CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5318 matches found

OSV•added 2023/12/20 9:15 a.m.•6 views

CVE-2023-37544

Improper Authentication vulnerability in Apache Pulsar WebSocket Proxy allows an attacker to connect to the /pingpong endpoint without authentication. This issue affects Apache Pulsar WebSocket Proxy: from 2.8.0 through 2.8., from 2.9.0 through 2.9., from 2.10.0 through 2.10.4, from 2.11.0 throug...

7.5CVSS7.5AI score

Exploits0References2

NVD•added 2023/12/20 9:15 a.m.•15 views

CVE-2023-37544

7.5CVSS0.01351EPSS

Exploits0References2

Prion•added 2023/12/20 9:15 a.m.•26 views

Authentication flaw

5CVSS7.1AI score0.01351EPSS

Exploits0References2Affected Software1

CVE•added 2023/12/20 8:34 a.m.•71 views

CVE-2023-37544

CVE-2023-37544 covers an Improper Authentication vulnerability in the Apache Pulsar WebSocket Proxy, where an attacker can connect to the /pingpong endpoint without authentication. Affected are Pulsar WebSocket Proxy releases listed in the CVE, including 2.8.0–2.8., 2.9.0–2.9. , 2.10.0–2.10.4, 2....

7.5CVSS7.4AI score0.01351EPSS

Exploits0References2Affected Software1

Cvelist•added 2023/12/20 8:34 a.m.•24 views

CVE-2023-37544 Apache Pulsar WebSocket Proxy: Improper Authentication for WebSocket Proxy Endpoint Allows DoS

7.5CVSS7.7AI score0.01351EPSS

Exploits0References2

CNNVD•added 2023/12/20 12:0 a.m.•3 views

Apache Pulsar 授权问题漏洞

Apache Pulsar is a U.S. Apache Apache Foundation for cloud environments, set of messages, storage, lightweight functional computing as a distributed message flow platform. A denial of service vulnerability exists in Apache Pulsar WebSocket Proxy, which can be exploited by an attacker to cause a...

7.5CVSS6.7AI score0.01351EPSS

Exploits0References2

Positive Technologies•added 2023/12/20 12:0 a.m.•4 views

PT-2023-26015 · Apache · Apache Pulsar Websocket Proxy

Name of the Vulnerable Software and Affected Versions: Apache Pulsar WebSocket Proxy versions 2.8.0 through 2.8. Apache Pulsar WebSocket Proxy versions 2.9.0 through 2.9. Apache Pulsar WebSocket Proxy versions 2.10.0 through 2.10.4 Apache Pulsar WebSocket Proxy versions 2.11.0 through 2.11.1 Apac...

7.5CVSS7.3AI score0.01351EPSS

Exploits0References15

Tenable Nessus•added 2023/12/17 12:0 a.m.•18 views

Fedora 38 : unrealircd (2023-239f057b33)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-239f057b33 advisory. UnrealIRCd 6.1.3 The main focus of this release is adding countermeasures against large scale spam/drones. Upstream does this by offering a central API which...

5.8AI score

Exploits0References1

Positive Technologies•added 2023/12/16 12:0 a.m.•4 views

PT-2023-31650 · Unknown · Unrealircd

Name of the Vulnerable Software and Affected Versions: UnrealIRCd versions 6.1.0 through 6.1.3 Description: A buffer overflow in websockets allows an unauthenticated remote attacker to crash the server by sending an oversized packet, if a websocket port is open. Remote code execution might be...

7.5CVSS8AI score0.01906EPSS

Exploits0References8

BDU FSTEC•added 2023/12/14 12:0 a.m.•3 views

The vulnerability of the WebSocket technology in the Quarkus Java framework allows attackers to gain unauthorized access to protected information and enhance their privileges.

The vulnerability of the WebSocket technology in the Quarkus Java framework is related to the improper implementation of the sequence of actions performed during request processing, due to insufficient access control. Exploiting this vulnerability can allow an attacker to gain unauthorized access...

7.4CVSS7.5AI score0.00814EPSS

Exploits0References6Affected Software1

BDU FSTEC•added 2023/12/12 12:0 a.m.•3 views

The vulnerability of the WebSocket technology in the Confluence Atlassian Companion App for editing system data files on the MacOS operating system allows attackers to bypass security restrictions and execute arbitrary code.

The vulnerability of the WebSocket technology in the Confluence Atlassian Companion App for MacOS lies in its lack of access control mechanisms. Exploiting this vulnerability allows an attacker to bypass security restrictions and execute arbitrary code...

10CVSS8.3AI score0.24725EPSS

Exploits2References5Affected Software1

NVD•added 2023/12/11 11:15 p.m.•23 views

CVE-2023-49805

Uptime Kuma is an easy-to-use self-hosted monitoring tool. Prior to version 1.23.9, the application uses WebSocket with Socket.io, but it does not verify that the source of communication is valid. This allows third-party website to access the application on behalf of their client. When connecting...

8.8CVSS0.00376EPSS

Exploits1References2

Prion•added 2023/12/11 11:15 p.m.•19 views

Cross site request forgery (csrf)

6.5CVSS6.9AI score0.00376EPSS

Exploits1References2Affected Software2

Cvelist•added 2023/12/11 10:37 p.m.•32 views

CVE-2023-49805 Uptime Kuma Missing Origin Validation in WebSockets

6CVSS8.9AI score0.00376EPSS

Exploits1References2

CVE•added 2023/12/11 10:37 p.m.•52 views

CVE-2023-49805

Uptime Kuma prior to version 1.23.9 is vulnerable to missing origin validation in Socket.IO WebSocket connections. The server does not verify the Origin header, allowing cross-origin access from third-party sites and potential exposure of sensitive data in protected endpoints, even without user i...

8.8CVSS7.5AI score0.00376EPSS

Exploits1References2Affected Software2

OSV•added 2023/12/11 10:37 p.m.•52 views

CVE-2023-49805 Uptime Kuma Missing Origin Validation in WebSockets

6CVSS8.6AI score0.00376EPSS

Exploits1References4

OSV•added 2023/12/09 3:30 a.m.•2 views

GHSA-MVC8-6FFP-JRX5 Authorization bypass in Quarkus

A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarkus processes the request without authentication despite the endpoint being secured. This can allow an attacker to access information and...

7.4CVSS5.8AI score0.00814EPSS

Exploits0References9