Lucene search
K

71 matches found

Microsoft CVE
Microsoft CVE
added 4 days ago5 views

thunderbolt: Validate XDomain request packet size before type cast

...

8.1CVSS5.8AI score0.00283EPSS
Exploits0
NVD
NVD
added 2026/06/10 6:16 p.m.14 views

CVE-2026-20257

In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a classic dashboard that exfiltrate...

5.7CVSS0.00198EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.9 views

Kuma 安全漏洞

Kuma is a modern service mesh developed by Kuma OpenSource, based on Envoy. It can be run on Kubernetes and VMs, with single- or multi-zone capabilities, across various clouds. There were security vulnerabilities in versions of Kuma before 2.7.25, 2.9.15, 2.11.13, 2.12.10, and 2.13.5. These...

5.1CVSS5.8AI score0.00204EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/02/24 12:0 a.m.8 views

Caddy 跨站请求伪造漏洞

Caddy is an open-source, cross-platform HTTP/Web server developed by the Caddy company. Versions of Caddy prior to 2.11.1 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the local Caddy management API accepting cross-domain requests when source forcing was n...

8.2CVSS5.7AI score0.00166EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.8 views

OpenClaw 跨站请求伪造漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a cross-site request forgery vulnerability that stems from a browser-oriented local host change route accepting cross-domain browser requests without explicit Origin/Referer validation, which can be...

7.1CVSS5.7AI score0.0014EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/26 12:0 a.m.8 views

Tenda W30E security vulnerabilities

The Tenda W30E is a router produced by the Chinese company Tenda. Versions of the Tenda W30E such as V2 and V16.01.0.195037 have security vulnerabilities. These vulnerabilities stem from the use of insecure cross-device resource sharing policies by management endpoints, which may allow attackers ...

7.1CVSS5.8AI score0.00211EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.4 views

Azure Linux 3.0 Security Update: slf4j (CVE-2015-9251)

The version of slf4j installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2015-9251 advisory. - jQuery before 3.0.0 is vulnerable to Cross-site Scripting XSS attacks when a cross-domain Ajax request is...

6.1CVSS6.2AI score0.29726EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-0587

Malware in sbrugna...

7.5CVSS6AI score0.03244EPSS
Exploits0References15
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-0339

Malware in sbrugna...

8.8CVSS8.8AI score0.00493EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-15147

Malware in sbrugna...

9.8CVSS9.5AI score0.00727EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2011-2355

Malware in sbrugna...

4.3CVSS9.2AI score0.01423EPSS
Exploits2References13
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-48007

Malicious code in bioql PyPI...

6.5CVSS6.3AI score0.0035EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.11 views

EUVD-2024-2615

Malicious code in bioql PyPI...

8.8CVSS6.4AI score0.00748EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/02/05 7:53 a.m.13 views

CVE-2024-41657

Casdoor is a UI-first Identity and Access Management IAM / Single-Sign-On SSO platform. In Casdoor 1.577.0 and earlier, a logic vulnerability exists in the beego filter CorsFilter that allows any website to make cross domain requests to Casdoor as the logged in user. Due to the a logic error in...

8.8CVSS6.5AI score0.00748EPSS
Exploits1References1
NVD
NVD
added 2024/08/28 12:15 p.m.24 views

CVE-2024-6449

HyperView Geoportal Toolkit in versions lower than 8.5.0 does not restrict cross-domain requests when fetching remote content pointed by one of GET request parameters. An unauthenticated remote attacker can prepare links, which upon opening will load scripts from a remote location controlled by t...

6.5CVSS0.0035EPSS
Exploits0References2
OSV
OSV
added 2024/08/28 12:15 p.m.3 views

CVE-2024-6449

HyperView Geoportal Toolkit in versions lower than 8.5.0 does not restrict cross-domain requests when fetching remote content pointed by one of GET request parameters. An unauthenticated remote attacker can prepare links, which upon opening will load scripts from a remote location controlled by t...

6.5CVSS5.9AI score0.0035EPSS
Exploits0References2
CVE
CVE
added 2024/08/28 11:49 a.m.52 views

CVE-2024-6449

HyperView Geoportal Toolkit (versions

6.5CVSS6.9AI score0.0035EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2024/08/28 5:11 a.m.11 views

CORS Misconfiguration

github.com/casdoor/casdoor is vulnerable to CORS Misconfiguration. The vulnerability is due to improper origin header validation, which only checks for a prefix, allowing any domain with a valid subdomain prefix to make cross-domain requests to Casdoor as the logged-in user...

8.8CVSS6.7AI score0.00748EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2024/08/22 5:16 p.m.12 views

GHSA-MCHX-7J67-8MCF Casdoor CORS misconfiguration (GHSL-2024-035)

Casdoor is a UI-first Identity and Access Management IAM / Single-Sign-On SSO platform. In Casdoor 1.577.0 and earlier, a logic vulnerability exists in the beego filter CorsFilter that allows any website to make cross domain requests to Casdoor as the logged in user. Due to the a logic error in...

8.6CVSS8.2AI score0.00748EPSS
Exploits1References4
NVD
NVD
added 2024/08/20 9:15 p.m.14 views

CVE-2024-41657

Casdoor is a UI-first Identity and Access Management IAM / Single-Sign-On SSO platform. In Casdoor 1.577.0 and earlier, a logic vulnerability exists in the beego filter CorsFilter that allows any website to make cross domain requests to Casdoor as the logged in user. Due to the a logic error in...

8.8CVSS0.00748EPSS
Exploits1References2
Rows per page
Query Builder