Lucene search
K

16 matches found

RedhatCVE
RedhatCVE
added 2026/03/28 4:59 p.m.9 views

CVE-2026-34411

Appsmith versions prior to 1.98 expose sensitive instance management API endpoints without authentication. Unauthenticated attackers can query endpoints like /api/v1/consolidated-api/view and /api/v1/tenants/current to retrieve configuration metadata, license information, and unsalted SHA-256...

6.9CVSS5.9AI score0.00387EPSS
Exploits1References1
CVE
CVE
added 2026/03/27 4:24 p.m.11 views

CVE-2026-34411

Affected product: Appsmith prior to version 1.98. Root cause: unauthenticated access to instance management API endpoints (/api/v1/consolidated-api/view, /api/v1/tenants/current) that exposes configuration metadata, license information, and unsalted SHA-256 hashes of admin email domains. Impact: ...

6.9CVSS5.9AI score0.00387EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 8:56 a.m.4 views

CVE-2023-40191

Reflected cross-site scripting XSS vulnerability in the instance settings for Accounts in Liferay Portal 7.4.3.44 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 44 through 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected in...

9CVSS5.7AI score0.0062EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/16 9:30 a.m.6 views

EUVD-2025-34742

Mattermost has a Missing Authorization vulnerability...

5.4CVSS6.5AI score0.00285EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-0502

Malicious code in bioql PyPI...

9CVSS8.9AI score0.0062EPSS
Exploits0References3
Pen Test Partners Blog
Pen Test Partners Blog
added 2025/04/09 5:52 a.m.12 views

Don’t use corporate email for your personal life

TL;DR People use whatever is convenient. Segregation of work and personal matters is a key part of security. Using corporate addresses tramples on this separation. Corporate email addresses should be treated with the same care as sensitive corporate information. Create an Acceptable Use Policy th...

7.3AI score
Exploits0
OSV
OSV
added 2024/02/21 3:30 a.m.13 views

GHSA-468X-FRCM-GHX6 Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting

Reflected cross-site scripting XSS vulnerability in the instance settings for Accounts in Liferay Portal 7.4.3.44 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 44 through 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected in...

9CVSS6.7AI score0.0062EPSS
Exploits0References3
NVD
NVD
added 2024/02/21 3:15 a.m.17 views

CVE-2023-40191

Reflected cross-site scripting XSS vulnerability in the instance settings for Accounts in Liferay Portal 7.4.3.44 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 44 through 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected in...

9CVSS7.6AI score0.0062EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/02/21 3:6 a.m.20 views

CVE-2023-40191

Reflected cross-site scripting XSS vulnerability in the instance settings for Accounts in Liferay Portal 7.4.3.44 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 44 through 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected in...

9CVSS7.6AI score0.0062EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/09/10 12:0 a.m.17 views

FreeBSD : gitea -- block user account creation from blocked email domains (4061a4b2-4fb1-11ee-acc7-0151f07bc899)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 4061a4b2-4fb1-11ee-acc7-0151f07bc899 advisory. - The Gitea team reports: check blocklist for emails when adding them to account 4061a4b2-4fb1-11ee-...

5.6AI score
Exploits0References3
FreeBSD
FreeBSD
added 2023/08/30 12:0 a.m.12 views

gitea -- block user account creation from blocked email domains

The Gitea team reports: check blocklist for emails when adding them to account...

7.1AI score
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 6:0 a.m.4 views

SUSE CVE-2010-0463

Horde IMP 4.3.6 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests...

5CVSS6.8AI score0.01945EPSS
Exploits0References3
Kitploit
Kitploit
added 2022/08/10 12:30 p.m.72 views

Packj - Large-Scale Security Analysis Platform To Detect Malicious/Risky Open-Source Packages

Packj pronounced package is a command line CLI tool to vet open-source software packages for "risky" attributes that make them vulnerable to supply chain attacks. This is the tool behind our large-scale security analysis platform Packj.dev that continuously vets packages and provides free reports...

7.5CVSS7.8AI score0.07443EPSS
Exploits2References6
The Hacker News
The Hacker News
added 2022/05/24 3:31 p.m.54 views

Popular PyPI Package 'ctx' and PHP Library 'phpass' Hijacked to Steal AWS Keys

Two trojanized Python and PHP packages have been uncovered in what's yet another instance of a software supply chain attack targeting the open source ecosystem. One of the packages in question is "ctx," a Python module available in the PyPi repository. The other involves "phpass," a PHP package...

0.5AI score
Exploits0
Hacker One
Hacker One
added 2022/05/17 3:10 a.m.14 views

LinkedIn: Privilege Escalation - "Analyst" Role Can View Email Domains of a Company - [GET /voyager/api/voyagerOrganizationDashEmailDomainMappings]

Summary: Hey team, During the security assessment, I came across an endpoint - GET /voyager/api/voyagerOrganizationDashEmailDomainMappings, which is vulnerable to privilege escalation. A lower privileged user can abuse this to view the list of approved domains for email verification even though i...

1.4AI score
Exploits0
ThreatPost
ThreatPost
added 2016/06/09 10:57 a.m.9 views

Stolen Twitter Credentials Latest Dataset For Sale

Tens of millions of Twitter account records including cleartext passwords are up for sale on a black market site, the latest cache of bundled credentials for major online services to be made available. The Twitter records have been analyzed by LeakedSource, which said in a post yesterday that a...

Exploits0References6
Rows per page
Query Builder