Lucene search
K

182 matches found

Vulnrichment
Vulnrichment
added 2023/04/28 3:10 p.m.8 views

CVE-2023-30853 Gradle Build Action data written to GitHub Actions Cache may expose secrets

Gradle Build Action allows users to execute a Gradle Build in their GitHub Actions workflow. A vulnerability impacts GitHub workflows using the Gradle Build Action prior to version 2.4.2 that have executed the Gradle Build Tool with the configuration cache enabled, potentially exposing secrets...

7.6CVSS7.6AI score0.00285EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/04/06 9:15 p.m.2 views

CVE-2023-1928

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfcpreloadsinglecallback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to initiat...

4.3CVSS6.6AI score0.00386EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2023/04/06 8:15 p.m.6 views

CVE-2023-1918

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfcpreloadsinglecallback function. This makes it possible for unauthenticated attackers to invoke a cache...

4.3CVSS6.6AI score0.00227EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/04/06 7:57 p.m.11 views

CVE-2023-1924 WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_toolbar_save_settings_callback'

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfctoolbarsavesettingscallback function. This makes it possible for unauthenticated attackers to change cache...

4.3CVSS6.6AI score0.00227EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 5:56 a.m.3 views

SUSE CVE-2010-4180

OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSLOPNETSCAPEREUSECIPHERCHANGEBUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network...

4.3CVSS7AI score0.09497EPSS
Exploits0References15
SUSE CVE
SUSE CVE
added 2023/02/15 3:56 a.m.2 views

SUSE CVE-2020-15982

Inappropriate implementation in cache in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page...

6.5CVSS6.6AI score0.01371EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 3:54 a.m.2 views

SUSE CVE-2020-25074

The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution...

9.8CVSS9.6AI score0.06121EPSS
Exploits0References5
NVD
NVD
added 2023/01/23 5:15 p.m.23 views

CVE-2023-0447

The My YouTube Channel plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the clearallcache function in versions up to, and including, 3.0.12.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to clear t...

4.3CVSS4.3AI score0.00591EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/09/29 12:0 a.m.31 views

rdiffweb vulnerable to Use of Cache Containing Sensitive Information

rdiffweb prior to version 2.4.9 is vulnerable to Use of Cache Containing Sensitive Information. Due to improper cache control, an attacker can view sensitive information even if they are not logged into an account. Version 2.4.9 contains a patch for this issue...

4.6CVSS4.9AI score0.00507EPSS
Exploits1References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/04/19 12:0 a.m.6 views

The vulnerability of the load_cache function in the GIMP graphic editor allows a hacker to transfer special application data and execute arbitrary OS commands on the target system.

The vulnerability of the loadcache function in the GIMP graphic editor exists because measures to neutralize the special elements used in the operating system command are not taken. Exploiting this vulnerability allows a malicious actor to transmit special application data and execute arbitrary O...

9.3CVSS7.5AI score0.01439EPSS
Exploits0References9Affected Software5
RedHat Linux
RedHat Linux
added 2022/03/29 7:5 a.m.5 views

workflow-cps-global-lib: Sandbox bypass vulnerability

A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries plugin uses the names of Pipeline libraries to create cache directories without any sanitization. This flaw allows attackers with item/configure permission to execute arbitrary code in the context of the Jenkins controller JVM,...

8.8CVSS6.1AI score0.01571EPSS
Exploits0References4
OSV
OSV
added 2022/01/01 5:15 a.m.6 views

AZL-35013 CVE-2021-44716 affecting package multus for versions less than 4.0.2-1

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

7.5CVSS6.6AI score0.03958EPSS
Exploits0References1
OSV
OSV
added 2021/12/23 1:15 a.m.1 views

UBUNTU-CVE-2021-38009

Inappropriate implementation in cache in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

6.5CVSS7AI score0.00831EPSS
Exploits0References4
Kitploit
Kitploit
added 2021/12/21 8:30 p.m.33 views

Web Cache Vulnerability Scanner - A Go-based CLI Tool For Testing For Web Cache Poisoning

Web Cache Vulnerability Scanner WCVS is a fast and versatile CLI scanner for web cache poisoning developed by Hackmanit. The scanner supports many different web cache poisoning techniques, includes a crawler to identify further URLs to test, and can adapt to a specific web cache for more efficien...

7.1AI score
Exploits0References4
KoreLogic Security
KoreLogic Security
added 2021/09/01 12:0 a.m.45 views

CyberArk Credential Provider Local Cache Can Be Decrypted

Vulnerability Details Affected Vendor: CyberArk Affected Product: Application Access Manager/Credential Provider Affected Version: Prior to 12.1 Platform: Linux/Windows/zOS CWE Classification: CWE-326: Inadequate Encryption Strength CVE ID: CVE-2021-31798 2. Vulnerability Description CyberArk...

4.4CVSS5.3AI score0.00437EPSS
Exploits0Affected Software1
Veracode
Veracode
added 2021/06/23 4:48 a.m.18 views

Insecure Token Validation

github.com/ory/oathkeeper is using an insecure token validation. It bypasses token claim validation once a token is in the cache. The vulnerability exists only when caching is not disabled...

7.5CVSS1.8AI score0.01298EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/03/21 12:0 a.m.6 views

The vulnerability of the Google Chrome browser’s cache component, which allows a perpetrator to access confidential data

The vulnerability of the Google Chrome browser’s cache component is related to issues with the use of cryptography. Exploiting this vulnerability could allow a remote attacker to gain access to confidential data...

5.3CVSS6.9AI score0.01371EPSS
Exploits0References11Affected Software5
OSV
OSV
added 2021/01/27 5:17 p.m.2 views

DRUPAL-CONTRIB-2021-001

The optional Social Auth Extra module enables you to use the single sign-on methods provided by Open Social e.g. Facebook, LinkedIn, Google and Twitter. The module doesn't implement a proper cache strategy for anonymous users allowing the registration form to be cached with disclosed information ...

6.5AI score
Exploits0References1
OSV
OSV
added 2020/11/09 12:0 a.m.1 views

UBUNTU-CVE-2020-25074

The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution...

9.8CVSS7.5AI score0.06121EPSS
Exploits0References5
OSV
OSV
added 2020/09/25 6:15 a.m.4 views

CVE-2020-26112

The email quota cache in cPanel before 90.0.10 allows overwriting of files...

7.5CVSS5.8AI score0.00872EPSS
Exploits0References1
Rows per page
Query Builder