Lucene search
K

440 matches found

Gitee
Gitee
added 2025/07/27 4:26 a.m.87 views

JavaDeserH2HC

This repository contains sample codes for the Hackers to Hackers Conference magazine 2017 H2HC. The codes are designed to demonstrate various exploitation techniques, specifically focusing on Java deserialization vulnerabilities. The primary vulnerability class/vector targeted is Java...

8.2AI score
Exploits0
Veracode
Veracode
added 2025/07/18 10:48 a.m.5 views

Sensitive Information Disclosure

io.projectreactor.netty:reactor-netty-http is vulnerable to Sensitive Information Disclosure. The vulnerability is due to credential leakage caused by the HTTP client leaking credentials during chained redirects when explicitly configured to follow redirects...

6.1CVSS5.9AI score0.0034EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/07/16 12:30 p.m.13 views

Reactor Netty HTTP is vulnerable to credential leaks during chained redirects

In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects...

6.1CVSS6.5AI score0.0034EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/07/16 12:30 p.m.4 views

GHSA-4Q2V-9P7V-3V22 Reactor Netty HTTP is vulnerable to credential leaks during chained redirects

In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects...

6.1CVSS6.8AI score0.0034EPSS
Exploits0References4
NVD
NVD
added 2025/07/16 10:15 a.m.19 views

CVE-2025-22227

In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects...

6.1CVSS0.0034EPSS
Exploits0References1
CVE
CVE
added 2025/07/16 9:31 a.m.124 views

CVE-2025-22227

CVE-2025-22227 is described in the initial document as a vulnerability where, in specific scenarios with chained redirects, the Reactor Netty HTTP client leaks credentials if the HTTP client is explicitly configured to follow redirects. The connected IBM bulletins list CVE-2025-22227 among a larg...

6.1CVSS6.7AI score0.0034EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/16 9:31 a.m.38 views

CVE-2025-22227 CVE-2025-22227: Authentication Leak On Redirect With Reactor Netty HTTP Client

In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects...

6.1CVSS0.0034EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/07/16 12:0 a.m.7 views

Reactor Netty 安全漏洞

Reactor Netty is a non-blocking and backpressure-ready TCP/HTTP/UDP/QUIC client and server based on the Netty framework. A security vulnerability exists in Reactor Netty that stems from the Reactor Netty HTTP client disclosing credentials in certain specific scenarios of chained redirection...

6.1CVSS6.2AI score0.0034EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/07/16 12:0 a.m.8 views

PT-2025-29713

Name of the Vulnerable Software and Affected Versions Reactor Netty HTTP client affected versions not specified Description In specific scenarios involving chained redirects, the Reactor Netty HTTP client is susceptible to credential leakage. This issue occurs when the HTTP client is explicitly...

6.1CVSS6.5AI score0.0034EPSS
Exploits0References8
Packet Storm News
Packet Storm News
added 2025/07/08 12:0 a.m.6 views

Bridging AI and Software Security: a Comparative Vulnerability Assessment of LLM Agent Deployment Paradigms

Large Language Model LLM agents face security vulnerabilities spanning AI-specific and traditional software domains, yet current research addresses these separately. This study bridges this gap through comparative evaluation of Function Calling architecture and Model Context Protocol MCP deployme...

7AI score
Exploits0
CNNVD
CNNVD
added 2025/06/18 12:0 a.m.6 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from queuing only chained jobs when the HCI work queue is empty...

5.5CVSS6.4AI score0.00148EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2025/06/10 12:0 a.m.9 views

TimeWak: Temporal Chained-Hashing Watermark for Time Series Data

Synthetic time series generated by diffusion models enable sharing privacy-sensitive datasets, such as patients' functional MRI records. Key criteria for synthetic data include high data utility and traceability to verify the data source. Recent watermarking methods embed in homogeneous latent...

6.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 11:40 a.m.4 views

CVE-2025-24701

Server-Side Request Forgery SSRF vulnerability in Bob Chained Quiz chained-quiz allows Server Side Request Forgery.This issue affects Chained Quiz: from n/a through = 1.3.2.9...

4.4CVSS7.2AI score0.00318EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:43 a.m.11 views

CVE-2024-37921

Missing Authorization vulnerability in Kiboko Labs Chained Quiz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chained Quiz: from n/a through 1.3.2.8...

5.3CVSS6.9AI score0.00371EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:34 a.m.7 views

CVE-2024-37446

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Kiboko Labs Chained Quiz allows Stored XSS.This issue affects Chained Quiz: from n/a through 1.3.2.8...

5.9CVSS6.8AI score0.0026EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 5:28 a.m.6 views

CVE-2023-25027

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Kiboko Labs Chained Quiz plugin = 1.3.2.5 versions...

5.9CVSS5.2AI score0.00394EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:46 a.m.6 views

CVE-2022-4212

The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ipf' parameter on the 'chainedquizlist' page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

6.1CVSS6.4AI score0.00824EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:36 a.m.10 views

CVE-2022-4216

The Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'facebookappid' parameter in versions up to, and including, 1.3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative...

5.5CVSS5.8AI score0.00642EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:35 a.m.12 views

CVE-2022-4210

The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dnf' parameter on the 'chainedquizlist' page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

6.1CVSS6.4AI score0.00824EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:34 a.m.8 views

CVE-2022-4218

The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the listquizzes function. This makes it possible for unauthenticated attackers to delete quizzes and copy quizzes via a forged...

5.4CVSS6.4AI score0.00422EPSS
Exploits1References1
Rows per page
Query Builder