12 matches found
CVE-2025-14279 DNS Rebinding Vulnerability in mlflow/mlflow
MLFlow versions up to and including 3.4.0 are vulnerable to DNS rebinding attacks due to a lack of Origin header validation in the MLFlow REST server. This vulnerability allows malicious websites to bypass Same-Origin Policy protections and execute unauthorized calls against REST endpoints. An...
CVE-2025-36116 IBM Db2 Mirror for i cross-site websocket hijacking
IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking vulnerability. By sending a specially crafted request, an unauthenticated malicious actor could exploit this vulnerability to sniff an existing WebSocket connection to then remotely perform operations that th...
PYSEC-2025-25
Rembg is a tool to remove images background. In Rembg 2.0.57 and earlier, the CORS middleware is setup incorrectly. All origins are reflected, which allows any website to send cross site requests to the rembg server and thus query any API. Even if authentication were to be enabled, allowcredentia...
PT-2023-31363 · Unknown · Uptime Kuma
Name of the Vulnerable Software and Affected Versions: Uptime Kuma versions prior to 1.23.9 Description: Uptime Kuma is a self-hosted monitoring tool that uses WebSocket with Socket.io. Prior to version 1.23.9, the application does not verify the source of communication, allowing third-party...
Torchbox Wagtail 信息泄露漏洞
Torchbox Wagtail is an open source content management system CMS from Torchbox UK. A security vulnerability exists in Torchbox Wagtail, a Django-based content management system focused on flexibility and user experience. When notifications of new replies are sent in comment threads, they are sent...
PYSEC-2020-22
Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. This does not affect users who have...
PT-2020-6687 · Apache · Apache Airflow
Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 1.10.14 Description: The issue is related to incorrect session validation in the Apache Airflow web server, caused by the use of a default configuration that includes a pre-set secret key. This allows a...
CVE-2020-3472 Cisco Webex Meetings User Email Address Information Disclosure Vulnerability
A vulnerability in the contacts feature of Cisco Webex Meetings could allow an authenticated, remote attacker with a legitimate user account to access sensitive information. The vulnerability is due to improper access restrictions on users who are added within user contacts. An attacker on one...
DEBIAN-CVE-2018-4117
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the "WebKit" component. It...
Apple Safari / iPhone crossite access
Script can access source code of the page from different domain...
Classic: Web2. 0 client components vulnerability scanning one-vulnerability warning-the black bar safety net
A, Web2. 0 is the several technology of integrated application of the results, these techniques are: AJAX(Asynchronous JavaScript and XML,Flash, JSONJavaScript Object Notation,SOAP Simple Object Access Protocol and REST, Representational State Transfer, etc. These techniques coupled with...
KaZaA crossite access
All advirtizing is executed in local zone...