Lucene search
+L

4 matches found

osv
osv
added 2026/03/12 2:51 p.m.4 views

GHSA-QP4C-XG64-7C6X @backstage/plugin-auth-backend: SSRF in experimental CIMD metadata fetch

Impact A Server-Side Request Forgery SSRF vulnerability exists in @backstage/plugin-auth-backend when auth.experimentalClientIdMetadataDocuments.enabled is set to true. The CIMD metadata fetch validates the initial clientid hostname against private IP ranges but does not apply the same validation...

6.3CVSS5.8AI score0.00292EPSS
Exploits0References4
osv
osv
added 2025/06/10 2:52 p.m.4 views

CVE-2025-27505 GeoServer Missing Authorization on REST API Index

GeoServer is an open source server that allows users to share and edit geospatial data. It is possible to bypass the default REST API security and access the index page. The REST API security handles rest and its subpaths but not rest with an extension e.g., rest.html. The REST API index can...

5.3CVSS6.4AI score0.01022EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2024/05/15 12:0 a.m.3 views

PT-2024-26429 · Tor · Tor Arti +1

Name of the Vulnerable Software and Affected Versions: Tor Arti versions prior to 1.2.3 Description: The issue arises when building anonymizing circuits to or from an onion service with 'lite' or 'full' vanguards enabled, where the circuit manager code builds the circuits with one hop too few. Th...

7.3CVSS7.4AI score0.00298EPSS
Exploits0References22
ptsecurity
ptsecurity
added 2024/05/13 12:0 a.m.6 views

PT-2024-26121

Name of the Vulnerable Software and Affected Versions Nautobot versions prior to 1.6.22 Nautobot versions prior to 2.2.4 Description A Nautobot user with admin privileges can modify the BANNER TOP, BANNER BOTTOM, and BANNER LOGIN configuration settings via the "/admin/constance/config/" endpoint...

7.5CVSS7AI score0.00606EPSS
Exploits1References14
Rows per page
Query Builder