Lucene search
K

40 matches found

Github Security Blog
Github Security Blog
added 2026/06/15 5:28 p.m.9 views

PyJWKClient unbounded JWKS endpoint requests via attacker-controlled kid values (DoS)

!NOTE The vulnerability surfaces only when a JWKS fetch fails; an attacker can attempt to provoke that with sustained unknown-kid traffic, but the outcome depends on upstream JWKS-endpoint behavior rate limiting, transient errors which is beyond the attacker's control. Impact is reduced auth...

3.7CVSS5.2AI score0.00222EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/06/12 1:16 p.m.12 views

CVE-2026-49347

Quest Bot is an opensource Discord Bot. Prior to version 1.1.8, any user who can access the ticket panel can repeatedly create new ticket channels. The latest release still creates a new database ticket and Discord channel for every completed ticket modal submission, without checking whether the...

5.3CVSS0.00235EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 11:54 a.m.8 views

CVE-2026-49347 Quest Bot: Ticket creation has no per-user open-ticket limit or cooldown

Quest Bot is an opensource Discord Bot. Prior to version 1.1.8, any user who can access the ticket panel can repeatedly create new ticket channels. The latest release still creates a new database ticket and Discord channel for every completed ticket modal submission, without checking whether the...

5.3CVSS5.2AI score0.00235EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 11:54 a.m.17 views

CVE-2026-49347

CVE-2026-49347 affects Quest Bot (Discord bot). Before v1.1.8, any user who can access the ticket panel could repeatedly create new ticket channels; the system did not enforce a per-user open-ticket limit or cooldown. The issue persists in that the latest release still creates a new database tick...

5.3CVSS5.2AI score0.00235EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 11:54 a.m.29 views

CVE-2026-49347 Quest Bot: Ticket creation has no per-user open-ticket limit or cooldown

Quest Bot is an opensource Discord Bot. Prior to version 1.1.8, any user who can access the ticket panel can repeatedly create new ticket channels. The latest release still creates a new database ticket and Discord channel for every completed ticket modal submission, without checking whether the...

5.3CVSS0.00235EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 11:54 a.m.9 views

EUVD-2026-36416

Quest Bot is an opensource Discord Bot. Prior to version 1.1.8, any user who can access the ticket panel can repeatedly create new ticket channels. The latest release still creates a new database ticket and Discord channel for every completed ticket modal submission, without checking whether the...

5.3CVSS5.2AI score0.00235EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.12 views

PT-2026-48862

Quest Bot is an opensource Discord Bot. Prior to version 1.1.8, any user who can access the ticket panel can repeatedly create new ticket channels. The latest release still creates a new database ticket and Discord channel for every completed ticket modal submission, without checking whether the...

5.3CVSS5.2AI score0.00235EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/28 4:56 a.m.4 views

CVE-2026-33935

MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.72, an unauthenticated attacker can lock out administrator and visitor accounts from password-based authentication by triggering failed login attempts. The application exposes three password verification...

8.7CVSS5.9AI score0.00543EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/27 12:43 a.m.3 views

CVE-2026-33935

MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.72, an unauthenticated attacker can lock out administrator and visitor accounts from password-based authentication by triggering failed login attempts. The application exposes three password verification...

8.7CVSS5.8AI score0.00543EPSS
Exploits1References6Affected Software1
Packet Storm News
Packet Storm News
added 2026/03/10 12:0 a.m.2 views

Execution Is the New Attack Surface: Survivability-Aware Agentic Crypto Trading with OpenClaw-Style Local Executors

OpenClaw-style agent stacks turn language into privileged execution: LLM intents flow through tool interception, policy gates, and a local executor. In parallel, skill marketplaces such as skills.sh make capability acquisition as easy as installing skills and CLIs, creating a growing capability...

5.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/12/05 10:33 p.m.5 views

CVE-2025-66559

Taiko Alethia is an Ethereum-equivalent, permissionless, based rollup designed to scale Ethereum without compromising its fundamental properties. In 2.3.1 and earlier, TaikoInbox.verifyBatches packages/protocol/contracts/layer1/based/TaikoInbox.sol:627-678 advanced the local tid to whatever...

9.3CVSS6.6AI score0.00273EPSS
Exploits0References1
OSV
OSV
added 2025/12/04 10:23 p.m.6 views

CVE-2025-66559 Taiko Alethia Pacaya inbox verification pointer corruption

Taiko Alethia is an Ethereum-equivalent, permissionless, based rollup designed to scale Ethereum without compromising its fundamental properties. In 2.3.1 and earlier, TaikoInbox.verifyBatches packages/protocol/contracts/layer1/based/TaikoInbox.sol:627-678 advanced the local tid to whatever...

9.3CVSS6.5AI score0.00273EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-34992

Malicious code in bioql PyPI...

6.3CVSS6.6AI score0.00765EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 9:48 a.m.4 views

CVE-2024-34695

WOWS Karma is a reputation system for Wargaming's World of Warships. A user is able to click multiple times on "create" on a post creation prompt before the modal closes, which triggers sending several post creation API requests at once. Due to timing, sending multiple posts simultaneously reques...

6.3CVSS6.7AI score0.00765EPSS
Exploits0References1
NVD
NVD
added 2024/05/14 3:39 p.m.7 views

CVE-2024-34695

WOWS Karma is a reputation system for Wargaming's World of Warships. A user is able to click multiple times on "create" on a post creation prompt before the modal closes, which triggers sending several post creation API requests at once. Due to timing, sending multiple posts simultaneously reques...

6.3CVSS6.1AI score0.00765EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.5 views

Karma 安全漏洞

Karma is a simple tool. Allows execution of JavaScript code in multiple real browsers. A security vulnerability exists in Karma versions prior to 0.17.4.1, which stems from the fact that sending multiple post requests at the same time will bypass the cooldown validation...

6.3CVSS7AI score0.00765EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/05/10 3:57 p.m.9 views

CVE-2024-34695 WOWS Karma vulnerable to a post submission bounce/timing attack

WOWS Karma is a reputation system for Wargaming's World of Warships. A user is able to click multiple times on "create" on a post creation prompt before the modal closes, which triggers sending several post creation API requests at once. Due to timing, sending multiple posts simultaneously reques...

6.3CVSS6.6AI score0.00765EPSS
Exploits0References3
CVE
CVE
added 2024/05/10 3:57 p.m.54 views

CVE-2024-34695

Affected software: WOWS Karma reputation system for World of Warships. Root cause / vector: A user can click the"create" button multiple times on the post-creation prompt before the modal closes, causing several API requests to be sent in parallel. This timing flaw allows bypassing the cooldown v...

6.3CVSS6.1AI score0.00765EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/05/10 3:57 p.m.20 views

CVE-2024-34695 WOWS Karma vulnerable to a post submission bounce/timing attack

WOWS Karma is a reputation system for Wargaming's World of Warships. A user is able to click multiple times on "create" on a post creation prompt before the modal closes, which triggers sending several post creation API requests at once. Due to timing, sending multiple posts simultaneously reques...

6.3CVSS6.3AI score0.00765EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/05/10 12:0 a.m.3 views

PT-2024-26112 · Unknown · Wows Karma

Name of the Vulnerable Software and Affected Versions: WOWS Karma versions prior to 0.17.4.1 Description: The issue allows a user to bypass cooldown validation by sending multiple post creation API requests simultaneously. This is achieved by clicking the "create" button multiple times on a post...

6.3CVSS7.2AI score0.00765EPSS
Exploits0References5
Rows per page
Query Builder