Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Snyk
Snykadded 2025/01/10 9:31 p.m.1 views

Cross-site Scripting (XSS)

Overview microweber/microweber is a new generation CMS with drag and drop. Affected versions of this package are vulnerable to Cross-site Scripting XSS by an admin user who uploads a malicious backup file using the restore functionality at the /admin/module/view?type=adminbackup endpoint. The...

6.1CVSS5.3AI score0.01761EPSS
Exploits4References2
Snyk
Snykadded 2024/11/12 9:46 p.m.2 views

Cross-site Scripting (XSS)

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the file /users/user-id/files. An attacker can escalate privileges by injecting malicious scripts. Details Cross-site scripting or XSS is a code...

8.7CVSS5.5AI score0.00307EPSS
Exploits0References2
Github Security Blog
Github Security Blogadded 2024/03/12 8:47 p.m.40 views

Session Token in URL in directus

Impact When reaching the /files page, a JWT is passed via GET request. Inclusion of session tokens in URLs poses a security risk as URLs are often logged in various places e.g., web server logs, browser history. Attackers gaining access to these logs may hijack active user sessions, leading to...

2.3CVSS6.7AI score0.0009EPSS
Exploits0References3Affected Software1
CNNVD
CNNVDadded 2024/03/12 12:0 a.m.1 views

Directus Security Vulnerabilities

Directus is a real-time Api and application dashboard. It is used to manage Sql database content. A security vulnerability exists in Directus version 10.10.0 and earlier, which originates in the /files page that allows an attacker to pass a JWT via a GET request...

2.3CVSS6.7AI score0.0009EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2024/03/12 12:0 a.m.2 views

PT-2024-22353 · Directus · Directus

Name of the Vulnerable Software and Affected Versions: Directus versions prior to 10.10.0 Description: The issue concerns the inclusion of session tokens in URLs, specifically when reaching the "/files" page, where a JWT is passed via GET request. This poses a security risk as URLs are often logg...

2.3CVSS6.8AI score0.0009EPSS
Exploits0References7
Positive Technologies
Positive Technologiesadded 2022/04/18 12:0 a.m.2 views

PT-2022-18872 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.35.6 MediaWiki versions 1.36.x prior to 1.36.4 MediaWiki versions 1.37.x prior to 1.37.2 Description: A denial-of-service issue was discovered in MediaWiki. When many files exist, requesting Special:NewFiles with...

9.8CVSS6AI score0.01842EPSS
Exploits6References55
Rows per page
Query Builder