221 matches found
EUVD-2022-40717
Malicious code in bioql PyPI...
EUVD-2022-1957
Malicious code in bioql PyPI...
EUVD-2023-2660
Malicious code in bioql PyPI...
EUVD-2023-2802
Malicious code in bioql PyPI...
webvulnscanner
Web Vulnerability Scanner A Python-based tool designed for ethic...
Exploit for CVE-2025-1302
CVE-2025-1302 JSONPath-Plus RCE PoC PoC Script Name: po...
CVE-2024-23756
The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 5221, allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them...
CVE-2023-50327
IBM PowerSC 1.3, 2.0, and 2.1 uses insecure HTTP methods which could allow a remote attacker to perform unauthorized file request modification. IBM X-Force ID: 275109...
Security Bulletin: Multiple vulnerabilities affect PowerSC and PowerSC MFA
Summary There are multiple vulnerabilities in PowerSC and PowerSC MFA. Vulnerability Details CVEID:CVE-2023-50939 DESCRIPTION: IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID:...
Linux Distros Unpatched Vulnerability : CVE-2022-21698
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and...
Linux Distros Unpatched Vulnerability : CVE-2022-31022
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bleve is a text indexing library for go. Bleve includes HTTP utilities under bleve/http package, that are used by its sample application. These HTTP methods pav...
Use of Uninitialized Resource
Overview passenger is a web server and application server for Ruby, Python and Node.js, optimized for performance, low memory usage and ease of use. Affected versions of this package are vulnerable to Use of Uninitialized Resource due to improper handling of HTTP requests with invalid methods. Th...
Allowed HTTP Methods Enumeration
Enumerates which HTTP methods are allowed. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...
CVE-2024-35209
A vulnerability has been identified in SINEC Traffic Analyzer 6GK8822-1BG01-0BA0 All versions V1.2. The affected web server is allowing HTTP methods like PUT and Delete. This could allow an attacker to modify unauthorized files...
Cross-Site Request Forgery (CSRF)
typo3/cms-dashboard is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper validation of HTTP methods in state-changing actions and misconfigurations in the backend settings, such as disabled security.backend.enforceReferrer or lax/none BE/cookieSameSite settings,...
Cross-Site Request Forgery (CSRF)
typo3/cms-extensionmanager is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper handling of HTTP methods for state-changing actions and the backend user interface being susceptible to malicious URLs under specific misconfigurations, allows an attacker to retrieve...
Cross-Site Request Forgery (CSRF)
typo3/cms-indexed-search is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper validation of HTTP methods for state-changing actions and misconfigured security settings, allows attackers to exploit the "Indexed Search Module" to delete items by deceiving logged-in...
CVE-2024-55894 TYPO3 Cross-Site Request Forgery in Backend User Module
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...
CVE-2024-55924 Cross-Site Request Forgery in Scheduler Module in TYPO3
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...
CVE-2024-40084
A Buffer Overflow in the Boa webserver of Vilo 5 Mesh WiFi System = 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via exceptionally long HTTP methods or paths...