Lucene search
+L

7 matches found

cvelist
cvelist
added 2024/05/23 6:30 a.m.37 views

CVE-2024-4835 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

A XSS condition exists within GitLab in versions 15.11 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this condition, an attacker can craft a malicious page to exfiltrate sensitive user information...

8CVSS7.3AI score0.00802EPSS
Exploits1References2
debian
debian
added 2023/06/30 5:56 p.m.31 views

[SECURITY] [DLA 3476-1] cups security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3476-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz June 30, 2023 https://wiki.debian.org/LTS -...

7.1CVSS6.6AI score0.01395EPSS
Exploits1
nessus
nessus
added 2023/06/04 12:0 a.m.30 views

Fedora 38 : mingw-python-requests (2023-f3824383be)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-f3824383be advisory. Update to requests-2.31.0. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...

6.1CVSS7.3AI score0.02974EPSS
Exploits1References2
thn
thn
added 2021/05/27 10:3 a.m.59 views

Hackers Using Fake Foundations to Target Uyghur Minority in China

The Uyghur community located in China and Pakistan has been the subject of an ongoing espionage campaign aiming to trick the targets into downloading a Windows backdoor to amass sensitive information from their systems. "Considerable effort was put into disguising the payloads, whether by creatin...

0.4AI score
Exploits0
nvd
nvd
added 2021/05/25 2:15 p.m.21 views

CVE-2021-27823

An information disclosure vulnerability was discovered in /index.class.php via port 8181 on NetWave System 1.0 which allows unauthenticated attackers to exfiltrate sensitive information from the system...

7.5CVSS0.01058EPSS
Exploits0References2
threatpost
threatpost
added 2021/03/03 7:12 p.m.43 views

Malicious Code Bombs Target Amazon, Lyft, Slack, Zillow

Researchers have spotted malicious packages targeting internal applications for Amazon, Lyft, Slack and Zillow among others inside the npm public code repository — all of which exfiltrate sensitive information. The packages weaponize a proof-of-concept PoC code dependency-confusion exploit that w...

7.2AI score
Exploits0References6
cisco
cisco
added 2018/04/18 4:0 p.m.63 views

Cisco DNA Center Cross Origin Resource Sharing Vulnerability

A vulnerability in the web framework of the Cisco Digital Network Architecture Center DNA Center could allow an unauthenticated, remote attacker to communicate with the Kong API server without restriction. The vulnerability is due to an overly permissive Cross Origin Resource Sharing CORS policy...

5.4CVSS0.6AI score0.0132EPSS
Exploits0References1
Rows per page
Query Builder