Lucene search
K

185 matches found

Wallarm Lab
Wallarm Lab
added 2024/01/19 10:24 a.m.107 views

tRPC vs GraphQL

Deciphering the Cloud Conundrum: An Introduction to tRPC & GraphQL The dynamic domain of cloud technology presents a couple of instrumental methodologies in the arena of APIs: tRPC and GraphQL. Each serves as a potent asset for developers in crafting applications that are resilient, scalable, and...

7.1AI score
Exploits0
OSV
OSV
added 2023/12/06 5:15 p.m.28 views

CVE-2023-45285

Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module...

7.5CVSS7.4AI score
Exploits0References5
OSV
OSV
added 2023/12/06 4:22 p.m.33 views

GO-2023-2383 Command 'go get' may unexpectedly fallback to insecure git in cmd/go

Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module...

7.5CVSS7.7AI score0.01137EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2023/12/06 12:0 a.m.42 views

CVE-2023-45285

Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module...

7.5CVSS6.8AI score0.01137EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/12/05 12:0 a.m.9 views

PT-2023-8188 · Go +9 · Go +9

Name of the Vulnerable Software and Affected Versions: Go versions prior to 1.21.5 Go versions prior to 1.20.12 Description: The issue is related to the use of the "go get" command to fetch modules with the ".git" suffix. If the module is unavailable via secure protocols, it may fallback to the...

9.8CVSS6.8AI score0.99999EPSS
Exploits21References165
Vulnrichment
Vulnrichment
added 2023/10/19 2:28 p.m.16 views

CVE-2023-5654

The React Developer Tools extension registers a message listener with window.addEventListener'message', in a content script that is accessible to any webpage that is active in the browser. Within the listener is code that requests a URL derived from the received message via fetch. The URL is not...

6.5CVSS6.9AI score0.00467EPSS
Exploits0References1
Wallarm Lab
Wallarm Lab
added 2023/09/09 1:15 p.m.26 views

2023 OWASP Top-10 Series: API7:2023 Server Side Request Forgery

Welcome to the 8th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API7:2023 Server Side Request Forgery SSRF. In this series we are taking an in-depth look at each category – the details, the...

7.2AI score
Exploits0
Vulnrichment
Vulnrichment
added 2023/08/03 12:0 a.m.20 views

CVE-2023-33365

A path traversal vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows unauthenticated attackers to fetch arbitrary files from the server's web server...

7.1AI score0.00721EPSS
Exploits0References2
Fedora
Fedora
added 2023/07/09 12:38 a.m.25 views

[SECURITY] Fedora 37 Update: perl-CPAN-2.36-1.fc37

The CPAN module automates or at least simplifies the make and install of perl modules and extensions. It includes some primitive searching capabilities and knows how to use LWP, HTTP::Tiny, Net::FTP and certain external download clients to fetch distributions from the net...

8.1CVSS7AI score0.01561EPSS
Exploits1
NVD
NVD
added 2023/03/06 9:15 p.m.20 views

CVE-2021-36393

In Moodle, an SQL injection risk was identified in the library fetching a user's recent courses...

9.8CVSS9.8AI score0.52299EPSS
Exploits6References1
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.7 views

JSA10470 - Pre-authentication CGI script fails to fully validate all parameters

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. CGI scripts accessible during pre-authentication may fail to verify the validity of values supplied as parameters. This could lead to the arbitrary fetching of ".exe" files from the...

7.1AI score
Exploits0
OSV
OSV
added 2023/01/31 3:44 p.m.13 views

GSD-2023-1001731 netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits

netfilter: nftpayload: incorrect arithmetics when fetching VLAN header bits This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.1.7 by commit...

7.2AI score
Exploits0
Kitploit
Kitploit
added 2022/10/06 11:30 a.m.69 views

Arsenal - Recon Tool installer

Arsenal is a Simple shell script Bash used to install the most important tools and requirements for your environment and save time in installing all these tools. Tools in Arsenal Name | description ---|--- Amass | The OWASP Amass Project performs network mapping of attack surfaces and external...

6.6AI score
Exploits0References2
Cvelist
Cvelist
added 2022/09/27 3:27 p.m.23 views

CVE-2022-40816

Zammad 5.2.1 is vulnerable to Incorrect Access Control. Zammad's asset handling mechanism has logic to ensure that customer users are not able to see personal information of other users. This logic was not effective when used through a web socket connection, so that a logged-in attacker would be...

6.2AI score0.00652EPSS
Exploits0References1
Huntr
Huntr
added 2022/07/28 4:38 p.m.21 views

Full Read Server-Side Request Forgery (SSRF)

Description In the recipe edit page, is possible to upload an image directly or via an URL provided by the user. The function that handles the fetching and saving of the image via the URL doesn't have any URL verification, which allows to fetch internal services. \ \ Furthermore, after the resour...

7AI score
Exploits0
Fedora
Fedora
added 2022/07/17 1:16 a.m.19 views

[SECURITY] Fedora 35 Update: meg-0.2.4-6.fc35

Fetch many paths for many hosts without killing the hosts...

9.3CVSS1.2AI score0.05994EPSS
Exploits4
OSV
OSV
added 2022/07/09 12:0 a.m.18 views

CVE-2022-2353 Cross-Site Request Forgery (CSRF) in microweber/microweber

Prior to microweber/microweber v1.2.20, due to improper neutralization of input, an attacker can steal tokens to perform cross-site request forgery, fetch contents from same-site and redirect a user...

6.3CVSS6.3AI score0.00451EPSS
Exploits1References4
Snyk
Snyk
added 2022/06/23 9:26 a.m.4 views

Malicious Package

Overview example-data-fetching is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

9.8CVSS7AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/24 5:21 p.m.8 views

Mattermost Server is vulnerable to SQL Injection when executing multiple POST requests

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows SQL injection during the fetching of multiple posts...

9.8CVSS8.2AI score0.01103EPSS
Exploits0References3Affected Software1
Huntr
Huntr
added 2022/05/14 12:37 p.m.44 views

Local file inclusion

Description https://app.diagrams.net/embed2.js?&fetch= is used to fetch data and i tried to perform ssrf by extracting google cloud metadata but was unable to do but i am still able to fetch server files like /etc/passwd. Proof of Concept 1. Visit https://app.diagrams.net/embed2.js?&fetch= 2. Ent...

5CVSS7.4AI score0.0164EPSS
Exploits1
Rows per page
Query Builder