Lucene search
K

117 matches found

OSV
OSV
added 2026/03/04 5:50 p.m.11 views

CLSA-2026-1772646645 butane: Fix of CVE-2025-61729

rebuild with newer golang version 1.22.9-1.el92.tuxcare.els6 to fix the following CVE - CVE-2025-61729: limit parsed URL query parameters to mitigate excessive memory consumption during form parsing...

7.5CVSS5.9AI score0.00459EPSS
Exploits2References1
OSV
OSV
added 2026/03/04 10:24 a.m.15 views

CLSA-2026-1772619878 runc: Fix of 3 CVEs

rebuild with newer golang version 1.25.7-1.el96.tuxcare.els1 to fix the following CVEs - CVE-2025-68121: fix TLS session resumption bypass by preventing shared auto-rotated ticket keys in Config and validating full certificate chain expiry - CVE-2025-61726: limit parsed URL query parameters to...

10CVSS7AI score0.01945EPSS
Exploits3References1
OSV
OSV
added 2026/03/02 12:53 p.m.8 views

CLSA-2026-1772456031 runc: Fix of 3 CVEs

rebuild with newer golang version 1.22.9-1.el92.tuxcare.els6 to fix the following CVE's - CVE-2025-68121: fix TLS session resumption bypass by preventing shared auto-rotated ticket keys in Config and validating full certificate chain expiry - CVE-2025-61726: limit parsed URL query parameters to...

10CVSS7.1AI score0.01945EPSS
Exploits3References1
OSV
OSV
added 2026/03/02 12:44 p.m.11 views

CLSA-2026-1772455449 buildah: Fix of 3 CVEs

rebuild with newer golang version 1.22.9-1.el92.tuxcare.els6 to fix the following CVE's - CVE-2025-68121: fix TLS session resumption bypass by preventing shared auto-rotated ticket keys in Config and validating full certificate chain expiry - CVE-2025-61726: limit parsed URL query parameters to...

10CVSS7.1AI score0.01945EPSS
Exploits3References1
OSV
OSV
added 2026/02/26 8:47 p.m.5 views

RLSA-2026:3343 Important: skopeo security update

The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fixes: crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-61729 golang:...

7.5CVSS5.6AI score0.01945EPSS
Exploits3References4
NVD
NVD
added 2026/02/23 11:16 a.m.6 views

CVE-2025-59873

An information exposure vulnerability exists in Vulnerability in HCL Software ZIE for Web. The application transmits sensitive session tokens and authentication identifiers within the URL query parameters . An attacker who gains access to any network log or operates a site linked from the...

5.9CVSS0.00284EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/23 10:56 a.m.9 views

CVE-2025-59873 Session Token Exposure via URL Query Parameters

An information exposure vulnerability exists in Vulnerability in HCL Software ZIE for Web. The application transmits sensitive session tokens and authentication identifiers within the URL query parameters . An attacker who gains access to any network log or operates a site linked from the...

5.9CVSS5.3AI score0.00284EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/23 10:56 a.m.5 views

CVE-2025-59873

An information exposure vulnerability exists in Vulnerability in HCL Software ZIE for Web. The application transmits sensitive session tokens and authentication identifiers within the URL query parameters . An attacker who gains access to any network log or operates a site linked from the...

5.9CVSS5.3AI score0.00284EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/02/23 10:56 a.m.11 views

CVE-2025-59873

CVE-2025-59873 describes an information exposure in HCL Software ZIE for Web (v16) where the application transmits sensitive session tokens and authentication identifiers in URL query parameters. The root cause is tokens/identifiers being exposed via URLs, enabling session hijacking when an attac...

5.9CVSS5.3AI score0.00284EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/02/23 2:14 a.m.14 views

Important: Red Hat Security Advisory: grafana-pcp security update

An update for grafana-pcp is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

10CVSS6.7AI score0.01945EPSS
Exploits3References4
ATTACKERKB
ATTACKERKB
added 2026/02/11 12:0 a.m.3 views

CVE-2024-50617

Vulnerabilities in the File Download and Get File handler components in CIPPlanner CIPAce before 9.17 allow attackers to download unauthorized files. An authenticated user can easily change the file id parameter or pass the physical file path in the URL query string to retrieve the files. Retriev...

5.3AI score0.00232EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/19 7:42 p.m.5 views

CVE-2026-23846 Tugtainer vulnerable to Password Exposure via URL Query Parameter

Tugtainer is a self-hosted app for automating updates of Docker containers. In versions prior to 1.16.1, the password authentication mechanism transmits passwords via URL query parameters instead of the HTTP request body. This causes passwords to be logged in server access logs and potentially...

8.1CVSS5.4AI score0.00403EPSS
Exploits1References2
OSV
OSV
added 2026/01/19 7:42 p.m.10 views

CVE-2026-23846 Tugtainer vulnerable to Password Exposure via URL Query Parameter

Tugtainer is a self-hosted app for automating updates of Docker containers. In versions prior to 1.16.1, the password authentication mechanism transmits passwords via URL query parameters instead of the HTTP request body. This causes passwords to be logged in server access logs and potentially...

8.1CVSS5.5AI score0.00403EPSS
Exploits1References4
NVD
NVD
added 2026/01/15 2:16 p.m.6 views

CVE-2026-22644

Certain requests pass the authentication token in the URL as string query parameter, making it vulnerable to theft through server logs, proxy logs and Referer headers, which could allow an attacker to hijack the user's session and gain unauthorized access...

7.5CVSS0.00478EPSS
Exploits0References6
CVE
CVE
added 2026/01/12 4:20 a.m.17 views

CVE-2025-69270

Broadcom DX NetOps Spectrum 24.3.8 and earlier are affected by Information Exposure Through Query Strings in GET Requests, enabling potential session hijacking on Windows and Linux. The vulnerability arises from information disclosure via GET request query strings, which could allow an attacker t...

9.8CVSS6.6AI score0.00281EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 12:37 p.m.9 views

CVE-2023-50328

IBM PowerSC 1.3, 2.0, and 2.1 may allow a remote attacker to view session identifiers passed via URL query strings. IBM X-Force ID: 275110...

5.3CVSS6.4AI score0.00532EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/05 6:26 p.m.4 views

EUVD-2026-0927

Malicious code in @crepo/crepo-url-query-mapper npm...

6.6AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/01/05 6:26 p.m.8 views

Malicious code in @crepo/crepo-url-query-mapper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a8556f30a48d0b1c957d0d66394801c28e6259503ed20f4cbf900102b962ee5f The package @crepo/crepo-url-query-mapper was found to contain malicious code. Source: ossf-package-analysis...

6.9AI score
Exploits0
CNNVD
CNNVD
added 2025/12/12 12:0 a.m.7 views

Masa CMS 跨站脚本漏洞

Masa CMS is a digital experience platform. A cross-site scripting vulnerability exists in Masa CMS versions 7.2.8 and earlier, 7.3.1 through 7.3.13, 7.4.0-alpha.1 through 7.4.8, and 7.5.0 through 7.5.1, which stems from an ajax URL query parameter that is not cleaned up and included directly in t...

8.2CVSS5.7AI score0.0021EPSS
Exploits0References2
OSV
OSV
added 2025/10/23 11:15 p.m.7 views

CVE-2025-62254

The ComboServlet in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not limit the number or size of the files i...

7.5CVSS6.5AI score0.00508EPSS
Exploits0References1
Rows per page
Query Builder