Lucene search
K

117 matches found

Cvelist
Cvelist
added 2024/05/13 3:50 p.m.20 views

CVE-2024-34698 Prototype Pollution in getQueryParam Function (URL Query Parser)

FreeScout is a free, self-hosted help desk and shared mailbox. Versions of FreeScout prior to 1.8.139 contain a Prototype Pollution vulnerability in the /public/js/main.js source file. The Prototype Pollution arises because the getQueryParam Function recursively merges an object containing...

4.6CVSS5.1AI score0.00461EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/05/13 3:50 p.m.15 views

CVE-2024-34698 Prototype Pollution in getQueryParam Function (URL Query Parser)

FreeScout is a free, self-hosted help desk and shared mailbox. Versions of FreeScout prior to 1.8.139 contain a Prototype Pollution vulnerability in the /public/js/main.js source file. The Prototype Pollution arises because the getQueryParam Function recursively merges an object containing...

4.6CVSS6.8AI score0.00461EPSS
Exploits1References2
Snyk
Snyk
added 2024/04/12 10:54 p.m.4 views

Improper Removal of Sensitive Information Before Storage or Transfer

Overview OpenTelemetry.Instrumentation.Http is a Http instrumentation for OpenTelemetry .NET Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer due to the logging of sensitive query parameters by default. This behavior occurs...

4.1CVSS6.6AI score0.00291EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/04/02 12:0 a.m.5 views

Rapid7 InsightVM 安全漏洞

Rapid7 InsightVM is a vulnerability scanning and management application from Rapid7 USA. A security vulnerability exists in Rapid7 InsightVM versions prior to 6.6.244. The vulnerability stems from a sensitive information exposure vulnerability on the login page in maintenance mode, whereby when...

3.3CVSS6.6AI score0.00181EPSS
Exploits0References2
CNVD
CNVD
added 2024/02/22 12:0 a.m.15 views

IBM PowerSC Information Disclosure Vulnerability (CNVD-2024-09949)

IBM PowerSC is an International Business Machines IBM security and compliance solution for IBM Power Systems servers. An information disclosure vulnerability exists in IBM PowerSC, which can be exploited by an attacker to view session identifiers passed via URL query strings...

5.3CVSS6.2AI score0.00532EPSS
Exploits0References1
Prion
Prion
added 2024/02/02 2:15 a.m.19 views

Code injection

IBM PowerSC 1.3, 2.0, and 2.1 may allow a remote attacker to view session identifiers passed via URL query strings. IBM X-Force ID: 275110...

5CVSS6.7AI score0.00532EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/02/02 1:16 a.m.13 views

CVE-2023-50328 IBM PowerSC information disclosure

IBM PowerSC 1.3, 2.0, and 2.1 may allow a remote attacker to view session identifiers passed via URL query strings. IBM X-Force ID: 275110...

3.7CVSS5.3AI score0.00532EPSS
Exploits0References2
OSV
OSV
added 2023/12/05 11:31 p.m.3 views

GHSA-92R3-M2MG-PJ97 Vite XSS vulnerability in `server.transformIndexHtml` via URL payload

Summary When Vite's HTML transformation is invoked manually via server.transformIndexHtml, the original request URL is passed in unmodified, and the html being transformed contains inline module scripts ..., it is possible to inject arbitrary HTML into the transformed output by supplying a...

6.1CVSS7.1AI score0.00997EPSS
Exploits1References3
Prion
Prion
added 2023/11/01 6:15 p.m.20 views

Improper access control

Improper access control in Report log filters feature in Devolutions Server 2023.2.10.0 and earlier allows attackers to retrieve logs from vaults or entries they are not allowed to access via the report request url query parameters...

5CVSS5.3AI score0.00548EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2023/09/25 11:1 a.m.14 views

Denial Of Service

faktory package is vulnerable to Denial of Service. The vulnerability is related to how the backend reads the days URL query parameter in the Faktory web dashboard which is used without any validation. If a huge value is provided, the backend service could consume significant amount of memory and...

7.5CVSS6.7AI score0.00769EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2023/09/20 10:51 p.m.279 views

GHSA-X4HH-VJM7-G2JV Faktory Web Dashboard can lead to denial of service(DOS) via malicious user input

Summary Faktory web dashboard can suffer from denial of service by a crafted malicious url query param days. Details The vulnerability is related to how the backend reads the days URL query parameter in the Faktory web dashboard. The value is used directly without any checks to create a string...

7.5CVSS7.4AI score0.00769EPSS
Exploits1References3
Prion
Prion
added 2023/09/20 10:15 p.m.14 views

Sql injection

Faktory is a language-agnostic persistent background job server. Prior to version 1.8.0, the Faktory web dashboard can suffer from denial of service by a crafted malicious url query param days. The vulnerability is related to how the backend reads the days URL query parameter in the Faktory web...

5CVSS7.3AI score0.00769EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/09/20 9:27 p.m.40 views

CVE-2023-37279 Faktory Web Dashboard can lead to denial of service(DOS) via malicious user input

Faktory is a language-agnostic persistent background job server. Prior to version 1.8.0, the Faktory web dashboard can suffer from denial of service by a crafted malicious url query param days. The vulnerability is related to how the backend reads the days URL query parameter in the Faktory web...

7.5CVSS7.5AI score0.00769EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2023/04/26 2:15 p.m.61 views

CVE-2023-1387

Grafana is an open-source platform for monitoring and observability. Starting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter authtoken and use it as the authentication token. By enabling the "urllogin" configuration option disabled by default, a...

7.5CVSS7.1AI score0.01504EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/04/26 1:47 p.m.23 views

CVE-2023-1387

Grafana is an open-source platform for monitoring and observability. Starting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter authtoken and use it as the authentication token. By enabling the "urllogin" configuration option disabled by default, a...

4.2CVSS7.8AI score0.01504EPSS
Exploits1References3
Veracode
Veracode
added 2023/02/25 8:48 p.m.20 views

Prototype Pollution

firefox is vulnerable to Prototype Pollution. The vulnerability exists due to the URL previews in the network panel of developer tools improperly storing URLs, query parameters could potentially be used to overwrite global objects in privileged code...

8.8CVSS4.9AI score0.00557EPSS
Exploits0References3Affected Software3
F5 Networks
F5 Networks
added 2023/02/21 5:34 p.m.33 views

K82679059: BIG-IP APM SSO vulnerability CVE-2016-3686

Security Advisory Description Cleartext SessionID is visible in URL query parameters under some conditions. CVE-2016-3686 Impact There is a theoretical risk that a user could obtain unauthorized access to the system, causing a security breach. Security Advisory Status F5 Product Development has...

5.9CVSS5.7AI score0.01526EPSS
Exploits0Affected Software2
SUSE CVE
SUSE CVE
added 2023/02/15 3:26 a.m.3 views

SUSE CVE-2022-29810

The Hashicorp go-getter library before 1.5.11 does not redact an SSH key from a URL query parameter...

5.5CVSS6.8AI score0.00403EPSS
Exploits0References4
Veracode
Veracode
added 2022/11/28 5:6 a.m.30 views

Denial Of Service (DoS)

qs is vulnerable to denial of service. The vulnerability exists in the parseObject function of parse.js due to lack of checks for attributes like proto in the query string of the URL, which allows an attacker to cause an application crash by providing malicious payload...

7.5CVSS8.1AI score0.14663EPSS
Exploits2References16Affected Software4
OSV
OSV
added 2022/10/19 8:26 p.m.26 views

GHSA-5JP2-VWRJ-99RF Team scope authorization bypass when Post/Put request with :team_name in body, allows HTTP parameter pollution

Impact For some Post/Put Concourse endpoint containing :teamname in the URL, a Concourse user can send a request with body including :teamname=team2 to bypass team scope check to gain access to certain resources belong to any other team. The user only needs a valid user session and belongs to...

5.4CVSS5.7AI score0.00446EPSS
Exploits1References9
Rows per page
Query Builder