Lucene search
+L

72 matches found

vulnrichment
vulnrichment
added 2025/10/02 10:0 a.m.2 views

CVE-2025-54468 Rancher sends sensitive information to external services through the `/meta/proxy` endpoint

A vulnerability has been identified within Rancher Manager whereby Impersonate-Extra- headers are being sent to an external entity, for example amazonaws.com, via the /meta/proxy Rancher endpoint. These headers may contain identifiable and/or sensitive information e.g. email addresses...

4.7CVSS6.3AI score0.00334EPSS
Exploits0References2
osv
osv
added 2025/09/26 1:2 p.m.5 views

GHSA-MJCP-RJ3C-36FR Rancher sends sensitive information to external services through the `/meta/proxy` endpoint

Impact A vulnerability has been identified within Rancher Manager whereby Impersonate-Extra- headers are being sent to an external entity, for example amazonaws.com, via the /meta/proxy Rancher endpoint. These headers may contain identifiable and/or sensitive information e.g. email addresses. If...

4.7CVSS7AI score0.00334EPSS
Exploits0References5
gitee
gitee
added 2025/09/14 12:2 p.m.187 views

wazuh

This repository is an open-source security platform called Wazuh, which provides unified XDR and SIEM protection for endpoints and cloud workloads. The repository contains various files and templates for issue reporting, testing, and integration with external services. The probable entry points f...

7.2AI score
Exploits0
snyk
snyk
added 2025/07/15 6:4 p.m.6 views

XML External Entity (XXE) Injection

Overview org.dspace:dspace-api is a DSpace core data model and service APIs. Affected versions of this package are vulnerable to XML External Entity XXE Injection via the XML parsing process during archive imports or when handling XML responses from upstream services. An attacker can access...

7CVSS7.6AI score0.00368EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2025/07/15 2:44 p.m.4 views

CVE-2025-53621 DSpace vulnerable to XML External Entity (XXE) injection in import via Simple Archive Format (SAF) or import from external sources

DSpace open source software is a repository application which provides durable access to digital resources. Two related XML External Entity XXE injection possibilities impact all versions of DSpace prior to 7.6.4, 8.2, and 9.1. External entities are not disabled when parsing XML files during impo...

6.9CVSS6.5AI score0.00368EPSS
Exploits0References7
osv
osv
added 2025/07/15 2:44 p.m.5 views

CVE-2025-53621 DSpace vulnerable to XML External Entity (XXE) injection in import via Simple Archive Format (SAF) or import from external sources

DSpace open source software is a repository application which provides durable access to digital resources. Two related XML External Entity XXE injection possibilities impact all versions of DSpace prior to 7.6.4, 8.2, and 9.1. External entities are not disabled when parsing XML files during impo...

6.9CVSS7AI score0.00368EPSS
Exploits0References9
redhatcve
redhatcve
added 2025/05/23 1:54 a.m.8 views

CVE-2023-43656

matrix-hookshot is a Matrix bot for connecting to external services like GitHub, GitLab, JIRA, and more. Instances that have enabled transformation functions those that have generic.allowJsTransformationFunctions in their config, may be vulnerable to an attack where it is possible to break out of...

9CVSS6.7AI score0.00283EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 7:57 a.m.8 views

CVE-2018-16987

Squash TM through 1.18.0 presents the cleartext passwords of external services in the administration panel, as demonstrated by a ta-server-password field in the HTML source code...

7.2CVSS6.8AI score0.01297EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/22 6:43 a.m.16 views

CVE-2018-16153

An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6. It sends system digest credentials during authentication attempts to arbitrary external services in some situations...

7.5CVSS7.2AI score0.00829EPSS
Exploits0References1
osv
osv
added 2025/05/16 3:15 p.m.4 views

DEBIAN-CVE-2025-47792

Nextcloud Desktop is the desktop sync client for Nextcloud. In versions of Nextcloud Desktop prior to 3.15, 3rdparty applications already installed on a user machine can create link shares for almost all data via the socket API. These shares can then be easily sent off to an external service...

6.1CVSS5.3AI score0.00152EPSS
Exploits0References1
openvas
openvas
added 2025/05/07 12:0 a.m.2 views

Configure Proper Policies for INPUT of iptables

The INPUT chain is used to filter packets received from external systems. For any service provided for external systems, configure the corresponding INPUT policy and enable the related port so that external clients can access the service through the port. If the policy is not set, all packets tha...

7AI score
Exploits0References2
osv
osv
added 2024/08/13 5:15 p.m.1 views

CVE-2024-37015

An issue was discovered in Ada Web Server 20.0. When configured to use SSL which is not the default setting, the SSL/TLS used to establish connections to external services is done without proper hostname validation. This is exploitable by man-in-the-middle attackers...

7.4CVSS5.8AI score
Exploits0References2
ubuntucve
ubuntucve
added 2024/08/13 5:15 p.m.12 views

CVE-2024-37015

An issue was discovered in Ada Web Server 20.0. When configured to use SSL which is not the default setting, the SSL/TLS used to establish connections to external services is done without proper hostname validation. This is exploitable by man-in-the-middle attackers...

7.4CVSS5.9AI score0.00368EPSS
Exploits0References3
osv
osv
added 2024/08/13 5:15 p.m.4 views

UBUNTU-CVE-2024-37015

An issue was discovered in Ada Web Server 20.0. When configured to use SSL which is not the default setting, the SSL/TLS used to establish connections to external services is done without proper hostname validation. This is exploitable by man-in-the-middle attackers...

7.4CVSS5.8AI score0.00368EPSS
Exploits0References4
cnnvd
cnnvd
added 2024/08/13 12:0 a.m.2 views

Ada Web Server 安全漏洞

Ada Web Server AWS is an AdaCore open source complete framework for developing web-based applications in Ada. A security vulnerability exists in Ada Web Server version 20.0 that stems from the fact that the SSL/TLS used to establish a connection to an external service is not properly hostname...

7.4CVSS6.6AI score0.00368EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2024/08/13 12:0 a.m.3 views

PT-2024-27243 · Unknown · Ada Web Server

Name of the Vulnerable Software and Affected Versions: Ada Web Server version 20.0 Description: An issue was discovered in Ada Web Server when configured to use SSL, which is not the default setting. The SSL/TLS used to establish connections to external services is done without proper hostname...

7.4CVSS6.8AI score0.00368EPSS
Exploits0References11
ptsecurity
ptsecurity
added 2024/03/05 12:0 a.m.7 views

PT-2024-21949 · Unknown · Chatgpt-Wechat-Personal

Name of the Vulnerable Software and Affected Versions: ChatGPT-wechat-personal affected versions not specified Description: A Server-Side Request Forgery SSRF issue in weixin.php of ChatGPT-wechat-personal allows attackers to force the application to make arbitrary requests. This enables attacker...

9.8CVSS7.1AI score0.00661EPSS
Exploits1References6
osv
osv
added 2024/01/12 7:15 a.m.4 views

CVE-2024-22027

Improper input validation vulnerability in WordPress Quiz Maker Plugin prior to 6.5.0.6 allows a remote authenticated attacker to perform a Denial of Service DoS attack against external services...

6.5CVSS5.8AI score0.00726EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2024/01/12 6:41 a.m.23 views

CVE-2024-22027

Improper input validation vulnerability in WordPress Quiz Maker Plugin prior to 6.5.0.6 allows a remote authenticated attacker to perform a Denial of Service DoS attack against external services...

6.8AI score0.00726EPSS
Exploits0References2
cvelist
cvelist
added 2024/01/12 6:41 a.m.44 views

CVE-2024-22027

Improper input validation vulnerability in WordPress Quiz Maker Plugin prior to 6.5.0.6 allows a remote authenticated attacker to perform a Denial of Service DoS attack against external services...

6.4AI score0.00726EPSS
Exploits0References2
Rows per page
Query Builder