Lucene search
K

45 matches found

Snyk
Snyk
added 2025/08/29 10:6 p.m.2 views

Use of Cache Containing Sensitive Information

Overview next is a react framework. Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information in the image optimization process, when responses from API routes vary based on request headers such as Cookie or Authorization. An attacker can gain unauthorized...

6.3CVSS6.7AI score0.00325EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/08/29 10:6 p.m.8 views

Next.js Affected by Cache Key Confusion for Image Optimization API Routes

A vulnerability in Next.js Image Optimization has been fixed in v15.4.5 and v14.2.31. When images returned from API routes vary based on request headers such as Cookie or Authorization, these responses could be incorrectly cached and served to unauthorized users due to a cache key confusion bug...

6.2CVSS6.9AI score0.00325EPSS
Exploits0References6Affected Software1
Veracode
Veracode
added 2025/08/13 12:11 p.m.3 views

Improper Access Control

umbraco.cms.api.delivery is vulnerable to improper access control. The vulnerability is due to output caching not varying by the API key authorization header, which allows an attacker to access cached API responses without a valid key if they were previously requested by an authorized user...

5.3CVSS7AI score0.00329EPSS
Exploits0References7Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 9:23 a.m.7 views

CVE-2024-0789

The WP Maintenance plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 6.1.9.2 due to insufficient IP address validation and use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for unauthenticated attackers to...

5.3CVSS6AI score0.00253EPSS
Exploits0References1
OSV
OSV
added 2024/10/30 10:15 p.m.2 views

UBUNTU-CVE-2024-10006

A vulnerability was identified in Consul and Consul Enterprise “Consul” such that using Headers in L7 traffic intentions could bypass HTTP header based access rules...

8.3CVSS7.1AI score0.00473EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/10/30 12:0 a.m.7 views

HashiCorp Consul 安全漏洞

HashiCorp Consul is a suite of distributed, highly available data center-aware solutions from HashiCorp, USA. The product is used to connect and configure applications across dynamically distributed infrastructures. A security vulnerability exists in HashiCorp Consul that stems from the use of...

8.3CVSS8AI score0.00473EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/10/30 12:0 a.m.2 views

PT-2024-8323 · Hashicorp +4 · Hashicorp Consul +4

Name of the Vulnerable Software and Affected Versions: Consul versions 1.9.0 through 1.20.0 Description: A vulnerability was identified in Consul and Consul Enterprise such that using Headers in L7 traffic intentions could bypass HTTP header based access rules. This could allow a remote attacker ...

9.9CVSS6.4AI score0.97781EPSS
Exploits21References119
OSV
OSV
added 2024/07/24 6:45 p.m.8 views

USN-6913-1 php-cas vulnerability

Filip Hejsek discovered that phpCAS was using HTTP headers to determine the service URL used to validate tickets. A remote attacker could possibly use this issue to gain access to a victim's account on a vulnerable CASified service. This security update introduces an incompatible API change. Afte...

8CVSS6.4AI score0.01064EPSS
Exploits0References2
OSV
OSV
added 2024/05/14 6:30 p.m.4 views

GHSA-G95V-3PJ6-J433 Ant Media Server does not properly authorize non-administrative API calls

Ant Media Server Community Edition in a default configuration is vulnerable to an improper HTTP header based authorization, leading to a possible use of non-administrative API calls reserved only for authorized users. All versions up to 2.9.0 tested and possibly newer ones are believed to be...

6.9CVSS5.8AI score0.00479EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/05/13 12:0 a.m.4 views

PT-2024-26036 · Ant Media Server · Ant Media Server Community Edition

Name of the Vulnerable Software and Affected Versions: Ant Media Server Community Edition versions prior to 2.9.0 Description: The issue is related to an improper HTTP header based authorization, allowing the use of non-administrative API calls reserved for authorized users. Recommendations: For...

5.4CVSS6.9AI score0.00479EPSS
Exploits0References8
NVD
NVD
added 2024/02/14 5:15 p.m.34 views

CVE-2024-23308

When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Handling option is attached to a virtual server, undisclosed requests can cause the BD process to terminate. The condition results from setting the Request Body Handling option in the Header-Based Content Profile for an Allowed U...

7.5CVSS7.5AI score0.00515EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/02/14 4:30 p.m.19 views

CVE-2024-23308 BIG-IP Advanced WAF and ASM vulnerability

When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Handling option is attached to a virtual server, undisclosed requests can cause the BD process to terminate. The condition results from setting the Request Body Handling option in the Header-Based Content Profile for an Allowed U...

7.5CVSS7.1AI score0.00515EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/02/14 12:0 a.m.4 views

PT-2024-19799 · F5 · Big-Ip

Name of the Vulnerable Software and Affected Versions: BIG-IP affected versions not specified Description: When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Handling option is attached to a virtual server, undisclosed requests can cause the BD process to terminate. The condition...

7.5CVSS6.5AI score0.00515EPSS
Exploits0References6
PyPA
PyPA
added 2024/01/30 1:15 a.m.8 views

PYSEC-2024-27

CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. After configuring password authentication and Local In the case of an address, identity authentication can be bypassed by setting the X-Real IP request header to a specific value and accessing the Admin UI...

9.8CVSS7.2AI score0.00731EPSS
Exploits1References2Affected Software1
Kitploit
Kitploit
added 2023/10/15 12:31 a.m.29 views

HBSQLI - Automated Tool For Testing Header Based Blind SQL Injection

HBSQLI is an automated command-line tool for performing Header Based Blind SQL injection attacks on web applications. It automates the process of detecting Header Based Blind SQL injection vulnerabilities, making it easier for security researchers , penetration testers & bug bounty hunters to tes...

8.2AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2023/03/01 12:0 a.m.4 views

The vulnerability of the Apex One antivirus software is caused by deficiencies in the authentication process, which allows a hacker to download arbitrary files into the SampleSubmission directory.

The vulnerability of the anti-virus software Apex One is due to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to download arbitrary files into the SampleSubmission directory by using the Content-Length header in the HTTP PUT request sent to the...

8.5CVSS7.8AI score0.59585EPSS
Exploits0References5
NVD
NVD
added 2022/09/14 9:15 p.m.36 views

CVE-2022-37724

Project Wonder WebObjects 1.0 through 5.4.3 is vulnerable to Arbitrary HTTP Header injection and URL- or Header-based XSS reflection in all web-server adaptor interfaces...

6.1CVSS0.00526EPSS
Exploits1References2
OSV
OSV
added 2022/09/14 9:15 p.m.26 views

CVE-2022-37724

Project Wonder WebObjects 1.0 through 5.4.3 is vulnerable to Arbitrary HTTP Header injection and URL- or Header-based XSS reflection in all web-server adaptor interfaces...

6.1CVSS6.2AI score
Exploits0References2
Prion
Prion
added 2022/09/14 9:15 p.m.21 views

Design/Logic Flaw

Project Wonder WebObjects 1.0 through 5.4.3 is vulnerable to Arbitrary HTTP Header injection and URL- or Header-based XSS reflection in all web-server adaptor interfaces...

5.8CVSS6.1AI score0.00526EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/06/20 11:15 a.m.6 views

CVE-2022-1614

The WP-EMail WordPress plugin before 2.69.0 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based anti-spamming restrictions...

7.5CVSS7.1AI score0.01105EPSS
Exploits2References2
Rows per page
Query Builder