Lucene search
K

66 matches found

CVE
CVE
added 2024/10/07 8:23 p.m.63 views

CVE-2024-45051

CVE-2024-45051 affects Discourse: a vulnerability that lets an attacker bypass domain-based restrictions by using a maliciously crafted (encoded) email address, enabling access to private sites, categories and groups. Connected sources confirm this is a Discourse authorization bypass tied to how ...

8.2CVSS8.2AI score0.00366EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2024/08/22 5:17 p.m.26 views

Casdoor has reflected XSS in QrCodePage.js (GHSL-2024-036)

Casdoor is a UI-first Identity and Access Management IAM / Single-Sign-On SSO platform. In Casdoor 1.577.0 and earlier, he purchase URL that is created to generate a WechatPay QR code is vulnerable to reflected XSS. When purchasing an item through casdoor, the product page allows you to pay via...

6.1CVSS6.1AI score0.00423EPSS
Exploits1References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/04/30 12:0 a.m.30 views

GitLab < 16.9.6 / 16.10 < 16.10.4 / 16.11 < 16.11.1 (CVE-2024-1347)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. Under certain...

5.3CVSS5.2AI score0.00469EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2024/04/25 12:4 p.m.41 views

CVE-2024-1347

A flaw was found in GitLab CE/EE. Under certain conditions, an attacker, through a crafted email address, can bypass domain-based restrictions on an instance or a group. This issue affects all versions through 16.9.6, 16.10 through 16.10.4, and 16.11 through 16.11.1...

4.3CVSS4.4AI score0.00469EPSS
Exploits0References5
OSV
OSV
added 2023/12/15 11:15 a.m.2 views

CVE-2023-48465

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting DOM-based XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...

5.4CVSS5.7AI score0.00597EPSS
Exploits0References1
OSV
OSV
added 2023/12/15 11:15 a.m.2 views

CVE-2023-48454

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting DOM-based XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...

5.4CVSS5.7AI score0.00597EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/12/12 12:0 a.m.5 views

PT-2023-7853 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.18 and earlier Description: The issue is related to a Cross-site Scripting DOM-based XSS vulnerability. It can be exploited if a low-privileged attacker convinces a victim to visit a URL referencing a...

5.5CVSS4.9AI score0.00562EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2023/06/16 12:15 p.m.6 views

CVE-2023-3294

Cross-site Scripting XSS - DOM in GitHub repository saleor/react-storefront prior to c29aab226f07ca980cc19787dcef101e11b83ef7...

7.6CVSS5.7AI score0.00459EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:12 a.m.3 views

SUSE CVE-2019-11340

util/emailutils.py in Matrix Sydent before 1.0.2 mishandles registration restrictions that are based on e-mail domain, if the allowedlocal3pids option is enabled. This occurs because of potentially unwanted behavior in Python, in which an email.utils.parseaddr call on...

5.9CVSS6.2AI score0.01861EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:31 a.m.3 views

SUSE CVE-2022-3620

A vulnerability was found in Exim and classified as problematic. This issue affects the function dmarcdnslookup of the file dmarc.c of the component DMARC Handler. The manipulation leads to use after free. The attack may be initiated remotely. The name of the patch is...

9.8CVSS8.8AI score0.00734EPSS
Exploits0References3
Fedora
Fedora
added 2021/05/08 1:34 a.m.67 views

[SECURITY] Fedora 34 Update: opendmarc-1.4.0-1.fc34

OpenDMARC Domain-based Message Authentication, Reporting & Conformance provides an open source library that implements the DMARC verification service plus a milter-based filter application that can plug in to any milter-aware MTA, including sendmail, Postfix, or any other MTA that suppor ts the...

9.8CVSS1.7AI score0.03684EPSS
Exploits1
Rapid7 Blog
Rapid7 Blog
added 2021/04/26 6:47 p.m.61 views

Rapid7's 2021 ICER Takeaways: Email Security Among the Fortune 500

This blog post covers key takeaways from our 2021 Industry Cyber-Exposure Report ICER: Fortune 500. Original analysis for these findings was conducted by Kwan Lin. We all know and love—or at least begrudgingly rely upon—email. It is a pillar of modern communications, but is unfortunately also...

Exploits0
Hacker One
Hacker One
added 2020/11/09 3:14 p.m.6 views

Malwarebytes: No SPF/DMARC records on mb-cosmos.com

The domain mb-cosmos.com lacked SPF and DMARC records, allowing email spoofing. Emails appeared to originate from the domain without authentication. This vulnerability was reported as a security issue...

7.1AI score
Exploits0
OSV
OSV
added 2020/07/27 11:15 p.m.1 views

DEBIAN-CVE-2020-12460

OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarcxmlparse that can result in a one-byte heap overflow in opendmarcxml when parsing a specially crafted DMARC aggregate report. This can cause remote memory corruption when a '\0' byte...

9.8CVSS8.7AI score0.03684EPSS
Exploits1References1
OSV
OSV
added 2020/06/19 6:15 p.m.16 views

CVE-2018-21252

An issue was discovered in Mattermost Server before 5.2, 5.1.1, 5.0.3, and 4.10.3. Attackers could use multiple e-mail addresses to bypass a domain-based policy for signups...

4.3CVSS7.1AI score0.00615EPSS
Exploits0References1
NVD
NVD
added 2020/06/19 6:15 p.m.14 views

CVE-2018-21252

An issue was discovered in Mattermost Server before 5.2, 5.1.1, 5.0.3, and 4.10.3. Attackers could use multiple e-mail addresses to bypass a domain-based policy for signups...

4.3CVSS0.00615EPSS
Exploits0References1
Prion
Prion
added 2020/06/19 6:15 p.m.13 views

Security feature bypass

An issue was discovered in Mattermost Server before 5.2, 5.1.1, 5.0.3, and 4.10.3. Attackers could use multiple e-mail addresses to bypass a domain-based policy for signups...

4CVSS4.7AI score0.00615EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/06/19 5:44 p.m.19 views

CVE-2018-21252

An issue was discovered in Mattermost Server before 5.2, 5.1.1, 5.0.3, and 4.10.3. Attackers could use multiple e-mail addresses to bypass a domain-based policy for signups...

4.7AI score0.00615EPSS
Exploits0References1
OSV
OSV
added 2020/06/16 11:15 p.m.15 views

CVE-2020-14214

Zammad before 3.3.1, when Domain Based Assignment is enabled, relies on a claimed e-mail address for authorization decisions. An attacker can register a new account that will have access to all tickets of an arbitrary Organization...

6.5CVSS6.9AI score
Exploits0References2
Prion
Prion
added 2020/06/16 11:15 p.m.14 views

Authorization

Zammad before 3.3.1, when Domain Based Assignment is enabled, relies on a claimed e-mail address for authorization decisions. An attacker can register a new account that will have access to all tickets of an arbitrary Organization...

5.8CVSS6.5AI score0.00717EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder