Lucene search
K

83 matches found

vulnersOsv
vulnersOsv
added 2026/03/20 12:31 a.m.9 views

africa.absa:inception-api (>=1.1.0 <=1.2.0), africa.absa:inception-codes-api (>=1.1.0 <=1.2.0) +10651 more potentially affected by CVE-2026-22737 via org.springframework:spring-webmvc (>=5.3.0 <=5.3.39)

org.springframework:spring-webmvc MAVEN version =5.3.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =4.4.0.2, =j11.2.6.0, =j11.2.6.0, =j11.2.6.0, =j11.2.6.2 and more Source cves: CVE-2026-22737 Source advisory: OSV:GHSA-4773-3JFM-QMX3...

5.9CVSS6AI score0.00385EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/03/05 12:0 a.m.149 views

📄 Juniper JunosEvolved Remote Command Execution

This Metasploit module exploits an unauthenticated command injection vulnerability in the Juniper JunosEvolved API. The exploit workflow involves creating a custom command entity, mapping it to a Directed Acyclic Graph DAG, and triggering an execution instance. The module uses a non-destructive...

9.8CVSS6.1AI score0.17709EPSS
Exploits2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-19625

Malicious code in bioql PyPI...

8.2CVSS6.4AI score0.00343EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2019-0192

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a...

9.8CVSS7.6AI score0.77508EPSS
Exploits1References2
OSV
OSV
added 2025/07/10 8:15 a.m.5 views

UBUNTU-CVE-2025-38284

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: pci: configure manual DAC mode via PCI config API only To support 36-bit DMA, configure chip proprietary bit via PCI config API or chip DBI interface. However, the PCI device mmap isn't set yet and the DBI is also...

5.5CVSS5.8AI score0.00137EPSS
Exploits0References12
Cvelist
Cvelist
added 2025/07/10 7:42 a.m.9 views

CVE-2025-38284 wifi: rtw89: pci: configure manual DAC mode via PCI config API only

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: pci: configure manual DAC mode via PCI config API only To support 36-bit DMA, configure chip proprietary bit via PCI config API or chip DBI interface. However, the PCI device mmap isn't set yet and the DBI is also...

0.00137EPSS
Exploits0References2
NVD
NVD
added 2025/07/01 2:15 a.m.7 views

CVE-2025-53003

The Janssen Project is an open-source identity and access management IAM platform. Prior to version 1.8.0, the Config API returns results without scope verification. This has a large internal surface attack area that exposes all sorts of information from the IDP including clients, users, scripts...

8.2CVSS0.00343EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/07/01 1:22 a.m.6 views

CVE-2025-53003 Janssen Config API returns results without scope verification

The Janssen Project is an open-source identity and access management IAM platform. Prior to version 1.8.0, the Config API returns results without scope verification. This has a large internal surface attack area that exposes all sorts of information from the IDP including clients, users, scripts...

8.2CVSS6.8AI score0.00343EPSS
Exploits0References4
CVE
CVE
added 2025/07/01 1:22 a.m.36 views

CVE-2025-53003

The Janssen Project Config API was vulnerable before version 1.8.0 due to lack of scope verification, exposing information from the IDP (clients, users, scripts, etc.). The issue has been fixed in 1.8.0. A recommended workaround mentioned in the sources is to fork and patch the Config API followi...

8.2CVSS6.6AI score0.00343EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/07/01 1:22 a.m.12 views

CVE-2025-53003 Janssen Config API returns results without scope verification

The Janssen Project is an open-source identity and access management IAM platform. Prior to version 1.8.0, the Config API returns results without scope verification. This has a large internal surface attack area that exposes all sorts of information from the IDP including clients, users, scripts...

8.2CVSS0.00343EPSS
Exploits0References4
OSV
OSV
added 2025/07/01 1:22 a.m.5 views

CVE-2025-53003 Janssen Config API returns results without scope verification

The Janssen Project is an open-source identity and access management IAM platform. Prior to version 1.8.0, the Config API returns results without scope verification. This has a large internal surface attack area that exposes all sorts of information from the IDP including clients, users, scripts...

8.2CVSS6.3AI score0.00343EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/06/30 5:52 p.m.10 views

Janssen Config API returns results without scope verification

Impact What kind of vulnerability is it? Who is impacted? The configAPI is an internal service and hence should never be exposed to the internet. With that said, this is a serious vulnerability that has a large internal surface attack area that exposes all sorts of information from the IDP...

8.2CVSS6.5AI score0.00343EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2025/06/30 5:52 p.m.3 views

GHSA-373J-MHPF-84WG Janssen Config API returns results without scope verification

Impact What kind of vulnerability is it? Who is impacted? The configAPI is an internal service and hence should never be exposed to the internet. With that said, this is a serious vulnerability that has a large internal surface attack area that exposes all sorts of information from the IDP...

8.2CVSS6.8AI score0.00343EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/06/30 12:0 a.m.4 views

PT-2025-27496 · Gluu Flex +1 · Gluu Flex +1

Name of the Vulnerable Software and Affected Versions: Janssen Project versions prior to 1.8.0 Gluu Flex versions prior to 5.8.0 Description: The Janssen Project is an open-source identity and access management IAM platform. Prior to version 1.8.0, the Config API returns results without scope...

8.2CVSS5.9AI score0.00343EPSS
Exploits0References14
vulnersOsv
vulnersOsv
added 2024/12/19 6:31 p.m.8 views

RPD:bmc-rpd (=1.1), aendter.jenkins.plugins:filesystem-list-parameter-plugin (>=0.0.1 <=0.0.6) +25453 more potentially affected by CVE-2024-38819 via org.springframework:spring-webmvc (>=1.2.1 <=5.3.39)

org.springframework:spring-webmvc MAVEN version =1.2.1, =0.0.1, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =4.4.0.0, =0.0.12, =0.1.15 and more Source cves: CVE-2024-38819 Source advisory: OSV:GHSA-G5VR-RGQM-VF78...

7.5CVSS6.6AI score0.54862EPSS
Exploits6
vulnersOsv
vulnersOsv
added 2024/10/18 6:30 a.m.17 views

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +37176 more potentially affected by CVE-2024-38820 via org.springframework:spring-web (>=1.2.1 <=5.3.4)

org.springframework:spring-web MAVEN version =1.2.1, =1.1, =0.0.1, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.2.0 and more Source cves: CVE-2024-38820 Source advisory: OSV:GHSA-4GC7-5J7H-4QPH...

5.3CVSS6.6AI score0.00631EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2024/03/16 6:30 a.m.18 views

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +36815 more potentially affected by CVE-2024-22259 via org.springframework:spring-web (>=1.2.1 <=5.3.32)

org.springframework:spring-web MAVEN version =1.2.1, =1.1, =0.0.1, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.2.0 and more Source cves: CVE-2024-22259 Source advisory: OSV:GHSA-HGJH-9RJ2-G67J...

8.1CVSS6.6AI score0.02573EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2023/10/24 10:42 p.m.14 views

CVE-2023-46125 Fides Information Disclosure Vulnerability in Config API Endpoint

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows users to retrieve its configuration using the GET api/v1/config endpoint. The...

6.5CVSS6.3AI score0.00722EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/10/24 10:42 p.m.46 views

CVE-2023-46125 Fides Information Disclosure Vulnerability in Config API Endpoint

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows users to retrieve its configuration using the GET api/v1/config endpoint. The...

6.5CVSS6.5AI score0.00722EPSS
Exploits0References3
OSV
OSV
added 2023/10/24 2:21 a.m.31 views

GHSA-RJXG-RPG3-9R89 Fides Information Disclosure Vulnerability in Config API Endpoint

Impact The Fides webserver API allows users to retrieve its configuration using the GET api/v1/config endpoint. The configuration data is filtered to suppress most sensitive configuration information before it is returned to the user, but even the filtered data contains information about the...

6.5CVSS6.3AI score0.00722EPSS
Exploits0References5
Rows per page
Query Builder