11 matches found
CVE-2026-33488
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the createKeys function in the LoginControl plugin's PGP 2FA system generates 512-bit RSA keys, which have been publicly factorable since 1999. An attacker who obtains a target user's public key can factor the...
CVE-2025-50735
Directory traversal vulnerability in NextChat thru 2.16.0 due to the WebDAV proxy failing to canonicalize or reject dot path segments in its catch-all route, allowing attackers to gain sensitive information via authenticated or anonymous WebDAV endpoints...
CVE-2025-50735
Directory traversal vulnerability in NextChat thru 2.16.0 due to the WebDAV proxy failing to canonicalize or reject dot path segments in its catch-all route, allowing attackers to gain sensitive information via authenticated or anonymous WebDAV endpoints...
CVE-2025-50735
Directory traversal vulnerability in NextChat thru 2.16.0 due to the WebDAV proxy failing to canonicalize or reject dot path segments in its catch-all route, allowing attackers to gain sensitive information via authenticated or anonymous WebDAV endpoints...
CVE-2024-7294
In Progress® Telerik® Report Server versions prior to 2024 Q3 10.2.24.806, an HTTP DoS attack is possible on anonymous endpoints without rate limiting...
CVE-2024-7294
In Progress® Telerik® Report Server versions prior to 2024 Q3 10.2.24.806, an HTTP DoS attack is possible on anonymous endpoints without rate limiting...
CVE-2024-7294 Uncontrolled resource consumption of anonymous endpoints
In Progress® Telerik® Report Server versions prior to 2024 Q3 10.2.24.806, an HTTP DoS attack is possible on anonymous endpoints without rate limiting...
CVE-2024-7294
Progress Telerik Report Server (Progress) is affected by an HTTP DoS vulnerability on anonymous endpoints due to lack of rate limiting. The issue originates from uncontrolled resource consumption of anonymous requests, impacting availability. Affected versions are prior to 2024 Q3 (10.2.24.806). ...
CVE-2024-7294 Uncontrolled resource consumption of anonymous endpoints
In Progress® Telerik® Report Server versions prior to 2024 Q3 10.2.24.806, an HTTP DoS attack is possible on anonymous endpoints without rate limiting...
PT-2024-38243 · Progress · Telerik Report Server
Name of the Vulnerable Software and Affected Versions: In Progress Telerik Report Server versions prior to 2024 Q3 10.2.24.806 Description: The issue allows for an HTTP DoS attack on anonymous endpoints without rate limiting. This can potentially lead to service disruption. Recommendations: For...
GHSA-VMM6-W4CF-7F3X Authentication Bypass For Endpoints With Anonymous Access in Opencast
Impact Using a remember-me cookie with an arbitrary username can cause Opencast to assume proper authentication for that user even if the remember-me cookie was incorrect given that the attacked endpoint also allows anonymous access. This way, an attacker can, for example, fake a remember-me toke...