Lucene search
K

12 matches found

Cvelist
Cvelist
added 2026/01/12 8:15 a.m.25 views

CVE-2025-14279 DNS Rebinding Vulnerability in mlflow/mlflow

MLFlow versions up to and including 3.4.0 are vulnerable to DNS rebinding attacks due to a lack of Origin header validation in the MLFlow REST server. This vulnerability allows malicious websites to bypass Same-Origin Policy protections and execute unauthorized calls against REST endpoints. An...

8.1CVSS0.00193EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/07/23 2:26 p.m.7 views

CVE-2025-36116 IBM Db2 Mirror for i cross-site websocket hijacking

IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking vulnerability. By sending a specially crafted request, an unauthenticated malicious actor could exploit this vulnerability to sniff an existing WebSocket connection to then remotely perform operations that th...

6.3CVSS6.2AI score0.00155EPSS
Exploits0References1
PyPA
PyPA
added 2025/03/03 5:15 p.m.9 views

PYSEC-2025-25

Rembg is a tool to remove images background. In Rembg 2.0.57 and earlier, the CORS middleware is setup incorrectly. All origins are reflected, which allows any website to send cross site requests to the rembg server and thus query any API. Even if authentication were to be enabled, allowcredentia...

8.7CVSS6.7AI score0.00179EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2023/12/11 12:0 a.m.6 views

PT-2023-31363 · Unknown · Uptime Kuma

Name of the Vulnerable Software and Affected Versions: Uptime Kuma versions prior to 1.23.9 Description: Uptime Kuma is a self-hosted monitoring tool that uses WebSocket with Socket.io. Prior to version 1.23.9, the application does not verify the source of communication, allowing third-party...

8.8CVSS8.7AI score0.00376EPSS
Exploits1References7
CNNVD
CNNVD
added 2022/01/18 12:0 a.m.4 views

Torchbox Wagtail 信息泄露漏洞

Torchbox Wagtail is an open source content management system CMS from Torchbox UK. A security vulnerability exists in Torchbox Wagtail, a Django-based content management system focused on flexibility and user experience. When notifications of new replies are sent in comment threads, they are sent...

4.3CVSS5.1AI score0.0097EPSS
Exploits0References4
PyPA
PyPA
added 2020/12/21 5:15 p.m.5 views

PYSEC-2020-22

Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. This does not affect users who have...

7.7CVSS6.6AI score0.23336EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2020/12/21 12:0 a.m.2 views

PT-2020-6687 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 1.10.14 Description: The issue is related to incorrect session validation in the Apache Airflow web server, caused by the use of a default configuration that includes a pre-set secret key. This allows a...

8.3CVSS7.4AI score0.23336EPSS
Exploits0References27
Vulnrichment
Vulnrichment
added 2020/08/17 6:0 p.m.4 views

CVE-2020-3472 Cisco Webex Meetings User Email Address Information Disclosure Vulnerability

A vulnerability in the contacts feature of Cisco Webex Meetings could allow an authenticated, remote attacker with a legitimate user account to access sensitive information. The vulnerability is due to improper access restrictions on users who are added within user contacts. An attacker on one...

5CVSS5.5AI score0.01133EPSS
Exploits0References1
OSV
OSV
added 2018/04/03 6:29 a.m.2 views

DEBIAN-CVE-2018-4117

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the "WebKit" component. It...

6.5CVSS8.3AI score0.03137EPSS
Exploits0References1
securityvulns
securityvulns
added 2007/10/08 12:0 a.m.16 views

Apple Safari / iPhone crossite access

Script can access source code of the page from different domain...

2AI score
Exploits0Affected Software1
myhack58
myhack58
added 2007/07/09 12:0 a.m.22 views

Classic: Web2. 0 client components vulnerability scanning one-vulnerability warning-the black bar safety net

A, Web2. 0 is the several technology of integrated application of the results, these techniques are: AJAX(Asynchronous JavaScript and XML,Flash, JSONJavaScript Object Notation,SOAP Simple Object Access Protocol and REST, Representational State Transfer, etc. These techniques coupled with...

6.4AI score
Exploits0
securityvulns
securityvulns
added 2003/01/08 12:0 a.m.36 views

KaZaA crossite access

All advirtizing is executed in local zone...

3.1AI score
Exploits0References1
Rows per page
Query Builder