Lucene search
K

6 matches found

OSV
OSV
added 2026/06/08 11:8 p.m.6 views

GHSA-W7W5-5GCP-38RW nebula-mesh: Web UI and API responses lack security headers (CSP, X-Frame-Options, HSTS, etc.)

None of the response paths in internal/web/ or internal/api/ set the standard browser-security headers. grep for Content-Security-Policy, X-Frame-Options, Strict-Transport-Security, X-Content-Type-Options, Referrer-Policy returns zero matches across the codebase. Impact The admin UI signs CA...

7.1CVSS5.5AI score0.00031EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/07 2:9 a.m.10 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via improper validation of the supi path parameter in multiple GET handlers. An attacker can obtain internal infrastructure details, including hostnames, ports, and API paths, by injecting control characters into th...

8.7CVSS5.8AI score0.00324EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.6 views

PT-2026-21966

Name of the Vulnerable Software and Affected Versions Angular SSR versions prior to 21.2.0-rc.1, 21.1.5, 20.3.17, and 19.2.21 Description Angular SSR, a server-side rendering tool for Angular applications, contains a Server-Side Request Forgery SSRF issue in its request handling pipeline. The...

9.2CVSS7.4AI score0.00497EPSS
Exploits1References22
Positive Technologies
Positive Technologies
added 2026/02/07 12:0 a.m.9 views

PT-2026-6928

Name of the Vulnerable Software and Affected Versions WeKan versions prior to 8.19 Description WeKan contains an authorization issue in certain card update API paths. These paths only validate read access to a board instead of requiring write permission. This allows users with read-only roles to...

7.1CVSS5.4AI score0.00277EPSS
Exploits0References6
CISA KEV Catalog
CISA KEV Catalog
added 2023/07/25 12:0 a.m.113 views

Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability

Ivanti Endpoint Manager Mobile EPMM, previously branded MobileIron Core contains an authentication bypass vulnerability that allows unauthenticated access to specific API paths. An attacker with access to these API paths can access personally identifiable information PII such as names, phone...

10CVSS9.2AI score0.99999EPSS
In wildExploits14
FreeBSD
FreeBSD
added 2015/06/22 12:0 a.m.32 views

devel/ipython -- remote execution

Kyle Kelley reports: Summary: JSON error responses from the IPython notebook REST API contained URL parameters and were incorrectly reported as text/html instead of application/json. The error messages included some of these URL params, resulting in a cross site scripting attack. This affects use...

6.1CVSS6.6AI score0.01762EPSS
Exploits0References1
Rows per page
Query Builder