Lucene search
K

16599 matches found

Github Security Blog
Github Security Blog
added 2024/11/18 8:1 p.m.289 views

XXE in PHPSpreadsheet's XLSX reader

Summary The XmlScanner class has a scan method which should prevent XXE attacks. However, we found another bypass than the previously reported CVE-2024-47873, the regexes from the findCharSet method, which is used for determining the current encoding can be bypassed by using a payload in the...

7.5CVSS7.5AI score0.00718EPSS
Exploits1References5Affected Software2
NVD
NVD
added 2024/11/18 6:15 p.m.33 views

CVE-2023-49952

Mastodon 4.1.x before 4.1.17 and 4.2.x before 4.2.9 allows a bypass of rate limiting via a crafted HTTP request header...

7.5CVSS0.00458EPSS
Exploits0References2
NVD
NVD
added 2024/11/18 4:15 p.m.11 views

CVE-2021-1465

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a directory traversal attack and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP...

4.3CVSS0.01132EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/18 3:36 p.m.13 views

CVE-2021-1425 Cisco Cisco Email Security Appliance and Content Security Management Appliance Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Content Security Management Appliance SMA could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists because confidential information is bei...

4.3CVSS0.00523EPSS
Exploits0References1
NVD
NVD
added 2024/11/18 6:15 a.m.15 views

CVE-2024-52944

An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24698. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting while viewing archived content. This could reflect back to an authenticated user witho...

5.4CVSS0.00343EPSS
Exploits0References1
NVD
NVD
added 2024/11/18 6:15 a.m.8 views

CVE-2024-52941

An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24695. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting XSS while viewing archived content. This could reflect back to an authenticated user...

5.4CVSS0.00335EPSS
Exploits0References1
NVD
NVD
added 2024/11/18 6:15 a.m.13 views

CVE-2024-52943

An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24697. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting XSS while viewing archived content. This could reflect back to an authenticated user...

5.4CVSS0.01076EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/18 12:0 a.m.14 views

CVE-2024-52944

An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24698. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting while viewing archived content. This could reflect back to an authenticated user witho...

5.4CVSS0.00343EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/18 12:0 a.m.10 views

CVE-2024-52944

An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24698. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting while viewing archived content. This could reflect back to an authenticated user witho...

5.4CVSS6.2AI score0.00343EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/18 12:0 a.m.15 views

CVE-2024-52942

An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24696. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting XSS while viewing archived content. This could reflect back to an authenticated user...

5.4CVSS0.00343EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/18 12:0 a.m.13 views

CVE-2024-52943

An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24697. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting XSS while viewing archived content. This could reflect back to an authenticated user...

5.4CVSS0.01076EPSS
Exploits0References1
Oracle linux
Oracle linux
added 2024/11/18 12:0 a.m.281 views

libsoup security update

2.72.0-8.el95.2 - Backport upstream patch for CVE-2024-52532 - infinite loop while reading websocket data - Resolves: RHEL-67068 2.72.0-8.el95.1 - Backport upstream patch for CVE-2024-52530 - HTTP request smuggling via stripping null bytes from the ends of header names - Resolves: RHEL-67080...

7.5CVSS7AI score0.00933EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2024/11/18 12:0 a.m.7 views

PT-2024-8690

Name of the Vulnerable Software and Affected Versions aiohttp versions prior to 3.10.11 Description aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A flaw exists in the Python parser's handling of newlines within chunk extensions, potentially leading to request...

7.5CVSS7.1AI score0.00576EPSS
Exploits0References211
CVE
CVE
added 2024/11/18 12:0 a.m.44 views

CVE-2024-52941

CVE-2024-52941 affects Veritas Enterprise Vault prior to 15.1 UPD882911. An authenticated remote attacker can inject a parameter into an HTTP request, enabling Cross-Site Scripting (XSS) when viewing archived content. The root cause is a lack of input sanitization in the affected flow (notably me...

5.4CVSS5.9AI score0.00335EPSS
Exploits0References1
CVE
CVE
added 2024/11/18 12:0 a.m.67 views

CVE-2024-52943

The connected sources provide concrete details for CVE-2024-52943: Veritas Enterprise Vault (pre-15.1 UPD882911) has an issue in the HTMLView endpoint where an authenticated remote attacker can inject a parameter into an HTTP request, causing Cross-Site Scripting (XSS) when viewing archived conte...

5.4CVSS5.9AI score0.01076EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/11/18 12:0 a.m.6 views

PT-2024-13840 · Mastodon · Mastodon

Name of the Vulnerable Software and Affected Versions: Mastodon versions 4.1.x through 4.1.16 Mastodon versions 4.2.x through 4.2.8 Description: The issue allows a bypass of rate limiting via a crafted HTTP request header. This means that an attacker can send a specially designed HTTP request...

7.5CVSS6.2AI score0.00458EPSS
Exploits0References10
Cvelist
Cvelist
added 2024/11/18 12:0 a.m.38 views

CVE-2023-49952

Mastodon 4.1.x before 4.1.17 and 4.2.x before 4.2.9 allows a bypass of rate limiting via a crafted HTTP request header...

0.00458EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/18 12:0 a.m.8 views

CVE-2024-52943

An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24697. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting XSS while viewing archived content. This could reflect back to an authenticated user...

5.4CVSS5.8AI score0.01076EPSS
Exploits0References1
NVD
NVD
added 2024/11/15 4:15 p.m.13 views

CVE-2022-20634

A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. This vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected system. An...

6.1CVSS0.00572EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/15 4:2 p.m.24 views

CVE-2022-20634 Cisco Enterprise Chat and Email Open Redirect Vulnerability

A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. This vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected system. An...

4.7CVSS0.00572EPSS
Exploits0References1
Rows per page
Query Builder