Lucene search
K

4 matches found

Cvelist
Cvelist
added 2025/08/27 10:25 a.m.21 views

CVE-2025-30064 Possibility to generate a session for any user via the "ex:action" parameter after obtaining access to the JWT key

An insufficiently secured internal function allows session generation for arbitrary users. The decodeParam function checks the JWT but does not verify which signing algorithm was used. As a result, an attacker can use the "ex:action" parameter in the VerifyUserByThrustedService function to genera...

8.8CVSS0.00077EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2023/10/05 12:0 a.m.5 views

The vulnerability of the Ceph storage system driver (net/ceph/messenger_v2.c) in Linux operating systems allows a hacker to execute arbitrary code or cause service interruptions.

The vulnerability in the Ceph storage system driver net/ceph/messengerv2.c of Linux operating systems arises from the operation of pushing data out of the buffer into memory when processing segment length with the parameter cephdecode32. Exploiting this vulnerability allows a remote attacker to...

9CVSS7.4AI score0.54577EPSS
Exploits1References11Affected Software3
CNNVD
CNNVD
added 2023/05/16 12:0 a.m.2 views

Glazed Lists 代码问题漏洞

Glazed Lists is Glazed Lists open source an open source list conversion for Java. A security vulnerability exists in Glazed Lists v1.11.0. An attacker exploiting this vulnerability can execute arbitrary code via the BeanXMLByteCoder.decode parameter...

9.8CVSS8.7AI score0.01013EPSS
Exploits1References2
0day.today
0day.today
added 2006/01/15 12:0 a.m.51 views

MS Windows Metafile (WMF) Remote File Download Exploit Generator

Exploit for unknown platform in category remote exploits ================================================================ MS Windows Metafile WMF Remote File Download Exploit Generator ================================================================ / \ / WMF nDay download Exploit Generator \ by...

7.1AI score
Exploits0
Rows per page
Query Builder