Lucene search
K

72 matches found

Vulnrichment
Vulnrichment
added 2025/11/20 12:0 a.m.2 views

CVE-2025-60794

Session tokens and passwords in couch-auth 0.21.2 are stored in JavaScript objects and remain in memory without explicit clearing in src/user.ts lines 700-707. This creates a window of opportunity for sensitive data extraction through memory dumps, debugging tools, or other memory access...

6.3AI score0.00182EPSS
Exploits0References3
CVE
CVE
added 2025/11/20 12:0 a.m.12 views

CVE-2025-60794

CVE-2025-60794 affects couch-auth 0.21.2. The root cause is tokens and passwords stored in JavaScript objects that are not explicitly cleared in src/user.ts (lines 700–707), leaving sensitive data in memory and creating a window for extraction via memory dumps or debugging tools. This could enabl...

6.5CVSS6.4AI score0.00182EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-53538

Malicious code in bioql PyPI...

7.3CVSS6.6AI score0.00293EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/21 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2023-26268

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document...

5.3CVSS6.2AI score0.01429EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 3:59 a.m.7 views

CVE-2018-7662

Couch through 2.0 allows remote attackers to discover the full path via a direct request to includes/mysql2i/mysql2i.func.php or addons/phpmailer/phpmailer.php...

5.3CVSS6.9AI score0.43515EPSS
Exploits1References1
OSV
OSV
added 2025/02/10 9:31 p.m.6 views

GHSA-R385-C5FC-X56C CouchAuth has a Server-Side Template Injection vulnerability in its email functionality

A host header injection vulnerability exists in the NPM package of perfood/couch-auth = 0.21.2. By sending a specially crafted host header in the email change confirmation request, it is possible to trigger a SSTI which can be leveraged to run limited commands or leak server-side information...

4.3CVSS7.3AI score0.00293EPSS
Exploits0References3
OSV
OSV
added 2025/02/10 8:15 p.m.5 views

CVE-2024-57177

A host header injection vulnerability exists in the NPM package of perfood/couch-auth = 0.21.2. By sending a specially crafted host header in the email change confirmation request, it is possible to trigger a SSTI which can be leveraged to run limited commands or leak server-side information...

7.3CVSS5.8AI score0.00293EPSS
Exploits0References2
NVD
NVD
added 2025/02/10 8:15 p.m.7 views

CVE-2024-57177

A host header injection vulnerability exists in the NPM package of perfood/couch-auth = 0.21.2. By sending a specially crafted host header in the email change confirmation request, it is possible to trigger a SSTI which can be leveraged to run limited commands or leak server-side information...

7.3CVSS0.00293EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/02/10 12:0 a.m.5 views

PT-2025-6098 · Perfood · Couch-Auth

Name of the Vulnerable Software and Affected Versions: perfood/couch-auth versions = 0.21.2 Description: A host header injection vulnerability exists in the NPM package of perfood/couch-auth. By sending a specially crafted host header in the email change confirmation request, it is possible to...

7.3CVSS7.3AI score0.00293EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/02/10 12:0 a.m.4 views

CVE-2024-57177

A host header injection vulnerability exists in the NPM package of perfood/couch-auth = 0.21.2. By sending a specially crafted host header in the email change confirmation request, it is possible to trigger a SSTI which can be leveraged to run limited commands or leak server-side information...

7.2AI score0.00293EPSS
Exploits0References2
OSV
OSV
added 2024/01/03 1:15 p.m.6 views

CVE-2023-39655

A host header injection vulnerability exists in the NPM package @perfood/couch-auth versions = 0.20.0. By sending a specially crafted host header in the forgot password request, it is possible to send password reset links to users which, once clicked, lead to an attacker-controlled server and thu...

9.6CVSS5.8AI score0.00521EPSS
Exploits0References2
Prion
Prion
added 2024/01/03 1:15 p.m.12 views

Design/Logic Flaw

A host header injection vulnerability exists in the NPM package @perfood/couch-auth versions = 0.20.0. By sending a specially crafted host header in the forgot password request, it is possible to send password reset links to users which, once clicked, lead to an attacker-controlled server and thu...

6.8CVSS7.4AI score0.00521EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/01/03 12:0 a.m.8 views

PT-2024-12818 · Npm · @Perfood/Couch-Auth

Name of the Vulnerable Software and Affected Versions: @perfood/couch-auth versions = 0.20.0 Description: A host header injection issue exists in the NPM package @perfood/couch-auth. By sending a specially crafted host header in the forgot password request, it is possible to send password reset...

9.6CVSS9.2AI score0.00521EPSS
Exploits0References8
CVE
CVE
added 2024/01/03 12:0 a.m.46 views

CVE-2023-39655

The CVE-2023-39655 issue concerns the NPM package @perfood/couch-auth (versions

9.6CVSS9.3AI score0.00521EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/07/19 12:0 a.m.5 views

IBM Planning Analytics 授权问题漏洞

IBM Planning Analytics is a suite of business planning analytics solutions from International Business Machines IBM. The solution supports automated execution of processes such as business planning, budgeting, and analysis. A security vulnerability exists in IBM Planning Analytics Cartridge for...

7.5CVSS7.5AI score0.00465EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2019/02/18 11:39 p.m.5 views

backbone-couch (>=0.4.0 <=0.5.4), backbone-stash (=0.0.4) +3 more potentially affected by CVE-2016-10537 via backbone (=0.3.3)

backbone NPM version =0.3.3 is affected by a known vulnerability. The following packages have a transitive dependency on backbone and may be impacted: - backbone-couch =0.4.0, =1.1.0, =0.4.0, =0.1.0, =1.0.0 Source cves: CVE-2016-10537 Source advisory: OSV:GHSA-J6P2-CX3W-6JCP...

5.4CVSS6.4AI score0.00686EPSS
Exploits0
CNVD
CNVD
added 2018/03/06 12:0 a.m.4 views

Webzyme Couch Path Disclosure Vulnerability

Webzyme Couch is the United States Webzyme Softwares, Inc. of a set of open source content management system CMS. A security vulnerability exists in Webzyme Couch. A remote attacker can exploit the vulnerability by sending a direct request to the includes/mysql2i/mysql2i.func.php or...

5.3CVSS6.9AI score0.43515EPSS
Exploits1References1
NVD
NVD
added 2018/03/04 11:29 p.m.18 views

CVE-2018-7662

Couch through 2.0 allows remote attackers to discover the full path via a direct request to includes/mysql2i/mysql2i.func.php or addons/phpmailer/phpmailer.php...

5.3CVSS5.3AI score0.43515EPSS
Exploits1References1
OSV
OSV
added 2018/03/04 11:29 p.m.18 views

CVE-2018-7662

Couch through 2.0 allows remote attackers to discover the full path via a direct request to includes/mysql2i/mysql2i.func.php or addons/phpmailer/phpmailer.php...

5.3CVSS7.2AI score
Exploits0References1
CVE
CVE
added 2018/03/04 11:0 p.m.72 views

CVE-2018-7662

CVE-2018-7662 affects CouchCMS &lt;= 2.0, enabling remote attackers to disclose the server’s full directory path by directly requesting includes/mysql2i/mysql2i.func.php or addons/phpmailer/phpmailer.php. This path disclosure arises from a missing/insufficient input validation in the affected end...

5.3CVSS5.2AI score0.43515EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder