Lucene search
+L

18 matches found

githubexploit
githubexploit
added 2026/06/13 4:5 a.m.120 views

Exploit for Memory Allocation with Excessive Size Value in Apache Http_Server

http2-bomb-detector HTTP/2 Bomb CVE-2026-49975 Non-destru...

7.5CVSS5.6AI score0.11471EPSS
Exploits8
nessus
nessus
added 2026/05/04 12:0 a.m.5 views

RHCOS 3 : jenkins (RHSA-2016:0711)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:0711 advisory. - jenkins: Remote code execution vulnerability in remoting module SECURITY-232 CVE-2016-0788 - jenkins: HTTP response splitting...

10CVSS7.2AI score0.82697EPSS
Exploits25References15
euvd
euvd
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-0189

Malware in sbrugna...

5.8CVSS6.4AI score0.01367EPSS
Exploits0References7
osv
osv
added 2025/08/14 6:52 p.m.3 views

MAL-2025-8720 Malicious code in @malware-test-hunts-crumb-outer-knots/test-mlw3-hunts-crumb-outer-knots (npm)

The package @malware-test-hunts-crumb-outer-knots/test-mlw3-hunts-crumb-outer-knots was found to contain malicious code...

7.2AI score
Exploits0
osv
osv
added 2022/05/13 1:31 a.m.20 views

GHSA-QXH5-5R5P-5GVF Cross-Site Request Forgery in Jenkins Blue Ocean Plugin

A data modification vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier that allows attackers to bypass all cross-site request forgery protection in Blue Ocean API. The vulnerability is found in: - blueocean-core-js/src/js/bundleStartup.js - blueocean-core-js/src/js/fetch.ts -...

6.5CVSS6.6AI score0.01108EPSS
Exploits0References5
exploitpack
exploitpack
added 2019/11/08 12:0 a.m.60 views

Jenkins build-metrics plugin 1.3 - label Cross-Site Scripting

Jenkins build-metrics plugin 1.3 - label Cross-Site Scripting Exploit Title: Jenkins build-metrics plugin 1.3 - 'label' Cross-Site Scripting Date: 2019-11-06 Exploit Author: vesche Austin Jackson Vendor Homepage: https://plugins.jenkins.io/build-metrics Version: Jenkins build-metrics plugin 1.3 a...

4.3CVSS6.1AI score0.57735EPSS
Exploits5
vulnersosv
vulnersosv
added 2017/10/24 6:33 p.m.4 views

postmile (>=1.0.1 <=1.1.0), postmile-web (>=1.0.0 <=1.1.0) potentially affected by CVE-2014-7193 via crumb (>=0.0.9 <=2.2.0)

crumb NPM version =0.0.9, =1.0.1, =1.0.0, =1.1.0 Source cves: CVE-2014-7193 Source advisory: OSV:GHSA-84FQ-6626-W5FG...

5.8CVSS5.8AI score0.01367EPSS
Exploits0
github
github
added 2017/10/24 6:33 p.m.29 views

CORS Token Disclosure in crumb

When CORS is enabled on a hapi route handler, it is possible to set a crumb token for a different domain. An attacker would need to have an application consumer visit a site they control, request a route supporting CORS, and then retrieve the token. With this token, they could possibly make...

5.8CVSS6.2AI score0.01367EPSS
Exploits0References5Affected Software1
osv
osv
added 2017/10/24 6:33 p.m.9 views

GHSA-84FQ-6626-W5FG CORS Token Disclosure in crumb

When CORS is enabled on a hapi route handler, it is possible to set a crumb token for a different domain. An attacker would need to have an application consumer visit a site they control, request a route supporting CORS, and then retrieve the token. With this token, they could possibly make...

5.8CVSS6.2AI score0.01367EPSS
Exploits0References5
seebug
seebug
added 2017/04/28 12:0 a.m.45 views

Jenkins Multiple CSRF vulnerabilities (CVE-2017-1000356)

Multiple Cross-Site Request Forgery vulnerabilities in Jenkins allowed malicious users to perform several administrative actions by tricking a victim into opening a web page. The most notable ones: SECURITY-412: Restart Jenkins immediately, after all builds are finished, or after all plugin...

9.3AI score0.06957EPSS
Exploits1
nodejs
nodejs
added 2015/10/17 7:41 p.m.32 views

CORS Token Disclosure

Overview When CORS is enabled on a hapi route handler, it is possible to set a crumb token for a different domain. An attacker would need to have an application consumer visit a site they control, request a route supporting CORS, and then retrieve the token. With this token, they could possibly...

5.8CVSS0.7AI score0.01367EPSS
Exploits0Affected Software1
nvd
nvd
added 2014/12/25 11:59 a.m.21 views

CVE-2014-7193

The Crumb plugin before 3.0.0 for Node.js does not properly restrict token access in situations where a hapi route handler has CORS enabled, which allows remote attackers to obtain sensitive information, and potentially obtain the ability to spoof requests to non-CORS routes, via a crafted web si...

5.8CVSS6.2AI score0.01367EPSS
Exploits0References2
prion
prion
added 2014/12/25 11:59 a.m.18 views

Design/Logic Flaw

The Crumb plugin before 3.0.0 for Node.js does not properly restrict token access in situations where a hapi route handler has CORS enabled, which allows remote attackers to obtain sensitive information, and potentially obtain the ability to spoof requests to non-CORS routes, via a crafted web si...

5.8CVSS6.7AI score0.01367EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2014/12/25 11:0 a.m.40 views

CVE-2014-7193

The Crumb plugin before 3.0.0 for Node.js does not properly restrict token access in situations where a hapi route handler has CORS enabled, which allows remote attackers to obtain sensitive information, and potentially obtain the ability to spoof requests to non-CORS routes, via a crafted web si...

6.2AI score0.01367EPSS
Exploits0References2
cve
cve
added 2014/12/25 11:0 a.m.57 views

CVE-2014-7193

CVE-2014-7193 affects the Crumb plugin for Node.js prior to 3.0.0. When a hapi route has CORS enabled, token access is not properly restricted, potentially allowing remote attackers to obtain sensitive information and possibly spoof requests to non-CORS routes via a crafted site visited by an app...

5.8CVSS6.4AI score0.01367EPSS
Exploits0References2Affected Software1
osv
osv
added 2014/12/03 9:59 p.m.6 views

DEBIAN-CVE-2014-9236

Cross-site scripting XSS vulnerability in php/editphotos.php in Zoph aka Zoph Organizes Photos 0.9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 photographerid or 2 crumb parameter...

4.3CVSS6AI score0.02645EPSS
Exploits1References1
osv
osv
added 2014/12/03 9:59 p.m.3 views

UBUNTU-CVE-2014-9236

Cross-site scripting XSS vulnerability in php/editphotos.php in Zoph aka Zoph Organizes Photos 0.9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 photographerid or 2 crumb parameter...

4.3CVSS5.9AI score0.02645EPSS
Exploits1References4
debiancve
debiancve
added 2014/12/03 9:0 p.m.33 views

CVE-2014-9236

Cross-site scripting XSS vulnerability in php/editphotos.php in Zoph aka Zoph Organizes Photos 0.9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 photographerid or 2 crumb parameter...

4.3CVSS4.2AI score0.02645EPSS
Exploits1
Rows per page
Query Builder