Lucene search
K

2007 matches found

CVE
CVE
added 2025/03/27 11:24 a.m.74 views

CVE-2025-31139

JetBrains TeamCity prior to 2025.03 exposes base64 encoded passwords in build logs (CVE-2025-31139). Affects JetBrains TeamCity (CI/CD server); vulnerability arises from passwords being logged in base64 form. Impact: potential credential exposure. Mitigation: upgrade to version 2025.03 or later o...

6.5CVSS4.8AI score0.00944EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/03/20 10:9 a.m.42 views

CVE-2024-10190

Horovod CVE-2024-10190 affects v0.28.1 and earlier. The vulnerability is due to ElasticRendezvousHandler.do_PUT/_put_value decoding base64 data and ultimately calling cloudpickle.loads, enabling an unauthenticated attacker to supply a malicious pickle object via a PUT request and achieve arbitrar...

9.8CVSS9.9AI score0.01021EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2012-3359

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Luci in Red Hat Conga stores the user's username and password in a Base64 encoded string in the ac session cookie, which allows attackers to gain privileges by...

3.7CVSS5.9AI score0.0034EPSS
Exploits0References2
Zero Day Initiative
Zero Day Initiative
added 2025/01/09 12:0 a.m.9 views

SonicWALL NSv Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of SonicWALL NSv. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Base64-encoded session cookies. The issue results from an incorrect...

9.8CVSS9.8AI score0.95132EPSS
Exploits0References1
NVD
NVD
added 2025/01/06 5:15 p.m.17 views

CVE-2023-6601

A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions...

4.7CVSS0.00397EPSS
Exploits1References2
CVE
CVE
added 2025/01/06 4:41 p.m.249 views

CVE-2023-6601

CVE-2023-6601 is a vulnerability in FFmpeg’s HLS demuxer that enables bypassing unsafe file extension checks and triggering arbitrary demuxers via base64 data URIs with specific extensions. Public details in the provided connected advisories attribute the issue to FFmpeg and acknowledge fixes in ...

4.7CVSS4.8AI score0.00397EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2025/01/02 5:15 p.m.16 views

CVE-2024-11717

Tokens in CTFd used for account activation and password resetting can be used interchangeably for these operations. When used, they are sent to the server as a GET parameter and they are not single use, which means, that during token expiration time an on-path attacker might reuse such a token to...

6.3CVSS0.0064EPSS
Exploits0References6
Hacker One
Hacker One
added 2024/12/26 3:35 p.m.8 views

U.S. Dept Of Defense: Secret Access Key of AWS Firehose Disclosure

The domain had an endpoint that contained the secret access key of an AWS Firehose delivery stream encoded in base64. The secret access key was disclosed, allowing the record to be put into the Firehose delivery stream...

6.9AI score
Exploits0
Veracode
Veracode
added 2024/12/04 11:50 a.m.14 views

Arbitrary File Read

craftcms/cms is vulnerable to arbitrary file read. The vulnerability is due to the exploitation of the dataUrl function, which allows attackers with write permissions on system notification templates to embed and exfiltrate Base64-encoded file content via triggered email notifications...

7.7CVSS6.8AI score0.00657EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2024/11/13 4:8 p.m.64 views

CVE-2024-52292

CVE-2024-52292 affects Craft CMS. The dataUrl function can exfiltrate the contents of arbitrary server files when an attacker has write permissions on system notification templates and can trigger a system email. By embedding a path to a sensitive file, the Base64-encoded content is sent via an e...

7.7CVSS6.7AI score0.00657EPSS
Exploits1References1Affected Software1
The Hacker News
The Hacker News
added 2024/10/22 2:0 p.m.13 views

Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks

Bad actors have been observed targeting Docker remote API servers to deploy the SRBMiner crypto miner on compromised instances, according to new findings from Trend Micro. "In this attack, the threat actor used the gRPC protocol over h2c to evade security solutions and execute their crypto mining...

7.9AI score
Exploits0
GithubExploit
GithubExploit
added 2024/10/15 11:51 p.m.274 views

Exploit for CVE-2023-25581

This Python script demonstrates the exploitation of the CVE-2023...

9.2CVSS8.1AI score0.01949EPSS
Exploits1
NVD
NVD
added 2024/09/16 9:15 p.m.11 views

CVE-2024-45414

The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in webPrivateDecrypt function. This function is responsible for decrypting RSA encrypted ciphertext, the encrypted data is supplied base64 encoded. The decoded ciphertext is stored on the stack without checki...

9.8CVSS0.00483EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2024/09/12 12:0 a.m.310 views

3DSecure 2.0 3DS Authorization Method Cross Site Scripting

Product: 3DSecure 2.0 Manufacturer: Redsys Affected Versions: 3DSecure 2.0 3DS Authorization Method Tested Versions: 3DSecure 2.0 3DS Authorization Method Vulnerability Type: Cross-Site Scripting XSS Risk Level: Medium Solution Status: Not yet fixed Manufacturer Notification: 2024-01-17 Solution...

7.4AI score
Exploits1
Packet Storm
Packet Storm
added 2024/09/12 12:0 a.m.384 views

3DSecure 2.0 3DS Method Authentication Cross Site Scripting

Product: 3DSecure 2.0 Manufacturer: Redsys Affected Versions: 3DSecure 2.0 3DS Method Authentication Tested Versions: 3DSecure 2.0 3DS Method Authentication Vulnerability Type: Cross-Site Scripting XSS Risk Level: Medium Solution Status: Not yet fixed Manufacturer Notification: 2024-01-17 Solutio...

7.4AI score
Exploits1
OSV
OSV
added 2024/08/29 8:52 a.m.5 views

MAL-2024-8726 Malicious code in invokehttp (PyPI)

The init.py contains a call to execute a Base64-encoded script to download a second stage payload. --- -= Per source details. Do not edit below this line.=- Source: kam193 e3374942a3d2de4ea1f9444223c351c0ef5356c571a08e8ddb62144f7564def0 In the invokehttp, the init.py contains obfuscated code...

7.4AI score
Exploits0References3
The Hacker News
The Hacker News
added 2024/08/02 4:16 p.m.17 views

APT28 Targets Diplomats with HeadLace Malware via Car Sale Phishing Lure

A Russia-linked threat actor has been linked to a new campaign that employed a car for sale as a phishing lure to deliver a modular Windows backdoor called HeadLace. "The campaign likely targeted diplomats and began as early as March 2024," Palo Alto Networks Unit 42 said in a report published...

7.1AI score
Exploits0
Friends Of PHP
Friends Of PHP
added 2024/07/17 12:24 a.m.30 views

CVE-2024-32981 - XSS Vulnerability with text/html base64-encoded payload

More info at https://www.silverstripe.org/download/security-releases/cve-2024-32981...

5.4CVSS6.8AI score0.00346EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2024/06/27 4:23 a.m.47 views

CVE-2024-39459

A vulnerability was found in the Jenkins Plain Credentials Plugin, which stores secret file credentials unencrypted only Base64 encoded on the Jenkins controller file system. Users with access to the Jenkins controller file system global credentials or with Item/Extended Read permission...

6.5CVSS6.3AI score0.00419EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/06/26 6:30 p.m.18 views

Secret file credentials stored unencrypted in rare cases by Plain Credentials Plugin

When creating secret file credentials Plain Credentials Plugin 182.v468b97b9dcb8 and earlier attempts to decrypt the content of the file to check if it constitutes a valid encrypted secret. In rare cases the file content matches the expected format of an encrypted secret, and the file content wil...

4.3CVSS6.4AI score0.00419EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder