Lucene search
K

161 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/06 8:28 p.m.4 views

CVE-2026-30835

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.7 and 9.5.0-alpha.6, malformed $regex query parameter e.g. abc causes the database to return a structured error object that is passed unsanitized through the API response...

6.9CVSS5.8AI score0.00336EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/26 10:48 p.m.10 views

Curio exposes database credentials to users with network access through verbose HTTP error responses

Summary Multiple HTTP handlers in Curio passed raw database error messages to HTTP clients via http.Error. When the PostgreSQL/YugabyteDB driver pgx returned errors, these could contain the database connection string — including hostname, port, username, and password. Additionally, the internal...

5.9AI score
Exploits0References5Affected Software1
OSV
OSV
added 2026/02/12 11:16 p.m.5 views

UBUNTU-CVE-2019-25338

DokuWiki 2018-04-22b contains a username enumeration vulnerability in its password reset functionality that allows attackers to identify valid user accounts. Attackers can submit different usernames to the password reset endpoint and distinguish between existing and non-existing accounts by...

6.9CVSS5.8AI score0.00407EPSS
Exploits1References6
EUVD
EUVD
added 2025/12/10 9:31 p.m.4 views

EUVD-2020-30841

SpinetiX Fusion Digital Signage 3.4.8 contains a username enumeration vulnerability in its login script that allows attackers to identify valid user accounts. Attackers can send crafted login requests with different usernames to distinguish between existing and non-existing accounts by analyzing...

6.9CVSS6.3AI score0.00349EPSS
Exploits1References5
NVD
NVD
added 2025/12/10 9:16 p.m.5 views

CVE-2020-36888

SpinetiX Fusion Digital Signage 3.4.8 contains a username enumeration vulnerability in its login script that allows attackers to identify valid user accounts. Attackers can send crafted login requests with different usernames to distinguish between existing and non-existing accounts by analyzing...

6.9CVSS0.00349EPSS
Exploits1References4
OSV
OSV
added 2025/11/06 12:59 p.m.7 views

BIT-DISCOURSE-2025-61598 Discourse is missing Cache-Control response header on error responses

Discourse is an open source discussion platform. Version before 3.6.2 and 3.6.0.beta2, default Cache-Control response header with value no-store, no-cache was missing from error responses. This may caused unintended caching of those responses by proxies potentially leading to cache poisoning...

6.3CVSS6.7AI score0.00274EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/10/29 9:12 p.m.16 views

CVE-2025-61598

Discourse is an open source discussion platform. Version before 3.6.2 and 3.6.0.beta2, default Cache-Control response header with value no-store, no-cache was missing from error responses. This may caused unintended caching of those responses by proxies potentially leading to cache poisoning...

6.3CVSS6.8AI score0.00274EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2025/10/29 12:0 a.m.7 views

Discourse Cache Poisoning Vulnerability (GHSA-jp9x-wwv6-cv3j)

Discourse is prone to a cache poisoning vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse";...

6.3CVSS6.7AI score0.00274EPSS
Exploits0References3
NVD
NVD
added 2025/10/28 9:15 p.m.6 views

CVE-2025-61598

Discourse is an open source discussion platform. Version before 3.6.2 and 3.6.0.beta2, default Cache-Control response header with value no-store, no-cache was missing from error responses. This may caused unintended caching of those responses by proxies potentially leading to cache poisoning...

6.3CVSS0.00274EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/28 8:38 p.m.6 views

EUVD-2025-36558

Discourse is an open source discussion platform. Version before 3.6.2 and 3.6.0.beta2, default Cache-Control response header with value no-store, no-cache was missing from error responses. This may caused unintended caching of those responses by proxies potentially leading to cache poisoning...

6.3CVSS6.2AI score0.00274EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/28 8:38 p.m.5 views

CVE-2025-61598 Discourse is missing Cache-Control response header on error responses

Discourse is an open source discussion platform. Version before 3.6.2 and 3.6.0.beta2, default Cache-Control response header with value no-store, no-cache was missing from error responses. This may caused unintended caching of those responses by proxies potentially leading to cache poisoning...

6.3CVSS6.4AI score0.00274EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/10/28 8:38 p.m.10 views

CVE-2025-61598 Discourse is missing Cache-Control response header on error responses

Discourse is an open source discussion platform. Version before 3.6.2 and 3.6.0.beta2, default Cache-Control response header with value no-store, no-cache was missing from error responses. This may caused unintended caching of those responses by proxies potentially leading to cache poisoning...

6.3CVSS0.00274EPSS
Exploits0References3
OSV
OSV
added 2025/10/28 8:38 p.m.6 views

CVE-2025-61598 Discourse is missing Cache-Control response header on error responses

Discourse is an open source discussion platform. Version before 3.6.2 and 3.6.0.beta2, default Cache-Control response header with value no-store, no-cache was missing from error responses. This may caused unintended caching of those responses by proxies potentially leading to cache poisoning...

6.3CVSS6.8AI score0.00274EPSS
Exploits0References5
CVE
CVE
added 2025/10/28 8:38 p.m.22 views

CVE-2025-61598

Product/Component: Discourse (open source discussion platform). Vulnerability summary: Versions before 3.6.2 and 3.6.0.beta2 expose a missing Cache-Control header (no-store, no-cache) in error responses, which can enable proxy caching of error pages and potentially lead to cache poisoning. Impact...

6.3CVSS6.4AI score0.00274EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2025/10/27 4:55 p.m.5 views

squid-cache: Squid vulnerable to information disclosure via authentication credential leakage in error handling

A Information Disclosure vulnerability has been identified in the Squid web caching proxy. This flaw occurs when the application fails to properly redact sensitive Hypertext Transfer Protocol HTTP authentication credentials from an error response. A remote client can exploit this by triggering an...

10CVSS5.8AI score0.62871EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/10/17 11:57 p.m.4 views

CVE-2025-62168

A Information Disclosure vulnerability has been identified in the Squid web caching proxy. This flaw occurs when the application fails to properly redact sensitive Hypertext Transfer Protocol HTTP authentication credentials from an error response. A remote client can exploit this by triggering an...

10CVSS6.5AI score0.62871EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-21590

Malware in sbrugna...

6.5CVSS6.5AI score0.0183EPSS
Exploits2References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-10531

Malware in sbrugna...

4.3CVSS4.9AI score0.01248EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2009-0437

Malware in sbrugna...

2.6CVSS6.2AI score0.01643EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2015-3245

Malware in sbrugna...

7.5CVSS8.4AI score0.04126EPSS
Exploits0References20
Rows per page
Query Builder