29 matches found
EUVD-2017-16870
Malware in sbrugna...
EUVD-2011-1837
Malware in sbrugna...
EUVD-2024-39181
Malicious code in bioql PyPI...
EUVD-2025-14310
Malicious code in bioql PyPI...
EUVD-2024-46849
Malicious code in bioql PyPI...
EUVD-2023-3258
Malicious code in bioql PyPI...
CVE-2023-48122
An issue in microweber v.2.0.1 and fixed in v.2.0.4 allows a remote attacker to obtain sensitive information via the HTTP GET method...
CVE-2024-56523
Radware Cloud Web Application Firewall WAF before 2025-05-07 allows remote attackers to bypass firewall filters by placing random data in the HTTP request body when using the HTTP GET method...
CVE-2024-56523
Radware Cloud Web Application Firewall WAF before 2025-05-07 allows remote attackers to bypass firewall filters by placing random data in the HTTP request body when using the HTTP GET method...
CVE-2024-56523
Summary: CVE-2024-56523 affects Radware Cloud Web Application Firewall (WAF). The vulnerability allows remote attackers to bypass firewall filters by placing random data in the HTTP request body when using the HTTP GET method, potentially enabling malicious inputs to reach the underlying web appl...
CVE-2024-56523
Radware Cloud Web Application Firewall WAF before 2025-05-07 allows remote attackers to bypass firewall filters by placing random data in the HTTP request body when using the HTTP GET method...
CVE-2024-55923 Cross-Site Request Forgery in Indexed Search Module in TYPO3
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...
PT-2025-3149 · Typo3 · Typo3
Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 11.5.42 ELTS TYPO3 versions prior to 12.4.25 LTS TYPO3 versions prior to 13.4.3 LTS Description: A vulnerability has been identified in the backend user interface functionality involving deep links, which is susceptibl...
CVE-2024-45760
Dell OpenManage Server Administrator (Dell OMSA) — affected: version 11.0.1.0 and prior. Vulnerability: improper access control allowing a remote, low-privilege user to perform unauthorized actions with elevated privileges via HTTP GET. Impact per sources: potential elevation of privilege; no exp...
CVE-2024-45791 Apache HertzBeat: Exposure sensitive token via http GET method with query string
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat: before 1.6.1. Users are recommended to upgrade to version 1.6.1, which fixes the issue...
CVE-2024-45791 Apache HertzBeat: Exposure sensitive token via http GET method with query string
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat: before 1.6.1. Users are recommended to upgrade to version 1.6.1, which fixes the issue...
Microweber allows a remote attacker to obtain sensitive information via the HTTP GET method
An issue present in microweber v.2.0.1 and fixed in v.2.0.4 allows a remote attacker to obtain sensitive information via the HTTP GET method...
CVE-2023-48122
An issue in microweber v.2.0.1 and fixed in v.2.0.4 allows a remote attacker to obtain sensitive information via the HTTP GET method...
CVE-2023-48122
The CVE-2023-48122 issue affects microweber v2.0.1 and is fixed in v2.0.4. It enables a remote attacker to obtain sensitive information via HTTP GET, indicating a remote information disclosure vulnerability with a CVSSv3.1 base score of 7.5 (High). Mitigation: upgrade to microweber v2.0.4 or late...
Cross-Site Request Forgery (CSRF)
apache-superset is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability exists due to the use of the HTTP GET method for the legacy REST API endpoints in the requestaccess and approve functions of core.py, allowing an attacker to redirect to the malicious URL through the GET request...