Lucene search
K

896 matches found

OpenVAS
OpenVAS
added 2024/04/18 12:0 a.m.49 views

Gunicorn < 22.0.0 HTTP Request Smuggling Vulnerability

Gunicorn is prone to a HTTP request smuggling vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gunicorn:gunicorn"; ...

7.5CVSS6.9AI score0.02996EPSS
Exploits0References2
Redos
Redos
added 2024/04/03 12:0 a.m.26 views

ROS-20240403-12

A vulnerability in the Range header analysis component of the modular interface between web servers and the Rack web applications is related to the creation of input data that could cause the analysis of the Content-Disposition header in Rack to take an unexpected amount of time...

7.5CVSS6.7AI score0.01626EPSS
Exploits0
Veracode
Veracode
added 2024/03/14 7:36 a.m.32 views

Denial Of Service (DoS)

Microsoft QUIC is vulnerable to Denial Of Service DoS. The vulnerability is caused by holding onto failed connections, leading to continuous memory consumption until exhaustion, resulting in Denial of Service. Note that this vulnerability is not exploitable on .NET-based web servers running on...

7.5CVSS6.5AI score0.0299EPSS
Exploits0References6Affected Software8
hivepro
hivepro
added 2024/01/12 5:18 p.m.10 views

FBot’s Arsenal against the SaaS Giants

Summary: FBot, a Python-based exploit tool, has systematically targeted critical infrastructures, spanning from web servers and cloud services to content management systems CMS and major Software as a Service SaaS platforms. Its primary objective is to infiltrate these services, acquiring...

7.2AI score
Exploits0
OpenVAS
OpenVAS
added 2024/01/12 12:0 a.m.12 views

security.txt Detection (HTTP)

Web Servers can use a file called security.txt to provide contact information for security researchers and other security related content. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

7.1AI score
Exploits0References2
The Hacker News
The Hacker News
added 2024/01/11 2:0 p.m.27 views

New Python-based FBot Hacking Toolkit Aims at Cloud and SaaS Platforms

A new Python-based hacking tool called FBot has been uncovered targeting web servers, cloud services, content management systems CMS, and SaaS platforms such as Amazon Web Services AWS, Microsoft 365, PayPal, Sendgrid, and Twilio. "Key features include credential harvesting for spamming attacks,...

7.2AI score
Exploits0
NVD
NVD
added 2024/01/03 8:15 p.m.27 views

CVE-2023-5880

When the Genie Company Aladdin Connect garage door opener Retrofit-Kit Model ALDCM is placed into configuration mode the web servers “Garage Door Control Module Setup” page is vulnerable to XSS via a broadcast SSID name containing malicious code with client side Java Script and/or HTML. This allo...

8.8CVSS8.2AI score0.00553EPSS
Exploits0References1
Prion
Prion
added 2024/01/03 8:15 p.m.24 views

Code injection

When the Genie Company Aladdin Connect garage door opener Retrofit-Kit Model ALDCM is placed into configuration mode the web servers “Garage Door Control Module Setup” page is vulnerable to XSS via a broadcast SSID name containing malicious code with client side Java Script and/or HTML. This allo...

6.8CVSS5.9AI score0.00553EPSS
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/12/22 12:0 a.m.5 views

The vulnerability of Hitachi Energy RTU500 CMU series programmable logic controllers’ web servers allows attackers to perform cross-site scripting attacks.

The vulnerability of the Hitachi Energy RTU500 CMU series programmable logic controllers’ web servers is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks...

6.4CVSS6.1AI score0.00392EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/12/20 12:0 a.m.37 views

TeamCity Server < 2023.11.1 CSRF

According to its self-reported version number, the version of JetBrains TeamCity running on the remote host is a version prior to 2023.11.1. It is, therefore, affected by a cross-site request forgery vulnerabilty. Note that Nessus did not actually test for these issues, but instead has relied on...

8.8CVSS7.7AI score0.00319EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/12/19 12:0 a.m.7 views

The vulnerability of Hitachi Energy RTU500 CMU series programmable logic controllers’ web servers allows attackers to perform cross-site scripting attacks.

The vulnerability of the Hitachi Energy RTU500 CMU series programmable logic controllers’ web servers is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks...

9CVSS6.1AI score0.00406EPSS
Exploits0References3Affected Software1
Imperva Blog
Imperva Blog
added 2023/12/14 1:48 p.m.51 views

Imperva Detects Undocumented 8220 Gang Activities

Imperva Threat Research has detected previously undocumented activity from the 8220 gang, which is known for the mass deployment of malware using a variety of continuously evolving TTPs. This threat actor has been known to target both Windows and Linux web servers with cryptojacking malware. In...

10CVSS10AI score0.99999EPSS
Exploits549
RedHat Linux
RedHat Linux
added 2023/11/24 4:53 p.m.66 views

Important: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.6 for OpenShift image enhancement and security update

A new image is available for Red Hat Single Sign-On 7.6.6, running on OpenShift Container Platform 3.10 and 3.11, and 4.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severit...

7.5CVSS7.1AI score0.99999EPSS
Exploits19References5
RedHat Linux
RedHat Linux
added 2023/11/21 12:4 p.m.5 views

HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References10
OSV
OSV
added 2023/11/17 9:38 p.m.50 views

GHSA-RQ42-58QF-V3QX LibreNMS vulnerable to rate limiting bypass on login page

Summary Application is using two login methods and one of them is using GET request for authentication. There is no rate limiting security feature at GET request or backend is not validating that. PoC Go to /?username=admin&password=password&submit= Capture request in Burpsuite intruder and add...

5.3CVSS6.5AI score0.00599EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2023/11/17 9:38 p.m.26 views

LibreNMS vulnerable to rate limiting bypass on login page

Summary Application is using two login methods and one of them is using GET request for authentication. There is no rate limiting security feature at GET request or backend is not validating that. PoC Go to /?username=admin&password=password&submit= Capture request in Burpsuite intruder and add...

7.5CVSS5.7AI score0.00599EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2023/11/17 11:6 a.m.2 views

OESA-2023-1824 skopeo security update

A command line utility that performs various operations on container images and image repositories Security Fixes: HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data...

7.5CVSS7AI score0.01888EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2023/11/16 3:57 p.m.48 views

Important: Red Hat Security Advisory: Updated Red Hat Process Automation Manager 7.13.4 SP2 Images

An update is now available for Red Hat Process Automation Manager including images for Red Hat OpenShift Container Platform. Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business...

7.5CVSS7.1AI score0.99999EPSS
Exploits19References3
OSV
OSV
added 2023/11/11 11:0 p.m.37 views

RLSA-2023:6746 Important: nghttp2 security update

libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 HTTP/2 protocol in C. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 For more details about the security issues, including the impact, a CV...

7.5CVSS8.3AI score0.99999EPSS
Exploits19References2
RedHat Linux
RedHat Linux
added 2023/11/08 1:10 a.m.46 views

Important: Red Hat Security Advisory: openshift-gitops-kam security update

An update for openshift-gitops-kam is now available for Red Hat OpenShift GitOps 1.8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.5CVSS7.1AI score0.99999EPSS
Exploits19References4
Rows per page
Query Builder