Lucene search
K

4 matches found

Cvelist
Cvelist
added 2025/12/01 9:53 p.m.9 views

CVE-2025-66307 Grav Admin Plugin vulnerable to User Enumeration & Email Disclosure

This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a user enumeration and email disclosure vulnerability exists in Grav. The "Forgot Password" functionality at /admin/forgot leaks...

6.5CVSS0.00277EPSS
Exploits1References2
CVE
CVE
added 2025/12/01 9:53 p.m.22 views

CVE-2025-66307

CVE-2025-66307 Grav Admin Plugin describes a user enumeration and email disclosure flaw in Grav’s Admin plugin prior to version 1.11.0-beta.1. The vulnerability is triggered via the Forgot Password workflow at /admin/forgot, which leaks a valid user’s email address by returning distinct responses...

6.5CVSS5.8AI score0.00277EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 2:48 a.m.4 views

CVE-2023-30846

typed-rest-client is a library for Node Rest and Http Clients with typings for use with TypeScript. Users of the typed-rest-client library version 1.7.3 or lower are vulnerable to leak authentication data to 3rd parties. The flow of the vulnerability is as follows: First, send any request with...

9.1CVSS7.1AI score0.02224EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/13 12:0 a.m.11 views

PT-2024-35374 · Jenkins · Jenkins Authorize Project Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Authorize Project Plugin versions 1.7.2 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs when a string containing the job name is evaluated with JavaScript on the Authorizatio...

8CVSS5.5AI score0.00668EPSS
Exploits0References7
Rows per page
Query Builder