Lucene search
+L

10 matches found

NVD
NVD
added 2026/07/08 11:16 p.m.7 views

CVE-2026-54783

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF WS-Security endorsing and supporting signature verification does not ensure the selected ds:Signature covers the expected Security header target, allowing an attacker with...

7.4CVSS0.00143EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/11 5:4 a.m.32 views

CVE-2026-41700 Cross-Site WebSocket Hijacking in Spring for GraphQL

Spring for GraphQL applications that have enabled the WebSocket transport are vulnerable to Cross-Site WebSocket Hijacking. An attacker can trick an authenticated user into visiting a malicious page, allowing the attacker to execute arbitrary GraphQL operations with the victim's credentials...

8.1CVSS0.00182EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/22 5:48 p.m.11 views

Always-Incorrect Control Flow Implementation

Overview Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation in the OAuth reauthentication for stale sessions. An attacker can perform unauthorized account actions by completing OAuth verification with their own identity in a stale, authenticated victi...

7.6CVSS5.8AI score0.00035EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/11 9:11 p.m.10 views

EUVD-2026-29343

Outline is a service that allows for collaborative documentation. Prior to 1.7.1, the Slack integration callback for GET /auth/slack.post accepts an unsigned, session-independent OAuth state value. A third party who can obtain a Slack OAuth code for the same Outline Slack client can make a...

5.8CVSS5.9AI score0.00125EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2024/06/27 1:6 p.m.4 views

containers/image: digest type does not guarantee valid type

A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks...

8.3CVSS7.2AI score0.01279EPSS
Exploits0References4
OSV
OSV
added 2023/03/09 10:15 p.m.5 views

UBUNTU-CVE-2023-0050

An issue has been discovered in GitLab affecting all versions starting from 13.7 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A specially crafted Kroki diagram could lead to a stored XSS on the client side which allows attackers to...

8.7CVSS5.9AI score0.9242EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/03/07 12:0 a.m.14 views

GitLab 跨站脚本漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab that stems from a cross-site scripti...

6.1CVSS6AI score0.00555EPSS
Exploits0References6
OSV
OSV
added 2021/07/07 12:15 p.m.3 views

UBUNTU-CVE-2021-22224

A cross-site request forgery vulnerability in the GraphQL API in GitLab since version 13.12 and before versions 13.12.6 and 14.0.2 allowed an attacker to call mutations as the victim...

7.1CVSS5.7AI score0.00893EPSS
Exploits0References5
ThreatPost
ThreatPost
added 2020/04/30 9:2 p.m.143 views

Microsoft Sway Abused in Office 365 Phishing Attack

A highly targeted phishing campaign, with a Microsoft file platform twist, has successfully siphoned the Office 365 credentials of more than 150 executives since mid-2019. Researchers attribute the campaign’s success to two parts: First, it leverages multiple Microsoft file-sharing services to...

0.5AI score
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2017/11/15 3:29 a.m.4 views

CVE-2017-11876

Microsoft Project Server and Microsoft SharePoint Enterprise Server 2016 allow an attacker to use cross-site forgery to read content that they are not authorized to read, use the victim's identity to take actions on the web application on behalf of the victim, such as change permissions and delet...

8.8CVSS5.4AI score0.02474EPSS
Exploits0References5
Rows per page
Query Builder