Lucene search
+L

72 matches found

jvn
jvn
added 2024/01/12 4:51 a.m.2 views

Improper input validation vulnerability in WordPress Plugin "WordPress Quiz Maker Plugin"

Overview WordPress Plugin "WordPress Quiz Maker Plugin" provided by AYS Pro Plugins contains an improper input validation vulnerability CWE-20. Shogo Kumamaru of LAC CyberLink Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

6.5CVSS6.6AI score0.00726EPSS
Exploits0References5
osv
osv
added 2023/12/12 5:15 p.m.14 views

CVE-2018-16153

An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6. It sends system digest credentials during authentication attempts to arbitrary external services in some situations...

7.5CVSS7.2AI score
Exploits0References4
nvd
nvd
added 2023/12/12 5:15 p.m.28 views

CVE-2018-16153

An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6. It sends system digest credentials during authentication attempts to arbitrary external services in some situations...

7.5CVSS0.00829EPSS
Exploits0References4
cvelist
cvelist
added 2023/12/12 12:0 a.m.31 views

CVE-2018-16153

An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6. It sends system digest credentials during authentication attempts to arbitrary external services in some situations...

7.7AI score0.00829EPSS
Exploits0References4
attackerkb
attackerkb
added 2023/12/10 7:15 p.m.3 views

CVE-2023-50454

An issue was discovered in Zammad before 6.2.0. In several subsystems, SSL/TLS was used to establish connections to external services without proper validation of hostname and certificate authority. This is exploitable by man-in-the-middle attackers...

5.9CVSS6.3AI score0.00279EPSS
Exploits0References2
cnnvd
cnnvd
added 2023/12/10 12:0 a.m.6 views

Zammad 安全漏洞

Zammad is a suite of ticket management software from the German company Zammad. A trust management issue vulnerability exists in Zammad that stems from the fact that SSL/TLS is used in multiple subsystems to establish connections to external services without properly validating the hostname and...

5.9CVSS6.7AI score0.00279EPSS
Exploits0References2
cvelist
cvelist
added 2023/12/10 12:0 a.m.19 views

CVE-2023-50454

An issue was discovered in Zammad before 6.2.0. In several subsystems, SSL/TLS was used to establish connections to external services without proper validation of hostname and certificate authority. This is exploitable by man-in-the-middle attackers...

5.8AI score0.00279EPSS
Exploits0References1
nvd
nvd
added 2023/09/27 9:15 p.m.36 views

CVE-2023-43656

matrix-hookshot is a Matrix bot for connecting to external services like GitHub, GitLab, JIRA, and more. Instances that have enabled transformation functions those that have generic.allowJsTransformationFunctions in their config, may be vulnerable to an attack where it is possible to break out of...

9CVSS6.4AI score0.00283EPSS
Exploits0References2
cnnvd
cnnvd
added 2023/03/22 12:0 a.m.8 views

OpenNMS Horizon 代码问题漏洞

OpenNMS Horizon is an open source solution from OpenNMS, Inc. that helps you visualize and monitor everything on your local and remote networks. A security vulnerability exists in OpenNMS Horizon version 31.0.8 through versions prior to 32.0.2. An attacker exploited the vulnerability to force...

6.1CVSS6.5AI score0.00489EPSS
Exploits0References3
cnnvd
cnnvd
added 2023/03/13 12:0 a.m.4 views

Wolt 信任管理问题漏洞

Wolt is a food and merchandise delivery platform by Finnish company Wolt. A security vulnerability exists in Wolt : Food Delivery/Demae Android App version 4.27.2 and earlier, which stems from the use of hard-coded API keys to provide external services, and can be exploited by an attacker to...

7.8CVSS5.9AI score0.00161EPSS
Exploits0References4
prion
prion
added 2023/01/26 9:18 p.m.17 views

Server side request forgery (ssrf)

A Server Side Request Forgery SSRF vulnerability exists in Tenable.sc due to improper validation of session & user-accessible input data. A privileged, authenticated remote attacker could interact with external and internal services covertly...

4CVSS6.4AI score0.00892EPSS
Exploits0References1Affected Software1
cnnvd
cnnvd
added 2023/01/26 12:0 a.m.4 views

Tenable.sc 代码问题漏洞

Tenable Network Security Tenable.Sc is a vulnerability analysis solution from Tenable Network Security, USA. The product supports real-time vulnerability assessment and management, among other things. A security vulnerability exists in versions of Tenable.sc prior to 6.0.0 that stems from imprope...

6.5CVSS6.5AI score0.00892EPSS
Exploits0References2
cvelist
cvelist
added 2023/01/25 12:0 a.m.29 views

CVE-2023-24495

A Server Side Request Forgery SSRF vulnerability exists in Tenable.sc due to improper validation of session & user-accessible input data. A privileged, authenticated remote attacker could interact with external and internal services covertly...

6.7AI score0.00892EPSS
Exploits0References1
talos
talos
added 2022/12/21 12:0 a.m.44 views

Ghost unauthorized newsletter modification vulnerability

Talos Vulnerability Report TALOS-2022-1624 Ghost unauthorized newsletter modification vulnerability December 21, 2022 CVE Number CVE-2022-41654 SUMMARY An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted...

9.6CVSS5AI score0.18914EPSS
Exploits1
fedora
fedora
added 2022/07/17 1:15 a.m.31 views

[SECURITY] Fedora 35 Update: golang-github-google-martian-3.1.0-9.fc35

Martian Proxy is a programmable HTTP proxy designed to be used for testing. Martian is a great tool to use if you want to: - Verify that all or some subset of requests are secure - Mock external services at the network layer - Inject headers, modify cookies or perform other mutations of HTTP...

9.3CVSS8AI score0.0995EPSS
Exploits4
hivepro
hivepro
added 2022/06/14 1:48 p.m.18 views

Drupal addresses a Guzzle third-party vulnerability

Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary The Drupal core project addresses security flaws in a third-party Guzzle library to handle HTTP requests and responses to external services. These may not directly affect Drupal core; however, it can hav...

7.7AI score
Exploits0
debiancve
debiancve
added 2022/03/28 6:53 p.m.43 views

CVE-2022-0123

Removed by vendor...

6.8CVSS6.7AI score0.00421EPSS
Exploits0
osv
osv
added 2021/12/14 9:43 p.m.50 views

GHSA-HCXX-MP6G-6GR9 Opencast publishes global system account credentials

The issue was mostly mitigated before, drastically reducing the risk. See references below for more information. Impact Opencast before version 10.6 will try to authenticate against any external services listed in a media package when it is trying to access the files, sending the global system...

7.5CVSS5.9AI score0.00829EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2021/12/14 12:0 a.m.11 views

PT-2021-8817 · Apereo · Apereo Opencast

Name of the Vulnerable Software and Affected Versions: Apereo Opencast versions 4.x through 10.x before 10.6 Description: An issue was discovered in Apereo Opencast where it sends system digest credentials during authentication attempts to arbitrary external services in some situations. This occu...

7.5CVSS7.6AI score0.00829EPSS
Exploits0References11
cvelist
cvelist
added 2021/07/15 4:5 p.m.31 views

CVE-2021-32743 Passwords used to access external services inadvertently exposed through API

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4, some of the Icinga 2 features that require credentials for extern...

8.8CVSS8.8AI score0.01803EPSS
Exploits1References3
Rows per page
Query Builder