Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

271 matches found

Snyk
Snykadded 2019/11/19 12:2 p.m.1 views

Cross-site Scripting (XSS)

Overview io.ratpack:ratpack-core is a simple, capable, toolkit for creating high performance web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS. This affects the development mode error handler when an exception message contains untrusted data. Note the...

6.3CVSS5.3AI score0.0024EPSS
Exploits1References2
OSV
OSVadded 2019/08/27 5:40 p.m.1 views

GHSA-F5F4-M7QP-W6GC Cross-site Scripting in Jooby

Jooby before 1.6.4 has XSS via the default error handler...

6.1CVSS5.9AI score0.00321EPSS
Exploits1References4
Github Security Blog
Github Security Blogadded 2019/08/27 5:40 p.m.21 views

Cross-site Scripting in Jooby

Jooby before 1.6.4 has XSS via the default error handler...

6.1CVSS1.7AI score0.00321EPSS
Exploits1References4Affected Software1
Veracode
Veracodeadded 2019/08/26 8:52 a.m.20 views

Cross-site Scripting (XSS)

Jooby is vulnerable to cross-site scripting XSS. The attack can be triggered when an attacker inject a malicious script through the default error handler...

6.1CVSS1.7AI score0.00321EPSS
Exploits1References2Affected Software1
OSV
OSVadded 2019/08/23 1:15 p.m.9 views

CVE-2019-15477

Jooby before 1.6.4 has XSS via the default error handler...

6.1CVSS6.1AI score
Exploits0References1
NVD
NVDadded 2019/08/23 1:15 p.m.9 views

CVE-2019-15477

Jooby before 1.6.4 has XSS via the default error handler...

6.1CVSS6AI score0.00321EPSS
Exploits1References1
Prion
Prionadded 2019/08/23 1:15 p.m.13 views

Default credentials

Jooby before 1.6.4 has XSS via the default error handler...

4.3CVSS5.9AI score0.00321EPSS
Exploits1References1Affected Software1
OSV
OSVadded 2019/08/06 1:15 p.m.0 views

CVE-2016-10789

cPanel before 60.0.25 allows code execution via the cpsrvd 403 error response handler SEC-191...

8.8CVSS6.1AI score0.01095EPSS
Exploits0References1
NVD
NVDadded 2019/08/06 1:15 p.m.11 views

CVE-2016-10789

cPanel before 60.0.25 allows code execution via the cpsrvd 403 error response handler SEC-191...

8.8CVSS8.9AI score0.01095EPSS
Exploits0References1
Snyk
Snykadded 2019/07/03 7:15 p.m.0 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write. An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can...

8.8CVSS7.9AI score0.01381EPSS
Exploits1References3
UbuntuCve
UbuntuCveadded 2019/07/03 7:15 p.m.23 views

CVE-2019-5051

An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability...

8.8CVSS7.5AI score0.01381EPSS
Exploits1References3
Cvelist
Cvelistadded 2019/07/03 6:43 p.m.23 views

CVE-2019-5051

An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability...

8.8CVSS8.8AI score0.01381EPSS
Exploits1References5
OSV
OSVadded 2019/04/21 2:29 a.m.0 views

UBUNTU-CVE-2019-11390

DISPUTED An issue was discovered in OWASP ModSecurity Core Rule Set CRS through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service ReDOS by entering a specially crafted string with seterrorhandler at the beginning and nested repetition...

5.3CVSS6.1AI score0.0051EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2019/04/21 12:0 a.m.2 views

PT-2019-12276 · Owasp +1 · Owasp Modsecurity Core Rule Set +1

Name of the Vulnerable Software and Affected Versions: OWASP ModSecurity Core Rule Set CRS versions through 3.1.0 Description: An issue was discovered that allows remote attackers to cause a denial of service ReDOS by entering a specially crafted string with set error handler at the beginning and...

5.3CVSS5.6AI score0.0051EPSS
Exploits1References11
Veracode
Veracodeadded 2019/02/18 7:55 a.m.9 views

Cross-site Scripting (XSS)

github.com/ory/hydra is vulnerable to cross-site scripting XSS. The vulnerability exists because it does not escape the errorhint parameter in the default error handler, allowing the attacker to inject arbitrary script through it...

6.1CVSS5.9AI score0.00323EPSS
Exploits1References6Affected Software1
Prion
Prionadded 2018/12/10 12:29 a.m.8 views

Design/Logic Flaw

VeryNginx 0.3.3 allows remote attackers to bypass the Web Application Firewall feature because there is no error handler for geturiargs or getpostargs to block the API misuse described in CVE-2018-9230...

7.5CVSS9.4AI score0.42719EPSS
Exploits2References1Affected Software1
OSV
OSVadded 2018/12/10 12:29 a.m.8 views

CVE-2018-19991

VeryNginx 0.3.3 allows remote attackers to bypass the Web Application Firewall feature because there is no error handler for geturiargs or getpostargs to block the API misuse described in CVE-2018-9230...

9.8CVSS7AI score
Exploits0References1
NVD
NVDadded 2018/12/10 12:29 a.m.6 views

CVE-2018-19991

VeryNginx 0.3.3 allows remote attackers to bypass the Web Application Firewall feature because there is no error handler for geturiargs or getpostargs to block the API misuse described in CVE-2018-9230...

9.8CVSS9.5AI score0.00481EPSS
Exploits1References1
Cvelist
Cvelistadded 2018/12/10 12:0 a.m.10 views

CVE-2018-19991

VeryNginx 0.3.3 allows remote attackers to bypass the Web Application Firewall feature because there is no error handler for geturiargs or getpostargs to block the API misuse described in CVE-2018-9230...

9.5AI score0.00481EPSS
Exploits1References1
CNVD
CNVDadded 2018/09/20 12:0 a.m.1 views

Artifex Ghostscript Code Injection Vulnerability

Artifex Ghostscript is an open source Postscript a page description language and programming language used in the electronics industry and desktop publishing parser from Artifex Software that displays Postscript files and prints them on non-Postscript printers. Postscript file. A security...

7.8CVSS8.7AI score0.00351EPSS
Exploits0References1
Rows per page
Query Builder