Lucene search
K

13 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-7208

Malicious code in bioql PyPI...

8.8CVSS8.7AI score0.00369EPSS
Exploits0References6
Veracode
Veracode
added 2024/04/12 4:9 a.m.15 views

Cross-Site Request Forgery (CSRF)

aim is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to the lack of CSRF and CORS protection in the aim dashboard, allowing attackers to perform actions such as deleting runs, updating data, and stealing data like log records and notes without the user's consent...

8.8CVSS7.1AI score0.00531EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2024/04/10 5:15 p.m.20 views

CVE-2024-2196

aimhubio/aim is vulnerable to Cross-Site Request Forgery CSRF, allowing attackers to perform actions such as deleting runs, updating data, and stealing data like log records and notes without the user's consent. The vulnerability stems from the lack of CSRF and CORS protection in the aim dashboar...

8.8CVSS8.7AI score0.00531EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/04/10 5:8 p.m.16 views

CVE-2024-2196 CSRF Vulnerability in aimhubio/aim

aimhubio/aim is vulnerable to Cross-Site Request Forgery CSRF, allowing attackers to perform actions such as deleting runs, updating data, and stealing data like log records and notes without the user's consent. The vulnerability stems from the lack of CSRF and CORS protection in the aim dashboar...

8.8CVSS6.8AI score0.00531EPSS
Exploits1References1
CVE
CVE
added 2024/04/10 5:8 p.m.105 views

CVE-2024-2196

The aimhubio/aim Cross-Site Request Forgery (CSRF) vulnerability is caused by missing CSRF and CORS protections in the aim dashboard. An attacker can lure a logged-in user into issuing unauthorized requests, enabling actions such as deleting runs, updating data, and exfiltrating log records or no...

8.8CVSS8.6AI score0.00531EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2023/01/09 8:5 p.m.36 views

CVE-2022-41919

A Cross-site request forgery CSRF vulnerability was found in fastify due to improper handling of incorrect Content-Types. This flaw allows an attacker to use an incorrect 'Content-Type' to bypass checks to allow fetch requests that could be used to invoke routes that only accept application/json...

8.8CVSS6.2AI score0.00369EPSS
Exploits0References6
Prion
Prion
added 2022/11/22 8:15 p.m.27 views

Cross site request forgery (csrf)

Fastify is a web framework with minimal overhead and plugin architecture. The attacker can use the incorrect Content-Type to bypass the Pre-Flight checking of fetch. fetch requests with Content-Type’s essence as "application/x-www-form-urlencoded", "multipart/form-data", or "text/plain", could...

6.8CVSS8.6AI score0.00369EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2022/11/22 12:0 a.m.5 views

CVE-2022-41919 Fastify vulnerable to Cross-Site Request Forgery (CSRF) attack via incorrect content type

Fastify is a web framework with minimal overhead and plugin architecture. The attacker can use the incorrect Content-Type to bypass the Pre-Flight checking of fetch. fetch requests with Content-Type’s essence as "application/x-www-form-urlencoded", "multipart/form-data", or "text/plain", could...

4.2CVSS8.7AI score0.00369EPSS
Exploits0References3
OSV
OSV
added 2022/11/21 10:28 p.m.6 views

GHSA-3FJJ-P79J-C9HH Fastify: Incorrect Content-Type parsing can lead to CSRF attack

Impact The attacker can use the incorrect Content-Type to bypass the Pre-Flight checking of fetch. fetch requests with Content-Type’s essence as "application/x-www-form-urlencoded", "multipart/form-data", or "text/plain", could potentially be used to invoke routes that only accepts application/js...

4.2CVSS5.9AI score0.00369EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2022/10/20 12:0 a.m.24 views

SUSE: Security Advisory (SUSE-SU-2022:3666-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS9.7AI score0.02737EPSS
Exploits1References2
OSV
OSV
added 2022/10/19 6:45 p.m.6 views

SUSE-SU-2022:3666-1 Security update for helm

This update for helm fixes the following issues: helm was updated to version 3.9.4: CVE-2022-36055: Fixed denial of service through string value parsing bsc1203054. Updating the certificates used for testing Updating index handling helm was updated to version 3.9.3: - CVE-2022-1996: Updated...

9.3CVSS8.9AI score0.02737EPSS
Exploits1References5
Hacker One
Hacker One
added 2019/04/10 1:57 p.m.49 views

Grammarly: Account takeover through the combination of cookie manipulation and XSS

Summary: A cookie based XSS on www.grammarly.com exists due to reflection of a cookie called gnarcontainerId in DOM without any sanitization. Normally, gnarcontainerId is being set by the server however a vulnerable endpoint at gnar.grammarly.com called "/cookies" allows us to manipulate cookies...

Exploits0
CVE
CVE
added 2019/03/09 4:0 a.m.51 views

CVE-2019-9580

CVE-2019-9580 affects StackStorm’s Web UI (st2web) prior to versions 2.9.3 and 2.10.x prior to 2.10.3. The root cause is improper handling of CORS headers, where an unknown/null origin could be accepted, potentially enabling XSS and related cross-domain actions via a crafted link. Exploitation de...

6.1CVSS6.1AI score0.0299EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder