodo 2.7.4 are vulnerable to...

8CVSS1.7AI score0.00461EPSS

Exploits0References1

OSV•added 2021/07/03 11:3 a.m.•3 views

OESA-2021-1248 rubygem-actionpack security update

Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling easy unit/integration testing that doesn't require a browser. Security Fixes: The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers fro...

7.5CVSS7AI score0.04808EPSS

Exploits1References2

NVD•added 2021/06/11 4:15 p.m.•18 views

CVE-2021-22904

The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses authenticateorrequestwithhttptoken or...

7.5CVSS0.04808EPSS

Exploits1References3

OSV•added 2021/06/11 4:15 p.m.•1 views

DEBIAN-CVE-2021-22904

7.5CVSS6.5AI score0.04808EPSS

Exploits1References1

OSV•added 2021/06/11 4:15 p.m.•33 views

CVE-2021-22904

7.5CVSS6.8AI score0.04808EPSS

Exploits1References3

UbuntuCve•added 2021/06/11 4:15 p.m.•32 views

CVE-2021-22904

7.5CVSS6.8AI score0.04808EPSS

Exploits1References4

Prion•added 2021/06/11 4:15 p.m.•21 views

Authentication flaw

5CVSS7.4AI score0.04808EPSS

Exploits1References3Affected Software1

OSV•added 2021/06/11 4:15 p.m.•2 views

UBUNTU-CVE-2021-22904

7.5CVSS6.8AI score0.04808EPSS

Exploits1References5

Cvelist•added 2021/06/11 3:49 p.m.•29 views

CVE-2021-22904

7.7AI score0.04808EPSS

Exploits1References3

CVE•added 2021/06/11 3:49 p.m.•158 views

CVE-2021-22904

CVE-2021-22904 concerns Rails Action Pack/token authentication DoS due to a too-permissive regular expression in Action Controller. Affected component: actionpack Ruby gem (versions before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6). Impact: potential denial of service via crafted requests or headers; no e...

7.5CVSS7.4AI score0.04808EPSS

Exploits1References3Affected Software1

Debian CVE•added 2021/06/11 3:49 p.m.•28 views

CVE-2021-22904

7.5CVSS6.5AI score0.04808EPSS

Exploits1

OpenVAS•added 2021/05/20 12:0 a.m.•30 views

Discourse 2.7.0.beta9 Security Update

A new Discourse update includes one security fix. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse";...

7.5CVSS7.1AI score0.04808EPSS

Exploits3References2

RedhatCVE•added 2021/05/19 12:25 a.m.•53 views

CVE-2021-22904

7.5CVSS1.7AI score0.04808EPSS

Exploits1References4

Debian•added 2021/05/11 8:52 p.m.•70 views

[SECURITY] [DLA 2655-1] rails security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-2655-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta May 12, 2021 https://wiki.debian.org/LTS - -----------------------------------------------------------------------...

7.5CVSS8.1AI score0.04808EPSS

Exploits2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by