GHSA-GV7G-X59X-WF8F SvelteKit framework has Insufficient CSRF protection for CORS requests

Summary The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a +server.js file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery CSRF protection to its users. The protection is...

CVE-2023-29003

SvelteKit is a web development framework. The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a +server.js file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery CSRF protecti...

GHSA-5P75-VC5G-8RV2 SvelteKit vulnerable to Cross-Site Request Forgery

Summary The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a +server.js file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery CSRF protection to it’s users. The protection i...

CVE-2023-29003 SvelteKit has Insufficient Cross-Site Request Forgery Protection

SvelteKit is a web development framework. The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a +server.js file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery CSRF protecti...

CVE-2023-29003 SvelteKit has Insufficient Cross-Site Request Forgery Protection

SvelteKit is a web development framework. The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a +server.js file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery CSRF protecti...

Router ZTE-H108NS - Authentication Bypass

Exploit Title: Router ZTE-H108NS - Authentication Bypass Date: 19-11-2022 Exploit Author: George Tsimpidas Vendor: https://www.zte.com.cn/global/ Firmware: H108NSV1.0.7uZRDGR2A68 CVE: N/A Tested on: Debian 5.18.5 Description : When specific http methods are listed within a security constraint, th...

SUSE CVE-2011-4085

The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access control only for the GET and POST methods, which allow remote attackers to bypass authentication ...

curl: Fix of CVE-2022-32221

CVE-2022-32221: fix issue when POST following PUT confusion...

CVE-2022-38115

Insecure method vulnerability in which allowed HTTP methods are disclosed. E.g., OPTIONS, DELETE, TRACE, and PUT...

CVE-2022-38115 Insecure Methods Vulnerability

Insecure method vulnerability in which allowed HTTP methods are disclosed. E.g., OPTIONS, DELETE, TRACE, and PUT...

CVE-2022-38115

CVE-2022-38115 concerns SolarWinds Security Event Manager (SEM) and is described as an insecure-method vulnerability where HTTP methods (e.g., OPTIONS, DELETE, TRACE, PUT) are disclosed. Connected sources indicate SEM versions 2022.2 and prior are affected. The CVSSv3.1 base score is 5.3 (Medium)...

CVE-2022-38115 Insecure Methods Vulnerability

Insecure method vulnerability in which allowed HTTP methods are disclosed. E.g., OPTIONS, DELETE, TRACE, and PUT...

ZTE ZXHN-H108NS Authentication Bypass Vulnerability

ZTE ZXHN-H108NS router with firmware version H108NSV1.0.7uZRDGR2A68 suffers from an authentication bypass vulnerability when alternate HTTP methods are leveraged. Exploit Title: Router ZTE-H108NS - Authentication Bypass Exploit Author: George Tsimpidas Vendor: https://www.zte.com.cn/global/...

CVE-2022-39290 CSRF key bypass using HTTP methods in zoneminder

ZoneMinder is a free, open source Closed-circuit television software application. In affected versions authenticated users can bypass CSRF keys by modifying the request supplied to the Zoneminder web application. These modifications include replacing HTTP POST with an HTTP GET and removing the CS...

SUSE SLES15 Security Update : podman (SUSE-SU-2022:2839-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2839-1 advisory. - A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry...

GO-2022-0322 Uncontrolled resource consumption in github.com/prometheus/client_golang

The Prometheus clientgolang HTTP server is vulnerable to a denial of service attack when handling requests with non-standard HTTP methods. In order to be affected, an instrumented software must use any of the promhttp.InstrumentHandler middleware except RequestsInFlight; not filter any specific...

CVE-2022-31022

Bleve is a text indexing library for go. Bleve includes HTTP utilities under bleve/http package, that are used by its sample application. These HTTP methods pave way for exploitation of a node’s filesystem where the bleve index resides, if the user has used bleve’s own HTTP bleve/http handlers fo...

Updated golang-github-prometheus-client packages fix security vulnerability

HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods...

GHSA-2C3P-9J5F-33G3 Apache OpenMeetings responds to insecure HTTP methods

Apache OpenMeetings 1.0.0 responds to the following insecure HTTP methods: PUT, DELETE, HEAD, and PATCH...

Apache OpenMeetings responds to insecure HTTP methods

Apache OpenMeetings 1.0.0 responds to the following insecure HTTP methods: PUT, DELETE, HEAD, and PATCH...