Lucene search
K

9 matches found

NVD
NVD
added 2026/06/22 10:16 p.m.11 views

CVE-2026-56255

Capgo before 12.128.2 contains a denial of service vulnerability in the POST /app/demo endpoint that allows authenticated users with org write permissions to create unlimited demo applications without rate limiting or quota enforcement. Attackers can repeatedly invoke this endpoint to generate...

5.3CVSS0.00272EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/22 9:4 p.m.5 views

CVE-2026-56255

Capgo before 12.128.2 contains a denial of service vulnerability in the POST /app/demo endpoint that allows authenticated users with org write permissions to create unlimited demo applications without rate limiting or quota enforcement. Attackers can repeatedly invoke this endpoint to generate...

5.3CVSS5.9AI score0.00272EPSS
Exploits0References3
CVE
CVE
added 2026/06/22 9:4 p.m.11 views

CVE-2026-56255

Capgo before 12.128.2 contains a denial-of-service vulnerability in POST /app/demo that lets authenticated users with org write permissions create unlimited demo apps without rate limiting or quotas. Each request can trigger around 138 database write operations, leading to degraded performance, h...

5.3CVSS5.9AI score0.00272EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/15 12:30 a.m.18 views

EUVD-2026-30494

Hedera Guardian through 3.5.1 contains an authentication bypass vulnerability in the GET /api/v1/demo/registered-users endpoint that allows unauthenticated attackers to retrieve sensitive user information. Attackers can access the endpoint without providing authentication credentials to obtain...

6.9CVSS5.8AI score0.00356EPSS
Exploits0References3
NVD
NVD
added 2025/12/04 3:15 p.m.6 views

CVE-2025-14007

A vulnerability was detected in dayrui XunRuiCMS up to 4.7.1. This affects an unknown part of the file /admin79f2ec220c7e.php?c=api&m=demo&name=mobile of the component Domain Name Binding Page. The manipulation results in cross site scripting. The attack may be performed from remote. A high...

6.1CVSS0.00225EPSS
Exploits1References4
VulnCheck KEV
VulnCheck KEV
added 2025/07/31 12:0 a.m.10 views

VulnCheck KEV: CVE-2024-29198

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. It possible to achieve Service Side Request Forgery SSRF via the Demo request endpoint if Proxy Base URL has not been set. Upgrading to GeoServer 2.24.4, or 2.25.2, removes the...

8.2CVSS5.8AI score0.01923EPSS
In wildExploits0References2
OSV
OSV
added 2025/06/10 2:27 p.m.6 views

CVE-2024-29198 GeoServer Vulnerable to Unauthenticated SSRF via TestWfsPost

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. It possible to achieve Service Side Request Forgery SSRF via the Demo request endpoint if Proxy Base URL has not been set. Upgrading to GeoServer 2.24.4, or 2.25.2, removes the...

7.5CVSS6.6AI score0.01923EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/06/10 12:0 a.m.2 views

GeoServer 代码问题漏洞

GeoServer is GeoServer open source an open source software server written in Java. It allows users to share and edit geospatial data. A code issue vulnerability exists in GeoServer, which originates from a server-side request forgery that can be achieved through the Demo request endpoint when the...

8.2CVSS6.7AI score0.01923EPSS
Exploits0References5
CNVD
CNVD
added 2018/12/04 12:0 a.m.4 views

Drobo 5N2 System Command Injection Vulnerability

The Drobo 5N2 NAS is a networked storage appliance NAS from Drobo, USA. The device features data sharing, data backup, remote access and disaster recovery. A command injection vulnerability exists in the /DroboPix/api/drobopix/demo endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115. An attacker...

10CVSS8.3AI score0.17113EPSS
Exploits1References1
Rows per page
Query Builder