Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3968 matches found

Prion
Prionadded 2020/06/03 11:15 p.m.30 views

Security feature bypass

In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes 2400 individual settings entries over and over again. The attack causes th...

5CVSS7.5AI score0.01247EPSS
Exploits0References14Affected Software10
Debian CVE
Debian CVEadded 2020/06/03 12:0 a.m.40 views

CVE-2020-11080

In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes 2400 individual settings entries over and over again. The attack causes th...

7.5CVSS7AI score0.01247EPSS
Exploits0
CVE
CVEadded 2020/06/02 3:5 p.m.53 views

CVE-2019-14039

CVE-2019-14039 is an out-of-bounds read in the Qualcomm Snapdragon hardware/firmware stack. The issue arises from an incorrect boundary check in the ADM callback function when processing payloads in command responses, affecting multiple Snapdragon families (Auto, Compute, Consumer IoT, Industrial...

7.1CVSS7.6AI score0.00043EPSS
Exploits0References1Affected Software1
Kitploit
Kitploitadded 2020/04/15 12:0 p.m.47 views

crauEmu - An uEmu Extension For Developing And Analyzing Payloads For Code-Reuse Attacks

crauEmu is an uEmu extension for developing and analyzing payloads for code-reuse attacks. Slides from ZeroNights 2019 Demo 1 - X32-64, Edge, rop-gadgets from pwnjs Demo 2 - ARM64, checkm8 callback-chain Mascot designed by@kottsarapkin RopEditor Installation 1. Put the file crauEmu.py in same...

7.4AI score
Exploits0References6
Hacker One
Hacker Oneadded 2020/04/10 12:1 p.m.69 views

BTFS: XSS on remote.bittorrent.com

Hi security team, ı found xss on your subdomain. this is includes callback function. url : https://remote.bittorrent.com/talon/logout?message= Impact fix them...

0.9AI score
Exploits0
RedhatCVE
RedhatCVEadded 2020/03/30 2:26 p.m.18 views

CVE-2019-19525

A use-after-free flaw was found in the ieee802154 network subsystem in the Linux kernel. A malicious USB device could cause the exploit when a disconnect callback is accessing the hardware-descriptor private data after having it freed by the atusbdisconnect driver. Mitigation Mitigation for this...

6.8CVSS0.7AI score0.00109EPSS
Exploits0References7
BDU FSTEC
BDU FSTECadded 2020/03/18 12:0 a.m.1 views

The vulnerability of the OAuth2 extension for the software environment used to implement the MediaWiki hypertext environment allows a hacker to perform cross-site request forgeing attacks.

The vulnerability of the OAuth2 extension for implementing the MediaWiki hypertext environment is related to the absence of a check on the OAuth2 status parameter in the callback function. Exploiting this vulnerability allows a malicious actor to perform cross-site forged requests...

10CVSS7.5AI score0.00282EPSS
Exploits0References4Affected Software1
Kitploit
Kitploitadded 2020/02/29 8:40 p.m.129 views

Extended-SSRF-Search - Smart SSRF Scanner Using Different Methods Like Parameter Brute Forcing In Post And Get...

This tool search for SSRF using predefined settings in different parts of a request path, host, headers, post and get parameters. First step Rename example.app-settings.conf to app-settings.conf and adjust settings. The most important setting is the callback url. I recommend to use burp...

7.1AI score
Exploits0References1
Prion
Prionadded 2020/02/27 8:15 p.m.11 views

Design/Logic Flaw

In Cloud Foundry UAA, versions prior to 74.14.0, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function when authenticating with external identity providers...

6.8CVSS8.5AI score0.0021EPSS
Exploits0References1Affected Software2
OSV
OSVadded 2020/02/26 7:54 p.m.1 views

GHSA-3M93-M4Q6-MC6V Inclusion of Sensitive Information in Log Files and Improper Output Neutralization for Logs in Ansible

Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag nolog set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data...

6.5CVSS6.8AI score0.00859EPSS
Exploits1References17
Veracode
Veracodeadded 2020/02/26 3:7 a.m.18 views

Authentication Bypass

cardgate/magento2 is vulnerable to authentication bypass. The Instant Payment Notification IPN callback processing function in Controller/Payment/Callback.php fails to authenticate the origin of IPN callback requests, allowing an attacker to spoof payments by sending the request with a valid...

8.1CVSS3.6AI score0.00169EPSS
Exploits5References4Affected Software1
0day.today
0day.todayadded 2020/02/26 12:0 a.m.182 views

Magento WooCommerce CardGate Payment Gateway 2.0.30 - Payment Process Bypass Exploit

Exploit for php platform in category web applications Exploit Title: Magento WooCommerce CardGate Payment Gateway 2.0.30 - Payment Process Bypass Exploit Author: GeekHack Vendor Homepage: https://www.cardgate.com www.curopayments.com Software Link:...

0.1AI score0.00169EPSS
Exploits5
0day.today
0day.todayadded 2020/02/26 12:0 a.m.177 views

WordPress WooCommerce CardGate Payment Gateway 3.1.15 Plugin - Payment Process Bypass Exploit

Exploit for php platform in category web applications Exploit Title: WordPress Plugin WooCommerce CardGate Payment Gateway 3.1.15 - Payment Process Bypass Exploit Author: GeekHack Vendor Homepage: https://www.cardgate.com www.curopayments.com Software Link:...

0.2AI score0.0026EPSS
Exploits6
NVD
NVDadded 2020/02/25 2:15 a.m.10 views

CVE-2020-8819

An issue was discovered in the CardGate Payments plugin through 3.1.15 for WooCommerce. Lack of origin authentication in the IPN callback processing function in cardgate/cardgate.php allows an attacker to remotely replace critical plugin settings merchant ID, secret key, etc. and therefore bypass...

8.1CVSS8.2AI score0.0026EPSS
Exploits6References5
NVD
NVDadded 2020/02/25 2:15 a.m.12 views

CVE-2020-8818

An issue was discovered in the CardGate Payments plugin through 2.0.30 for Magento 2. Lack of origin authentication in the IPN callback processing function in Controller/Payment/Callback.php allows an attacker to remotely replace critical plugin settings merchant ID, secret key, etc. and therefor...

8.1CVSS8.2AI score0.00169EPSS
Exploits5References3
OSV
OSVadded 2020/02/25 2:15 a.m.15 views

CVE-2020-8819

An issue was discovered in the CardGate Payments plugin through 3.1.15 for WooCommerce. Lack of origin authentication in the IPN callback processing function in cardgate/cardgate.php allows an attacker to remotely replace critical plugin settings merchant ID, secret key, etc. and therefore bypass...

8.1CVSS6.9AI score
Exploits0References5
Prion
Prionadded 2020/02/25 2:15 a.m.11 views

Authentication flaw

An issue was discovered in the CardGate Payments plugin through 2.0.30 for Magento 2. Lack of origin authentication in the IPN callback processing function in Controller/Payment/Callback.php allows an attacker to remotely replace critical plugin settings merchant ID, secret key, etc. and therefor...

5.5CVSS8AI score0.00169EPSS
Exploits5References3Affected Software2
Prion
Prionadded 2020/02/25 2:15 a.m.12 views

Authentication flaw

An issue was discovered in the CardGate Payments plugin through 3.1.15 for WooCommerce. Lack of origin authentication in the IPN callback processing function in cardgate/cardgate.php allows an attacker to remotely replace critical plugin settings merchant ID, secret key, etc. and therefore bypass...

5.5CVSS8AI score0.0026EPSS
Exploits6References5Affected Software1
CVE
CVEadded 2020/02/25 1:20 a.m.148 views

CVE-2020-8818

CVE-2020-8818 affects the CardGate Payments plugin for Magento 2 (up to version 2.0.30). The underlying issue is lack of origin authentication in the IPN callback processing function (Controller/Payment/Callback.php), enabling an attacker to remotely replace critical plugin settings (merchant ID,...

8.1CVSS8AI score0.00169EPSS
Exploits5References3Affected Software1
Cvelist
Cvelistadded 2020/02/25 1:20 a.m.14 views

CVE-2020-8818

An issue was discovered in the CardGate Payments plugin through 2.0.30 for Magento 2. Lack of origin authentication in the IPN callback processing function in Controller/Payment/Callback.php allows an attacker to remotely replace critical plugin settings merchant ID, secret key, etc. and therefor...

8.2AI score0.00169EPSS
Exploits5References3
Rows per page
Query Builder