CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

130 matches found

CVE•added 2025/04/01 7:56 a.m.•72 views

CVE-2025-29868

CVE-2025-29868 affects Apache Answer up to version 1.4.2. A public method returns a private data structure, enabling potential disclosure of a user’s IP address when external images are accessed. The issue is mitigated in version 1.4.5, which adds a configurable setting to control whether externa...

6.5CVSS6.7AI score0.0155EPSS

Exploits0References4Affected Software1

CNNVD•added 2025/04/01 12:0 a.m.•2 views

Apache Answer 安全漏洞

Apache Answer is a community platform of the Apache USA Foundation. An information disclosure vulnerability exists in Apache Answer 1.4.2 and earlier versions, which stems from a public method returning a private data structure, and can be exploited by an attacker to cause IP address disclosure...

6.5CVSS6.2AI score0.0155EPSS

Exploits0References2

RedhatCVE•added 2025/02/14 11:45 a.m.•6 views

CVE-2024-29217

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Answer.This issue affects Apache Answer: before 1.3.0. XSS attack when user changes personal website. A logged-in user, when modifying their personal website, can input malicious code in the...

4.6CVSS6AI score0.0038EPSS

Exploits0References1

RedhatCVE•added 2025/02/14 11:3 a.m.•7 views

CVE-2024-22393

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. Pixel Flood Attack by uploading large pixel files will cause server out of memory. A logged-in user can cause such an attack by uploading an image when posting content...

9.1CVSS6.6AI score0.26731EPSS

Exploits1References1

RedhatCVE•added 2025/02/14 10:47 a.m.•4 views

CVE-2024-26578

Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. Repeated submission during registration resulted in the registration of the same user. When users register, if they rapidly...

5.9CVSS6.8AI score0.0029EPSS

Exploits0References1

SUSE CVE•added 2024/12/12 7:3 a.m.•2 views

SUSE CVE-2024-45719

Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.0. The ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be predictable. Users are recommended to upgrade to version 1.4.1,...

2.6CVSS7AI score0.0009EPSS

Exploits0References3

Github Security Blog•added 2024/11/22 9:32 p.m.•19 views

Apache Answer: Predictable Authorization Token Using UUIDv1

2.6CVSS7AI score0.0009EPSS

Exploits0References4Affected Software1

OSV•added 2024/11/22 9:32 p.m.•12 views

GHSA-MR95-VFCF-FX9P Apache Answer: Predictable Authorization Token Using UUIDv1

2.6CVSS3.5AI score0.0009EPSS

Exploits0References4

OSV•added 2024/11/22 3:15 p.m.•2 views

CVE-2024-45719

2.6CVSS6AI score

Exploits0References2

NVD•added 2024/11/22 3:15 p.m.•10 views

CVE-2024-45719

2.6CVSS0.0009EPSS

Exploits0References2

Cvelist•added 2024/11/22 2:36 p.m.•15 views

CVE-2024-45719 Apache Answer: Predictable Authorization Token Using UUIDv1

0.0009EPSS

Exploits0References1

CVE•added 2024/11/22 2:36 p.m.•60 views

CVE-2024-45719

CVE-2024-45719 concerns Apache Answer with an Inadequate Encryption Strength vulnerability affecting versions up to 1.4.0. The issue is that IDs generated using UUID v1 can be predictable, reducing token security. The recommended fix is upgrade to version 1.4.1, which closes the flaw. Connected s...

2.6CVSS3.7AI score0.0009EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2024/11/22 12:0 a.m.•4 views

PT-2024-31737 · Apache · Apache Answer

Name of the Vulnerable Software and Affected Versions: Apache Answer versions through 1.4.0 Description: The issue is related to inadequate encryption strength in Apache Answer, specifically with the use of UUID v1 version for generating ids. This can cause the generated token to be predictable,...

8.1CVSS6AI score0.39569EPSS

Exploits3References36

CNNVD•added 2024/11/22 12:0 a.m.•2 views

Apache Answer 安全漏洞

Apache Answer is a community platform of the Apache USA Foundation. A security vulnerability exists in Apache Answer versions 1.4.0 and earlier, which stems from insufficient cryptographic strength and could result in the generation of tokens that are predictable...

2.6CVSS6.4AI score0.0009EPSS

Exploits0References2

OSV•added 2024/09/25 9:30 a.m.•10 views

GHSA-48CR-J2CX-MCR8 Apache Answer: Avatar URL leaked user email addresses

Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. Using the MD5 value of a user's email to access Gravatar is insecure and can lead to the leakage of user email. The official recommendation is to use SHA256 instead. Users are recommend...

6.9CVSS5.2AI score0.00806EPSS

Exploits0References15

Github Security Blog•added 2024/09/25 9:30 a.m.•10 views

Apache Answer: Avatar URL leaked user email addresses

5.3CVSS7.1AI score0.00806EPSS

Exploits0References15Affected Software1

OSV•added 2024/09/25 8:15 a.m.•1 views

CVE-2024-40761

5.3CVSS6.1AI score

Exploits0References12

NVD•added 2024/09/25 8:15 a.m.•17 views

CVE-2024-40761

5.3CVSS0.00806EPSS

Exploits0References12

Cvelist•added 2024/09/25 7:31 a.m.•18 views

CVE-2024-40761 Apache Answer: Avatar URL leaked user email addresses

0.00806EPSS

Exploits0References1

CVE•added 2024/09/25 7:31 a.m.•52 views

CVE-2024-40761

Apache Answer contains an Inadequate Encryption Strength vulnerability (through version 1.3.5) where the MD5 hash of a user’s email is used to access Gravatar, risking email leakage. Mitigation: upgrade to version 1.4.0 which switches to SHA-256 per the advisory. Nuclear risk: only disclosed as l...

5.3CVSS5.3AI score0.00806EPSS

Exploits0References12Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by