Lucene search
K

128 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 6:28 p.m.8 views

CVE-2021-3116

beforeupstreamconnection in AuthPlugin in http/proxy/auth.py in proxy.py before 2.3.1 accepts incorrect Proxy-Authorization header data because of a boolean confusion and versus or...

7.5CVSS6.8AI score0.01673EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:21 a.m.8 views

CVE-2019-16332

In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS...

6.1CVSS6.8AI score0.05698EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:45 a.m.8 views

CVE-2019-10280

Jenkins Assembla Auth Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

8.8CVSS6.7AI score0.01773EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:54 a.m.6 views

CVE-2019-19684

nopCommerce v4.2.0 allows privilege escalation via file upload in Presentation/Nop.Web/Admin/Areas/Controllers/PluginController.cs via Admin/FacebookAuthentication/Configure because it is possible to upload a crafted Facebook Auth plugin...

8.8CVSS7.1AI score0.01575EPSS
Exploits1References1
Wolfi
Wolfi
added 2025/02/25 3:16 p.m.61 views

GHSA-FGQ5-Q76C-GX78 vulnerabilities

Vulnerabilities for packages: thanos, secrets-store-csi-driver-provider-aws, aws-flb-firehose, datadog-agent, local-path-provisioner, secrets-store-csi-driver-provider-azure, crossplane-provider-azure, tailscale, kor, nri-nginx, dockerize, flux-image-automation-controller, prometheus-operator,...

5.9AI score
Exploits0
Wolfi
Wolfi
added 2025/02/25 3:16 p.m.50 views

GHSA-J6M3-GC37-6R6Q vulnerabilities

Vulnerabilities for packages: thanos, secrets-store-csi-driver-provider-aws, aws-flb-firehose, datadog-agent, local-path-provisioner, secrets-store-csi-driver-provider-azure, crossplane-provider-azure, tailscale, kor, nri-nginx, dockerize, flux-image-automation-controller, prometheus-operator,...

5.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/14 11:39 a.m.10 views

CVE-2024-32638

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Apache APISIX when using forward-auth plugin.This issue affects Apache APISIX: from 3.8.0, 3.9.0. Users are recommended to upgrade to version 3.8.1, 3.9.1 or higher, which fixes the issue...

6.3CVSS6.9AI score0.01065EPSS
Exploits0References1
CVE
CVE
added 2025/01/22 2:31 p.m.63 views

CVE-2025-23506

CVE-2025-23506 is a Reflected XSS in the WP IMAP Auth plugin affecting versions up to 4.0.1 (NotFound WP IMAP Auth). The root cause is improper neutralization of input during web page generation. CVSS 3.1 base score 7.1 (HIGH) with NETWORK attacker, no user privileges, and user interaction requir...

7.1CVSS7.2AI score0.00412EPSS
Exploits0References1
Veracode
Veracode
added 2024/12/16 12:38 p.m.11 views

Session Fixation

org.jenkins-ci.plugins, oic-auth is vulnerable to Session Fixation. The vulnerability is due to the plugin failing to invalidate the previous session on login, allowing an attacker to reuse an old session...

8.8CVSS6.7AI score0.00613EPSS
Exploits0References3Affected Software1
vulnersOsv
vulnersOsv
added 2024/12/04 9:30 p.m.7 views

ai.wavemaker.runtime:wavemaker-app-runtime-core (>=1.0.0-20260516144515 <=1.0.0.ee-20260528111216), cc.zzzyu.nacos:default-auth-plugin (=3.1.1) +140 more potentially affected by CVE-2024-38829 via org.springframework.ldap:spring-ldap-core (>=3.0.0 <=3.2.7)

org.springframework.ldap:spring-ldap-core MAVEN version =3.0.0, =1.0.0-20260516144515, =0.0.11, =4.7.1, =4.7.1, =4.7.1, =4.7.1, =4.7.1, =4.7.1, =4.7.1, =4.7.1, =4.7.1, =4.11.5 and more Source cves: CVE-2024-38829 Source advisory: OSV:GHSA-MQVR-2RP8-J7H4...

3.7CVSS5.7AI score0.00376EPSS
Exploits0
OSV
OSV
added 2024/05/04 7:16 a.m.22 views

BIT-APISIX-2024-32638 Apache APISIX: Forward-Auth Request Smuggling

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Apache APISIX when using forward-auth plugin.This issue affects Apache APISIX: from 3.8.0, 3.9.0. Users are recommended to upgrade to version 3.8.1, 3.9.1 or higher, which fixes the issue...

6.3CVSS6.3AI score0.01065EPSS
Exploits0References3
NVD
NVD
added 2024/05/02 10:15 a.m.16 views

CVE-2024-32638

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Apache APISIX when using forward-auth plugin.This issue affects Apache APISIX: from 3.8.0, 3.9.0. Users are recommended to upgrade to version 3.8.1, 3.9.1 or higher, which fixes the issue...

6.3CVSS6.6AI score0.01065EPSS
Exploits0References2
CVE
CVE
added 2024/05/02 9:20 a.m.118 views

CVE-2024-32638

This CVE (CVE-2024-32638) concerns Apache APISIX and the forward-auth plugin, where an Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling) vulnerability exists. Affected versions are APISIX 3.8.0 and 3.9.0; upgrading to 3.8.1, 3.9.1, or newer mitigates the issue. The vulnerabili...

6.3CVSS6.4AI score0.01065EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.4 views

PT-2024-24735 · Apache · Apache Apisix

Name of the Vulnerable Software and Affected Versions: Apache APISIX versions 3.8.0 through 3.9.0 Description: The issue is related to an Inconsistent Interpretation of HTTP Requests, also known as 'HTTP Request Smuggling', in Apache APISIX when using the forward-auth plugin. Recommendations: For...

6.3CVSS6.3AI score0.01065EPSS
Exploits0References11
Wolfi
Wolfi
added 2023/10/10 9:28 p.m.43 views

GHSA-QPPJ-FM5R-HXR3 vulnerabilities

Vulnerabilities for packages: haproxy-ingress, wireguard-go, conftest, stakater-reloader, grpcurl, kots, dex, kubescape, terraform-provider-sendgrid, aactl, dgraph, node-problem-detector, hugo, kaf, nodetaint, scorecard, amass, nginx-mainline, flux-source-controller, memcached-exporter,...

5.9AI score
Exploits0
Prion
Prion
added 2023/10/03 2:15 p.m.21 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Sami Ahmed Siddiqui HTTP Auth plugin = 0.3.2 versions...

6.8CVSS8.8AI score0.00194EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/10/03 1:7 p.m.56 views

CVE-2023-27435

The CVE-2023-27435 entry concerns the WordPress HTTP Auth Plugin, vulnerable in versions 0.3.2, with patch 1.0.0 indicated as the fix. Exploitability details in the connected docs show unauthenticated access as a consideration; exploitation status is not definitively provided beyond the CSRF cla...

8.8CVSS7.5AI score0.00194EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/10/03 1:7 p.m.22 views

CVE-2023-27435 WordPress HTTP Auth Plugin <= 0.3.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Sami Ahmed Siddiqui HTTP Auth plugin = 0.3.2 versions...

6.3CVSS9.1AI score0.00194EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/10/03 12:0 a.m.9 views

PT-2023-21124 · Unknown · Sami Ahmed Siddiqui Http Auth Plugin

Name of the Vulnerable Software and Affected Versions: Sami Ahmed Siddiqui HTTP Auth plugin versions 0.3.2 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended...

8.8CVSS8.7AI score0.00194EPSS
Exploits0References5
Prion
Prion
added 2023/09/06 1:15 p.m.27 views

Code injection

Jenkins Assembla Auth Plugin 1.14 and earlier does not verify that the permissions it grants are enabled, resulting in users with EDIT permissions to be granted Overall/Manage and Overall/SystemRead permissions, even if those permissions are disabled and should not be granted...

6.5CVSS8.5AI score0.00551EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder