Lucene search
K

22 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-54273

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, no limit was present on the number of pipelined requests that...

8.7CVSS5.9AI score0.00279EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 1:59 a.m.16 views

SUSE CVE-2026-48524

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.getsigningkey forces a fresh HTTP request to the JWKS endpoint for every JWT with an unknown kid value, with no rate limiting. Since kid comes from the unverified token header, an attacker can trigger unlimited...

3.7CVSS5.8AI score0.00222EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-48524

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.getsigningkey forces a fresh HTTP request to the JWKS endpoint for every JWT wi...

3.7CVSS5.5AI score0.00222EPSS
Exploits0References4
PyPA
PyPA
added 2026/05/28 4:16 p.m.10 views

PYSEC-2026-177

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.getsigningkey forces a fresh HTTP request to the JWKS endpoint for every JWT with an unknown kid value, with no rate limiting. Since kid comes from the unverified token header, an attacker can trigger unlimited...

3.7CVSS5.8AI score0.00222EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/05/28 4:16 p.m.7 views

DEBIAN-CVE-2026-48524

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.getsigningkey forces a fresh HTTP request to the JWKS endpoint for every JWT with an unknown kid value, with no rate limiting. Since kid comes from the unverified token header, an attacker can trigger unlimited...

3.7CVSS5.8AI score0.00222EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/08 4:32 p.m.8 views

Missing Authentication for Critical Function

Overview gmaps-mcp is a MCP server for Google Maps — places search, directions, geocoding. Works with Claude Desktop, Cursor, Claude Code. Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the HTTP authentication process. An attacker can make...

8.3CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/03/20 2:39 p.m.7 views

CVE-2026-29794 Vikunja has Rate-Limit Bypass for Unauthenticated Users via Spoofed Headers

Vikunja is an open-source self-hosted task management platform. Starting in version 0.8 and prior to version 2.2.0, unauthenticated users are able to bypass the application's built-in rate-limits by spoofing the X-Forwarded-For or X-Real-IP headers due to the rate-limit relying on the value of...

5.3CVSS6.3AI score0.00328EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/12/11 10:1 p.m.5 views

CVE-2025-66473

XWiki is an open-source wiki software platform. Versions 16.10.10 and below, 17.0.0-rc-1 through 17.4.3 and 17.5.0-rc-1 through 17.6.0 contain a REST API which doesn't enforce any limits for the number of items that can be requested in a single request at the moment. Depending on the number of...

8.7CVSS6.7AI score0.00339EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/03 9:31 p.m.4 views

EUVD-2025-201094

An issue in HCL Technologies Limited HCLTech GRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via APIs do not enforcing limits on the number or size of requests...

5.5CVSS7.5AI score0.00384EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/02/28 12:0 a.m.6 views

CyberArk Endpoint Privilege Manager 安全漏洞

CyberArk Endpoint Privilege Manager is a privilege management software from the Israeli company CyberArk. The software includes features such as privilege management, application control and credential loss protection. A security vulnerability exists in CyberArk Endpoint Privilege Manager version...

9.3CVSS6.3AI score0.00589EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/12/31 12:0 a.m.8 views

PT-2024-35799 · Trend Micro · Trend Micro Security

Name of the Vulnerable Software and Affected Versions: Trend Micro ID Security versions 3.0 and below Description: The issue allows an attacker to send an unlimited number of email verification requests without restriction, potentially leading to abuse or denial of service. Recommendations: For...

6.5CVSS7AI score0.00288EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/12/31 12:0 a.m.3 views

Trend Micro ID Security 安全漏洞

Trend Micro ID Security is an all-in-one ad blocker, password manager, and privacy-enhancing browser extension from Trend Micro. A security vulnerability exists in Trend Micro ID Security 3.0 and prior versions, which stems from a vulnerability that could allow an attacker to send an unlimited...

8.2CVSS6.8AI score0.00288EPSS
Exploits0References1
CNVD
CNVD
added 2024/03/14 12:0 a.m.7 views

IBM Cognos Analytics Denial of Service Vulnerability (CNVD-2024-15372)

IBM Cognos Analytics is a suite of business intelligence software from International Business Machines IBM. The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decisions by analyzing such things as key factors and key people. A denial of service...

6.5CVSS6.4AI score0.01209EPSS
Exploits0References1
OSV
OSV
added 2024/02/26 4:27 p.m.4 views

CVE-2022-34357

IBM Cognos Analytics Mobile Server 11.1.7, 11.2.4, and 12.0.0 is vulnerable to Denial of Service due to due to weak or absence of rate limiting. By making unlimited http requests, it is possible for a single user to exhaust server resources over a period of time making service unavailable for oth...

6.5CVSS5.8AI score0.01209EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/02/26 12:0 a.m.5 views

IBM Cognos Analytics 安全漏洞

IBM Cognos Analytics is a suite of business intelligence software from International Business Machines IBM. The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decisions by analyzing such things as key factors and key people. A denial of service...

6.5CVSS6.5AI score0.01209EPSS
Exploits0References3
OSV
OSV
added 2023/09/04 1:15 p.m.3 views

CVE-2023-3222

Vulnerability in the password recovery mechanism of Password Recovery plugin for Roundcube, in its 1.2 version, which could allow a remote attacker to change an existing user´s password by adding a 6-digit numeric token. An attacker could create an automatic script to test all possible values...

7.5CVSS5.8AI score0.00508EPSS
Exploits0References1
GitLab Advisory Database
GitLab Advisory Database
added 2023/06/09 12:0 a.m.15 views

Vapor's Metrics integration could cause a system drain

This is a DoS attack against anyone who Bootstraps a metrics backend for their Vapor app with the following attack vector: 1. send unlimited requests against a vapor instance with different paths. this will create “unlimited” counters and timers, which will eventually drain the system. 2...

5.3CVSS6.8AI score0.01625EPSS
Exploits0References7Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 3:44 a.m.1 views

SUSE CVE-2021-28148

One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 is accessible without any authentication. This allows any unauthenticated user to send an unlimited number of requests to the endpoint, leading to a denial of service DoS...

7.5CVSS8.2AI score0.03497EPSS
Exploits0References14
Huntr
Huntr
added 2022/12/14 9:22 p.m.120 views

Bypass All Captchas in the application

Description Bypass Captcha while adding a new Proposal for a new FAQ or Add question ,And send unlimited request without submit captcha code. Proof of Concept https://drive.google.com/file/d/140CMe4FLFLBmIUUbI8706bZ4zs4d7N/view?usp=sharing...

7.5CVSS9AI score0.00928EPSS
Exploits0
CNVD
CNVD
added 2018/09/17 12:0 a.m.2 views

Beijing Huijinxing Real Estate Brokerage Co., Ltd. magic sale APP has SMS bombing vulnerability

MagicSale is a new home distribution platform for institutional cooperation, helping brokers of cooperating institutions to effectively develop "inventory customers" in their hands, corresponding their needs to the new home market, and securely realizing the income of institutions and brokers. Th...

7AI score
Exploits0
Rows per page
Query Builder