Lucene search
+L

4 matches found

ptsecurity
ptsecurity
added 2026/06/25 12:0 a.m.14 views

PT-2026-52656

Name of the Vulnerable Software and Affected Versions Lemur versions prior to 1.9.0 Lemur version 1.9.0 Description The JWT verifier in the lemur/lemur/auth/service.py component trusts the alg header field from unverified tokens and passes it directly into the pyjwt.decode function via the...

4.8CVSS6.1AI score
Exploits0References8
cnnvd
cnnvd
added 2025/03/10 12:0 a.m.5 views

Passbolt 安全漏洞

Passbolt is an open source password manager from the French company Passbolt. A security vulnerability exists in versions prior to Passbolt 5, which stems from a server misconfiguration that could result in the sending of e-mail with an attacker-controlled HTTP Host header domain...

7.5CVSS6.7AI score0.00172EPSS
Exploits0References2
osv
osv
added 2022/08/20 10:4 a.m.7 views

MGASA-2022-0289 Updated apache-mod_wsgi packages fix security vulnerability

It was discovered that mod-wsgi did not correctly remove the X-Client-IP header when processing requests from untrusted proxies. A remote attacker could use this issue to pass the header to WSGI applications, contrary to expectations CVE-2022-2255...

7.5CVSS7.5AI score0.0069EPSS
Exploits1References3
cnnvd
cnnvd
added 2022/07/18 12:0 a.m.30 views

Laminas Project diactoros 环境问题漏洞

Laminas Project diactoros is a PSR HTTP message implementation of Laminas Project. An environment issue vulnerability exists in Laminas Project diactoros, which can be exploited by an attacker to add a new header to laminas-dictoros via Security/x Forwarded Header...

7.2CVSS6.6AI score0.00615EPSS
Exploits0References5
Rows per page
Query Builder