Lucene search
+L

41 matches found

Snyk
Snyk
added 2026/07/08 4:38 p.m.8 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to the lack of authentication or authorization on the public gRPC port :9080 for the external snapshot import process. An attacker can overwrite and replace the database contents by sendi...

9.1CVSS6.1AI score0.00388EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/15 8:39 p.m.15 views

Allocation of Resources Without Limits or Throttling

Overview starlette is a The little ASGI library that shines. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the request.form. An attacker can exhaust system resources and disrupt service availability by submitting a specially crafted...

8.7CVSS5.9AI score0.00275EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-20348

Malware in sbrugna...

8.8CVSS7.9AI score0.00732EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 1:57 a.m.7 views

CVE-2023-47114

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in your runtime environment, and the enforcement of privacy regulations in your code. The Fides web application allows data subject users to request access to their personal data. If the...

6.1CVSS6.7AI score0.00609EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/08 12:0 a.m.6 views

PT-2025-15446 · Unknown · Bep/Imagemeta

Name of the Vulnerable Software and Affected Versions: bep/imagemeta versions prior to 0.10.0 Description: The issue concerns a Go library for reading image meta data from various file formats. The EXIF data format allows for defining large data structures in small payloads, which could be abused...

8.7CVSS7.3AI score0.02402EPSS
Exploits0References13
OSV
OSV
added 2024/04/04 9:15 p.m.7 views

AZL-42864 CVE-2023-45288 affecting package multus for versions less than 4.0.2-3

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

7.5CVSS6.8AI score0.91969EPSS
Exploits1References1
OSV
OSV
added 2024/04/04 9:15 p.m.7 views

AZL-38761 CVE-2023-45288 affecting package prometheus-adapter for versions less than 0.12.0-1

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

7.5CVSS6.8AI score0.91969EPSS
Exploits1References1
OSV
OSV
added 2024/04/04 9:15 p.m.10 views

DEBIAN-CVE-2023-45288

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

7.5CVSS6.9AI score0.91969EPSS
Exploits1References1
NVD
NVD
added 2024/02/07 3:15 p.m.40 views

CVE-2024-24771

Open Forms allows users create and publish smart forms. Versions prior to 2.2.9, 2.3.7, 2.4.5, and 2.5.2 contain a non-exploitable multi-factor authentication weakness. Superusers who have their credentials username + password compromised could potentially have the second-factor authentication...

7.7CVSS7.8AI score0.00599EPSS
Exploits0References5
Prion
Prion
added 2024/02/07 3:15 p.m.35 views

Design/Logic Flaw

Open Forms allows users create and publish smart forms. Versions prior to 2.2.9, 2.3.7, 2.4.5, and 2.5.2 contain a non-exploitable multi-factor authentication weakness. Superusers who have their credentials username + password compromised could potentially have the second-factor authentication...

3.2CVSS7.5AI score0.00599EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/07 2:51 p.m.24 views

CVE-2024-24771 Open Forms potential multi-factor authentication bypass

Open Forms allows users create and publish smart forms. Versions prior to 2.2.9, 2.3.7, 2.4.5, and 2.5.2 contain a non-exploitable multi-factor authentication weakness. Superusers who have their credentials username + password compromised could potentially have the second-factor authentication...

7.7CVSS7AI score0.00599EPSS
Exploits0References5
CVE
CVE
added 2024/02/07 2:51 p.m.99 views

CVE-2024-24771

Open Forms CVE-2024-24771 affects multiple versions prior to 2.2.9, 2.3.7, 2.4.5, and 2.5.2, with a non-exploitable MFA weakness that could allow a second-factor bypass if a superuser’s credentials are compromised. Attack could let the attacker view sensitive submissions or impersonate staff if b...

7.7CVSS5.8AI score0.00599EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2023/08/25 12:0 a.m.6 views

go-libp2p 资源管理错误漏洞

go-libp2p is the libp2p implementation in Go. A resource management error vulnerability exists in go-libp2p 0.27.3 and earlier versions, which stems from a vulnerability that allows an attacker to store an arbitrary amount of data in a remote node's memory using signed peer records...

7.5CVSS7.5AI score0.00772EPSS
Exploits0References5
Malwarebytes
Malwarebytes
added 2022/10/18 2:0 p.m.26 views

Warning: "FaceStealer" iOS and Android apps steal your Facebook login

Earlier this month, security researchers from Meta found 400 malicious Android and iOS apps designed to steal user Facebook login credentials. Such mobile malware, which Malwarebytes detects typically as Android/Trojan.Spy.Facestealer, usually arrives as an app disguised as a useful or entertaini...

7.2AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2022/07/12 2:30 p.m.4 views

CVE-2021-40336

A vulnerability exists in the http web interface where the web interface does not validate data in an HTTP header. This causes a possible HTTP response splitting, which if exploited could lead an attacker to channel down harmful code into the user’s web browser, such as to steal the session...

8.8CVSS5.8AI score0.00417EPSS
Exploits0References2Affected Software1
The Hacker News
The Hacker News
added 2022/05/26 8:3 a.m.26 views

Twitter Fined $150 Million for Misusing Users' Data for Advertising Without Consent

Twitter, which is in the process of being acquired by Tesla CEO Elon Musk, has agreed to pay $150 million to the U.S. Federal Trade Commission FTC to settle allegations that it abused non-public information collected for security purposes to serve targeted ads. In addition to the monetary penalty...

0.5AI score
Exploits0
OSV
OSV
added 2022/03/03 9:15 p.m.3 views

UBUNTU-CVE-2022-21716

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach...

7.5CVSS7.3AI score0.0351EPSS
Exploits1References8
The Hacker News
The Hacker News
added 2021/12/15 4:58 p.m.37 views

Facebook to Pay Hackers for Reporting Data Scraping Bugs and Scraped Datasets

Meta Platforms, the company formerly known as Facebook, has announced that it's expanding its bug bounty program to start rewarding valid reports of scraping vulnerabilities across its platforms as well as include reports of scraping data sets that are available online. "We know that automated...

0.1AI score
Exploits0
Prion
Prion
added 2021/09/15 7:15 p.m.30 views

Authorization

The Service Layer of SAP Business One, version - 10.0, allows an authenticated attacker to invoke certain functions that would otherwise be restricted to specific users. For an attacker to discover the vulnerable function, no in-depth system knowledge is required. Once exploited via Network stack...

6.5CVSS8.5AI score0.00614EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/09/15 6:1 p.m.34 views

CVE-2021-33704

The Service Layer of SAP Business One, version - 10.0, allows an authenticated attacker to invoke certain functions that would otherwise be restricted to specific users. For an attacker to discover the vulnerable function, no in-depth system knowledge is required. Once exploited via Network stack...

6.3CVSS8.7AI score0.00614EPSS
Exploits0References2
Rows per page
Query Builder