Lucene search
K

12 matches found

Snyk
Snyk
added 2026/03/30 5:19 p.m.10 views

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error in the ManagedWebAccessUtils.getServer function. An attacker can obtain authentication credentials by leveraging improper URL prefix matching during HTTP redirects, causing sensitive headers such as Bearer tokens...

9.1CVSS5.9AI score0.00158EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/25 9:20 p.m.6 views

Unauthenticated SSRF Vulnerability in Streamlit on Windows (NTLM Credential Exposure)

Streamlit Open Source Security Advisory 1. Impacted Products Streamlit Open Source versions prior to 1.54.0 running on Windows hosts. 2. Introduction Snowflake Streamlit Open Source addressed a security vulnerability affecting Windows deployments related to improper handling and validation of...

4.8CVSS5.8AI score0.00282EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 7 : python-pip-9.0.3-7.el7 (AXSA:2020-4518:01)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2020-4518:01 advisory. python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure CVE-2018-20060 python-urllib3: CRLF injection...

9.8CVSS7.8AI score0.07443EPSS
Exploits3References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-31661

Malicious code in bioql PyPI...

8.7CVSS6.3AI score0.00458EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-0077

Malicious code in bioql PyPI...

8.5CVSS7.1AI score0.0104EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.29 views

EUVD-2025-24211

Malicious code in bioql PyPI...

4.5CVSS6.5AI score0.00308EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/29 12:0 a.m.4 views

PT-2025-39921

Name of the Vulnerable Software and Affected Versions MinIO Java SDK versions prior to 8.6.0 Description The MinIO Java SDK is a client for performing bucket and object operations with Amazon S3 compatible object storage services. Versions prior to 8.6.0 improperly handle XML tag values containin...

8.7CVSS6.4AI score0.00458EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2024/12/26 12:0 a.m.11 views

PT-2025-6725 · Ibm · Ibm Qradar Siem

Name of the Vulnerable Software and Affected Versions: IBM QRadar SIEM version 7.5 Description: The issue allows a privileged user to embed arbitrary JavaScript code in the Web UI, potentially altering the intended functionality and leading to credentials disclosure within a trusted session. This...

5.5CVSS6.3AI score0.00218EPSS
Exploits0References6
OSV
OSV
added 2024/05/14 3:8 p.m.3 views

DEBIAN-CVE-2024-26306

iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of message...

5.9CVSS6.5AI score0.01098EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/01/03 12:0 a.m.10 views

PT-2024-14837 · Genie Company · Aladdin Connect Mobile Application

Name of the Vulnerable Software and Affected Versions: The Genie Company Aladdin Connect Mobile Application versions 5.65 Build 2075 and below Description: The issue concerns the storage of users' product account authentication data in clear text within the application. This allows an attacker wi...

6.8CVSS7AI score0.00419EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2022/02/15 12:0 a.m.6 views

PT-2022-17151 · Jenkins · Jenkins Swamp Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins SWAMP Plugin versions 1.2.6 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to connect to an attacker-specified web server using attacker-specified credentials. The vulnerability is due to a...

8.8CVSS8.6AI score0.00684EPSS
Exploits0References7
OSV
OSV
added 2019/04/22 9:29 p.m.3 views

CVE-2019-11384

The Zalora application 6.15.1 for Android stores confidential information insecurely on the system i.e. plain text, which allows a non-root user to find out the username/password of a valid user via /data/data/com.zalora.android/sharedprefs/logindata.xml...

9.8CVSS7.3AI score
Exploits0References1
Rows per page
Query Builder