Lucene search
K

14 matches found

Cvelist
Cvelist
added 2026/03/26 12:22 a.m.27 views

CVE-2026-33182 Saloon is vulnerable to SSRF and credential leakage via absolute URL in endpoint overriding base URL

Saloon is a PHP library that gives users tools to build API integrations and SDKs. Prior to version 4.0.0, when building the request URL, Saloon combined the connector's base URL with the request endpoint. If the endpoint was a valid absolute URL, the code used that URL as-is and ignored the base...

8.7CVSS0.0042EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/25 9:28 p.m.13 views

AVideo Allows Unauthenticated Live Stream Control via Token Verification URL Override in control.json.php

Summary The standalone live stream control endpoint at plugin/Live/standAloneFiles/control.json.php accepts a user-supplied streamerURL parameter that overrides where the server sends token verification requests. An attacker can redirect token verification to a server they control that always...

9.4CVSS6AI score0.00437EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/03/25 9:28 p.m.8 views

GHSA-9HV9-GVWM-95F2 AVideo Allows Unauthenticated Live Stream Control via Token Verification URL Override in control.json.php

Summary The standalone live stream control endpoint at plugin/Live/standAloneFiles/control.json.php accepts a user-supplied streamerURL parameter that overrides where the server sends token verification requests. An attacker can redirect token verification to a server they control that always...

9.4CVSS6AI score0.00437EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/02/12 2:31 a.m.2 views

CVE-2026-26234 JUNG Smart Visu Server - Improper Neutralization of HTTP Headers for Scripting Syntax

JUNG Smart Visu Server 1.1.1050 contains a request header manipulation vulnerability that allows unauthenticated attackers to override request URLs by injecting arbitrary values in the X-Forwarded-Host header. Attackers can manipulate proxied requests to generate tainted responses, enabling cache...

8.8CVSS5.7AI score0.00496EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-10424

Malware in sbrugna...

7.8CVSS7.6AI score0.01425EPSS
Exploits1References2
OSV
OSV
added 2018/12/07 2:29 p.m.5 views

CVE-2018-17924

Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules An unauthenticated, remote threat actor could send a CIP connection request to an affected device, and upon successful connection, send a new IP configuration to the affected device even if the controller...

8.6CVSS5.8AI score0.043EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2018/12/07 2:0 p.m.6 views

CVE-2018-17924

Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules An unauthenticated, remote threat actor could send a CIP connection request to an affected device, and upon successful connection, send a new IP configuration to the affected device even if the controller...

7.3AI score0.043EPSS
Exploits0References2
Prion
Prion
added 2018/10/29 12:29 p.m.16 views

Buffer overflow

An issue was discovered on Tenda AC7 V15.03.06.44CN, AC9 V15.03.05.196318CN, AC10 V15.03.06.23CN, AC15 V15.03.05.19CN, and AC18 V15.03.05.196318CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'deviceList' parameter for a post request,...

7.8CVSS7.7AI score0.01141EPSS
Exploits1References1Affected Software5
Tenable Nessus
Tenable Nessus
added 2016/03/28 12:0 a.m.34 views

openSUSE Security Update : MozillaThunderbird (openSUSE-2016-402)

MozillaThunderbird was updated to 38.7.0 to fix the following issues : - Update to Thunderbird 38.7.0 boo969894 - MFSA 2015-81/CVE-2015-4477 bmo1179484 Use-after-free in MediaStream playback - MFSA 2015-136/CVE-2015-7207 bmo1185256 Same-origin policy violation using performance.getEntries and...

10CVSS7.4AI score0.30946EPSS
Exploits9References28
OPENSUSE Linux
OPENSUSE Linux
added 2016/03/26 5:8 p.m.47 views

Security update for MozillaThunderbird (important)

MozillaThunderbird was updated to 38.7.0 to fix the following issues: Update to Thunderbird 38.7.0 boo969894 MFSA 2015-81/CVE-2015-4477 bmo1179484 Use-after-free in MediaStream playback MFSA 2015-136/CVE-2015-7207 bmo1185256 Same-origin policy violation using performance.getEntries and history...

10CVSS1.1AI score0.30946EPSS
Exploits9References1
Tenable Nessus
Tenable Nessus
added 2016/03/21 12:0 a.m.43 views

SUSE SLES10 Security Update : MozillaFirefox (SUSE-SU-2016:0820-1)

Mozilla Firefox was updated to 38.7.0 ESR, fixing the following security issues : MFSA 2016-16/CVE-2016-1952/CVE-2016-1953: Miscellaneous memory safety hazards rv:45.0 / rv:38.7 MFSA 2016-17/CVE-2016-1954: Local file overwriting and potential privilege escalation through CSP reports MFSA...

10CVSS7.2AI score0.30946EPSS
Exploits9References32
Tenable Nessus
Tenable Nessus
added 2014/10/22 12:0 a.m.36 views

Mandriva Linux Security Advisory : bugzilla (MDVSA-2014:200)

Updated bugzilla packages fix security vulnerabilities : If a new comment was marked private to the insider group, and a flag was set in the same transaction, the comment would be visible to flag recipients even if they were not in the insider group CVE-2014-1571. An attacker creating a new...

5CVSS6.5AI score0.02326EPSS
Exploits0References4
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.26 views

IBM Lotus Domino iCalendar Email Address Stack Buffer Overflow Vulnerability

漏洞起因 栈溢出导致的远程代码执行 影响系统 Lotus Domino Server Versions 8.0 and 8.5 on AIX, AIX 64bit, Linux, Linux iSeries, Linux, zSeries, Solaris, Windows, Windows 64bit, z/OS 危害 远程攻击者可以利用漏洞在服务器上执行任意代码。 攻击所需条件 攻击者构造包含特殊参数的邮件。 漏洞信息 未经身份验证的远程代码执行漏洞是由于代码在识别处理和转换 iCalendar...

7AI score
Exploits0
myhack58
myhack58
added 2006/10/03 12:0 a.m.12 views

The concept of the rookie version of Virus writing guide there was a sense of-vulnerability warning-the black bar safety net

The first issue: the JMP ESP address the versatility issue. F. EN, in two articles have emphasized the JMP ESP opcode in the memory of the address, it version is dependent, and emphasized one more chance to put on two versions of the return code can be one more chances of success. Start your own...

7.4AI score
Exploits0
Rows per page
Query Builder