Lucene search
K

30 matches found

HackRead
HackRead
added 2026/02/04 8:48 a.m.8 views

Phishing Campaigns Abuse Trusted Cloud Platforms, Raising New Risks for Enterprises

ANY.RUN experts report a surge in phishing campaigns abusing trusted cloud and CDN platforms to bypass security controls and target enterprise users...

5.4AI score
Exploits0
Snyk
Snyk
added 2026/01/22 6:6 p.m.3 views

Use of Cache Containing Sensitive Information

Overview Umbraco.Forms is an a form creator that's as easy to use. Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information due to aggressive cache headers being set by default when processing uploads with ImageSharp, which can cause intermediary caches or...

3.1CVSS5.7AI score
Exploits0References2
Packet Storm News
Packet Storm News
added 2025/12/06 12:0 a.m.6 views

Web Technologies Security in the AI Era: A Survey of CDN-Enhanced Defenses

The modern web stack, which is dominated by browser-based applications and API-first backends, now operates under an adversarial equilibrium where automated, AI-assisted attacks evolve continuously. Content Delivery Networks CDNs and edge computing place programmable defenses closest to users and...

6.8AI score
Exploits0
EUVD
EUVD
added 2025/11/21 1:29 a.m.14 views

EUVD-2025-198354

The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js. In authkit-nextjs version 2.11.0 and below, authenticated responses do not defensively apply anti-caching headers. In environments where CDN caching is enable...

9.3CVSS6.8AI score0.00342EPSS
Exploits0References4
OSV
OSV
added 2025/11/21 1:29 a.m.8 views

CVE-2025-64762 authkit-nextjs may let session cookies be cached in CDNs

The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js. In authkit-nextjs version 2.11.0 and below, authenticated responses do not defensively apply anti-caching headers. In environments where CDN caching is enable...

9.3CVSS7.3AI score0.00342EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-22463

Malicious code in bioql PyPI...

7.7CVSS6.3AI score0.00236EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/10 9:17 p.m.10 views

CVE-2025-57816

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Webserver API's built-in IP-based rate limiting is ineffective in environments with CDNs, proxies or load balancers. The system incorrectly applies rate limits based on directly connected infrastructure IPs...

7.5CVSS6.7AI score0.00406EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/08 12:0 a.m.9 views

PT-2025-36509

Name of the Vulnerable Software and Affected Versions: Fides versions prior to 2.69.1 Description: Fides is an open-source privacy engineering platform. The built-in IP-based rate limiting in the Fides Webserver API is ineffective in environments utilizing CDNs, proxies, or load balancers. The...

7.5CVSS6AI score0.00406EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2025/08/15 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-4439

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed...

7.7CVSS5.4AI score0.00236EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/07/25 6:26 p.m.8 views

CVE-2025-4439

An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed an authenticated user to perform cross-site scripting attacks when the instance is served through certain content delivery networks...

7.7CVSS6.1AI score0.00236EPSS
Exploits0References1
NVD
NVD
added 2025/07/23 6:15 p.m.4 views

CVE-2025-4439

An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed an authenticated user to perform cross-site scripting attacks when the instance is served through certain content delivery networks...

7.7CVSS0.00236EPSS
Exploits0References2
OSV
OSV
added 2025/07/23 6:15 p.m.2 views

UBUNTU-CVE-2025-4439

An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed an authenticated user to perform cross-site scripting attacks when the instance is served through certain content delivery networks...

7.7CVSS5.7AI score0.00236EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/07/23 6:9 p.m.3 views

CVE-2025-4439 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed an authenticated user to perform cross-site scripting attacks when the instance is served through certain content delivery networks...

7.7CVSS5.5AI score0.00236EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2025/07/23 6:9 p.m.3 views

CVE-2025-4439

An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed an authenticated user to perform cross-site scripting attacks when the instance is served through certain content delivery networks...

7.7CVSS5.7AI score0.00236EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2025/07/23 6:9 p.m.37 views

CVE-2025-4439

CVE-2025-4439 : In GitLab CE/EE, versions 15.10 up to before 18.0.5, 18.1 up to before 18.1.3, and 18.2 up to before 18.2.1 are affected by a cross-site scripting vulnerability (CVE-2025-4439) described as an issue of improper neutralization of input during web page generation. The flaw could all...

7.7CVSS5.5AI score0.00236EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/07/23 6:9 p.m.4 views

CVE-2025-4439 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed an authenticated user to perform cross-site scripting attacks when the instance is served through certain content delivery networks...

7.7CVSS5.8AI score0.00236EPSS
Exploits0References5
HackRead
HackRead
added 2025/01/21 1:22 p.m.10 views

Tunneling Flaws Put VPNs, CDNs and Routers at Risk Globally

Millions of devices, including home routers, VPN servers, and CDNs are vulnerable to exploitation due to critical flaws…...

7.4AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/10/21 4:49 a.m.37 views

Unmasking Lumma Stealer: Analyzing Deceptive Tactics with Fake CAPTCHA

Summary Lumma Stealer is an information-stealing malware available through a Malware-as-a-Service MaaS. It specializes in stealing sensitive data such as passwords, browser information, and cryptocurrency wallet details. The attacker has advanced its tactics, moving from traditional phishing to...

7.8AI score
Exploits0
Imperva Blog
Imperva Blog
added 2023/12/27 11:0 a.m.34 views

How Cache Purge Helps Keep Your Website Content Fresh and Responsive

Content Delivery Networks CDNs accelerate web traffic across the internet through servers residing in strategic locations known as points of presence or PoPs across the globe. Each PoP has a number of caching servers, each of which contains a cached version of your website or application. By...

6.8AI score
Exploits0
Akamai Blog
Akamai Blog
added 2021/08/05 4:0 a.m.26 views

HTTP/2 Request Smuggling

HTTP Request Smuggling also known as an HTTP Desync Attack has experienced a resurgence in security research recently, thanks in large part to the outstanding work by security researcher James Kettle. His 2019 Blackhat presentation on HTTP Desync attacks exposed vulnerabilities with different...

0.7AI score
Exploits0
Rows per page
Query Builder