Lucene search
K

160 matches found

NVD
NVD
added 2025/06/11 8:15 a.m.61 views

CVE-2025-5991

There is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module. This only affects HTTP/2 handling, HTTP handling is not affected by this at all. This happens due to a race condition between how QHttp2Stream uploads the body of a POST request and the simultaneous...

2.1CVSS0.00119EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:44 p.m.5 views

CVE-2021-39873

In all versions of GitLab CE/EE, there exists a content spoofing vulnerability which may be leveraged by attackers to trick users into visiting a malicious website by spoofing the content in an error response...

4.3CVSS5.8AI score0.00876EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:47 p.m.12 views

CVE-2020-7057

Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a different response for failed ISAPI/Security/sessionLogin/capabilities login attempts depending on whether the user account exists, which might make it easier to enumerate users. However, only about 4 or 5 failed logins are...

5.3CVSS6.8AI score0.01103EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 2:6 a.m.22 views

Security Bulletin: IBM Security Verify Information Queue does not always enable HTTP Strict Transport Security when sending error responses (CVE-2021-20409)

Summary The web server in IBM Security Verify Information Queue ISIQ does not add the HTTP Strict Transport Security header in its internally generated error responses. Consequently, a remote attacker could obtain sensitive information from an insecure HTTP connection. As of v10.0.0, ISIQ is...

7.5CVSS7.4AI score0.00895EPSS
Exploits0Affected Software1
CVE
CVE
added 2025/04/15 3:34 p.m.49 views

CVE-2024-11084

CVE-2024-11084 affects Perforce Helix ALM prior to 2025.1. The issue is that authentication returns distinct error responses, enabling an attacker to determine whether a username exists (username enumeration). The connected sources (RH Red Hat, NVD, CVE Lists, CNNVD) corroborate the same descript...

6.3CVSS6.5AI score0.00422EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/15 3:34 p.m.17 views

CVE-2024-11084 Potential Username Enumeration in Helix ALM

Helix ALM prior to 2025.1 returns distinct error responses during authentication, allowing an attacker to determine whether a username exists...

6.3CVSS0.00422EPSS
Exploits0References1
Snyk
Snyk
added 2025/04/03 5:45 p.m.7 views

Information Exposure

Overview api-platform/core is a builds a fully-featured hypermedia or GraphQL API in minutes. Affected versions of this package are vulnerable to Information Exposure through the JSON error response. An attacker can obtain sensitive information by exploiting the visibility of exception messages...

6.9CVSS6.6AI score0.00357EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/04/03 1:2 p.m.18 views

API Platform Core can leak exceptions message that may contain sensitive information

Summary Exception messages, that are not HTTP exceptions, are visible in the JSON error response. Details While we wanted to make our errors compatible with the JSON Problem specification, we ended up handling more exceptions then we did previously introduced at...

5.3CVSS7.2AI score0.00357EPSS
Exploits0References5Affected Software1
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.270 views

Oracle ISQLPlus SID Check

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle iSQLPlus SID Check', 'Description' = %q This module attempts to bruteforce the SID on the Oracle application server iSQLPlus login pages. ...

7.4AI score
Exploits0
Citrix
Citrix
added 2024/07/13 12:0 a.m.8 views

CITRIX-XML-SERVICE NetScaler Monitor Fails after Installing XenApp 6 Hotfix Rollup Pack 02

The CITRIX-XML-SERVICE NetScaler built-in monitor fails after Hotfix Rollup Pack 2 for Citrix XenApp 6 for Microsoft Windows Server 2008 R2 is installed. However, XenApp continues to work. The following message appears when you view the monitor. "Failure – TicketTag not found in the response" Wit...

7AI score
Exploits0
CNNVD
CNNVD
added 2024/06/16 12:0 a.m.5 views

Shenzhen Guoxin Synthesis image system security vulnerability

Shenzhen Guoxin Synthesis image system is an image system from Shenzhen Guoxin Synthesis, a company based in Shenzhen, China. A security vulnerability exists in the Shenzhen Guoxin Synthesis image system, version prior to 8.3.0, which stems from a discrepancy in the error response that allows...

5.3CVSS6.7AI score0.0025EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/04/01 3:48 p.m.23 views

CasaOS Username Enumeration - Bypass of CVE-2024-24766

Summary The Casa OS Login page has disclosed the username enumeration vulnerability in the login page which was patched in CasaOS v0.4.7. Details It is observed that the attacker can enumerate the CasaOS username using the application response. If the username is incorrect the application gives t...

7.5CVSS7.3AI score0.00618EPSS
Exploits1References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/02/02 12:0 a.m.44 views

SUSE SLES12 Security Update : squid (SUSE-SU-2024:0296-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0296-1 advisory. - CVE-2023-50269: fixed X-Forwarded-For Stack Overflow. bsc1217654 - CVE-2024-23638: fixed Denial of Service attack against Cache...

8.6CVSS6.9AI score0.6005EPSS
Exploits1References7
Amazon
Amazon
added 2024/01/09 12:0 a.m.4 views

Medium: resteasy-base

Issue Overview: A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's paramete...

5.5CVSS6.5AI score0.01439EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/12/14 12:0 a.m.17 views

Fedora 38 : python-jupyter-server (2023-8816029058)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-8816029058 advisory. Security fix for CVE-2023-49080 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

4.3CVSS5.1AI score0.00841EPSS
Exploits0References2
Elastic
Elastic
added 2023/12/12 5:0 p.m.8 views

Beats and Elastic Agent 8.11.3 / 7.17.16 Security Update (ESA-2023-30)

Beats and Elastic Agent Insertion of Sensitive Information into Log File An issue was discovered by Elastic whereby Beats and Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or...

6.8CVSS6.8AI score0.00589EPSS
Exploits0
PyPA
PyPA
added 2023/12/04 9:15 p.m.9 views

PYSEC-2023-272

The Jupyter Server provides the backend i.e. the core services, APIs, and REST endpoints for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. Unhandled errors in API requests coming from an authenticated user include traceback information, which can include path information...

4.3CVSS6.8AI score0.00841EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2023/12/04 9:0 p.m.36 views

CVE-2023-49080 Jupyter Server errors include tracebacks with path information

The Jupyter Server provides the backend i.e. the core services, APIs, and REST endpoints for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. Unhandled errors in API requests coming from an authenticated user include traceback information, which can include path information...

3.5CVSS4.9AI score0.00841EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/08/17 12:0 a.m.14 views

Netflix Dispatch 安全漏洞

Netflix Dispatch is a US-based Netflix company's software that provides security event management with deep integration with Slack, GSuite, Jira, etc. tools. Netflix Dispatch suffers from a security vulnerability that stems from a server response that includes the JWT key used to sign JWT tokens ...

9.1CVSS7.3AI score0.00758EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2023/07/13 12:0 a.m.4 views

PT-2023-3882 · Honeywell · Honeywell Experion Pks +2

Name of the Vulnerable Software and Affected Versions: Honeywell Experion PKS affected versions not specified Honeywell Experion LX affected versions not specified Experion PlantCruise affected versions not specified Description: The issue is related to a server information leak of configuration...

10CVSS6.6AI score0.00476EPSS
Exploits0References10
Rows per page
Query Builder