Lucene search
+L

11 matches found

Snyk
Snyk
added 2026/03/17 12:0 a.m.2 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection due to the AbstractFilterExpressionConverter's handling of operator characters, such as || and &&. This allows authenticated users to bypass metadata-based access controls by supplying arbitrary JSONPath queries to access...

8.6CVSS6AI score0.00521EPSS
Exploits0References2
OSV
OSV
added 2025/08/25 9:48 p.m.10 views

GHSA-PW25-C82R-75MM request-filtering-agent SSRF Bypass via HTTPS Requests to 127.0.0.1

request-filtering-agent versions 1.x.x and earlier contain a vulnerability where HTTPS requests to 127.0.0.1 bypass IP address filtering, while HTTP requests are correctly blocked. Impact: Vulnerable patterns requests that should be blocked but are allowed: - https://127.0.0.1:443/api -...

6.9CVSS6.4AI score0.00427EPSS
Exploits0References4
OSV
OSV
added 2025/07/11 12:24 p.m.7 views

OESA-2025-1818 tomcat security update

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Security Fixes: Allocation of resources for...

7.5CVSS6.9AI score0.64718EPSS
Exploits1References2
OSV
OSV
added 2025/07/11 12:24 p.m.7 views

OESA-2025-1817 tomcat security update

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Security Fixes: Allocation of resources for...

7.5CVSS6.9AI score0.64718EPSS
Exploits1References2
OSV
OSV
added 2025/07/11 12:24 p.m.6 views

OESA-2025-1815 tomcat security update

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Security Fixes: Allocation of resources for...

7.5CVSS6.9AI score0.64718EPSS
Exploits1References2
Snyk
Snyk
added 2024/01/02 10:45 p.m.3 views

Improper Authentication

Overview omniauth-microsoftgraph is an omniauth provider for new Microsoft Graph API. Affected versions of this package are vulnerable to Improper Authentication due to missing validation of the email attribute. An attacker can take over accounts by exploiting the trust placed in the email as a...

9.8CVSS6.7AI score0.00904EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/12/13 12:0 a.m.5 views

PT-2023-30183 · Apache +3 · Apache Shiro +3

Name of the Vulnerable Software and Affected Versions: Apache Shiro versions prior to 1.13.0 Apache Shiro versions 2.0.0-alpha-1 through 2.0.0-alpha-3 Description: The issue is related to a URL Redirection to Untrusted Site 'Open Redirect' vulnerability when "form" authentication is used in Apach...

9.8CVSS7.9AI score0.0968EPSS
Exploits1References31
Positive Technologies
Positive Technologies
added 2023/07/18 12:0 a.m.6 views

PT-2023-10828

Name of the Vulnerable Software and Affected Versions Blue Yonder postgraas server versions up to 2.0.0b2 Description A critical issue was found in the PostgreSQL Backend Handler component, specifically in the create pg connection/create postgres db function of the postgraas...

9.8CVSS6.2AI score0.0072EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2023/05/01 12:0 a.m.5 views

PT-2023-14756 · Apache · Apache Streampark

Name of the Vulnerable Software and Affected Versions: Apache StreamPark versions prior to 2.0.0 Description: The issue allows any user to upload a jar as an application without mandatory verification of the uploaded file type. This enables users to upload high-risk files and potentially upload...

9.8CVSS7.1AI score0.01308EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2022/12/22 12:0 a.m.5 views

PT-2022-28091 · Tss-Lib · Tss-Lib

Name of the Vulnerable Software and Affected Versions: tss-lib versions prior to 2.0.0 Description: The issue concerns a collision of hash values. This collision can potentially lead to security issues, although specific details about exploitation or affected devices are not provided...

9.1CVSS9.1AI score0.00453EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2016/04/08 12:0 a.m.5 views

PT-2020-12507 · Freerdp +7 · Freerdp +7

Name of the Vulnerable Software and Affected Versions: FreeRDP versions 1.0 through 2.0.0 Description: The issue is related to an out-of-bound read in the update read bitmap data function, which allows client memory to be read into an image buffer. The result of this action is displayed on the...

9.8CVSS6.3AI score0.08357EPSS
Exploits33References320
Rows per page
Query Builder