Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

914 matches found

NVD
NVDadded 2024/11/08 12:15 a.m.17 views

CVE-2024-51987

Duende.AccessTokenManagement.OpenIdConnect is a set of .NET libraries that manage OAuth and OpenId Connect access tokens. HTTP Clients created by AddUserAccessTokenHttpClient may use a different user's access token after a token refresh occurs. This occurs because a refreshed token will be captur...

5.4CVSS0.00221EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2024/11/07 11:36 p.m.13 views

CVE-2024-51987 HTTP Client uses incorrect token after refresh in Duende.AccessTokenManagement.OpenIdConnect

Duende.AccessTokenManagement.OpenIdConnect is a set of .NET libraries that manage OAuth and OpenId Connect access tokens. HTTP Clients created by AddUserAccessTokenHttpClient may use a different user's access token after a token refresh occurs. This occurs because a refreshed token will be captur...

5.4CVSS6.6AI score0.00221EPSS
Exploits0References1
Cvelist
Cvelistadded 2024/11/07 11:36 p.m.38 views

CVE-2024-51987 HTTP Client uses incorrect token after refresh in Duende.AccessTokenManagement.OpenIdConnect

Duende.AccessTokenManagement.OpenIdConnect is a set of .NET libraries that manage OAuth and OpenId Connect access tokens. HTTP Clients created by AddUserAccessTokenHttpClient may use a different user's access token after a token refresh occurs. This occurs because a refreshed token will be captur...

5.4CVSS0.00221EPSS
Exploits0References1
OSV
OSVadded 2024/11/07 9:57 p.m.8 views

GHSA-7MR7-4F54-VCX5 HTTP Client uses incorrect token after refresh

Impact HTTP Clients created by AddUserAccessTokenHttpClient may use a different user's access token after a token refresh. This occurs because a refreshed token will be captured in pooled HttpClient instances, which may be used by a different user. Workarounds Instead of using...

5.4CVSS5.2AI score0.00221EPSS
Exploits0References5
Github Security Blog
Github Security Blogadded 2024/11/07 9:57 p.m.20 views

HTTP Client uses incorrect token after refresh

Impact HTTP Clients created by AddUserAccessTokenHttpClient may use a different user's access token after a token refresh. This occurs because a refreshed token will be captured in pooled HttpClient instances, which may be used by a different user. Workarounds Instead of using...

5.4CVSS6.5AI score0.00221EPSS
Exploits0References5Affected Software1
Snyk
Snykadded 2024/11/06 12:41 p.m.2 views

Insertion of Sensitive Information Into Sent Data

Overview symfony/http-client is a Symfony HttpClient component. Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the request function in NoPrivateNetworkHttpClient, used during host resolution. This can be exploited to enumerate ports or IP...

6.9CVSS6.9AI score0.00481EPSS
Exploits0References2
BDU FSTEC
BDU FSTECadded 2024/10/29 12:0 a.m.5 views

The vulnerability of the Apache HttpClient client module of Apache HttpComponents allows a hacker to replace SSL servers.

The vulnerability of the Apache HttpClient client module of Apache HttpComponents is related to incorrect verification of SSL/TLS certificates. Exploiting this vulnerability allows a malicious actor to replace SSL servers by modifying the content in the distincted name DN field...

6.5CVSS6.5AI score0.09149EPSS
Exploits1References8Affected Software37
BDU FSTEC
BDU FSTECadded 2024/10/29 12:0 a.m.3 views

The vulnerability of the Apache HttpClient library, a component of Apache HttpComponents, allows a hacker to replace SSL servers.

The vulnerability of the Apache HttpClient library in Apache HttpComponents relates to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to replace SSL servers using a specially crafted certificate...

5.3CVSS6.2AI score0.05796EPSS
Exploits0References6Affected Software23
IBM Security Bulletins
IBM Security Bulletinsadded 2024/10/11 6:35 a.m.14 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to Apache HttpClient Vulnerability

Summary IBM Sterling Connect:Direct Web Services uses Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority component in request URIs.. This bulletin identifies the steps to take to address the vulnerabilities...

5.3CVSS7AI score0.08665EPSS
Exploits1Affected Software1
Metasploit
Metasploitadded 2024/09/26 6:53 p.m.317 views

Vicidial SQL Injection Time-based Admin Credentials Enumeration

This module exploits a time-based SQL injection vulnerability in VICIdial, allowing attackers to dump admin credentials usernames and passwords via SQL injection. Module Options msf use auxiliary/scanner/http/vicidialsqlenumuserspass msf auxiliaryvicidialsqlenumuserspass show actions ...actions...

9.8CVSS9.6AI score0.79059EPSS
Exploits10
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/25 7:4 p.m.29 views

Security Bulletin: Vulnerabilities in Logback, Guava and Apache HTTPClient affect IBM watsonx.data

Summary Logback, Guava and Apache HTTPClient have vulnerabilties that can affect watsonx.data. These vulnerabilities include remote attacks to bypass security restrictions and remote authenticated attacker to execute arbitrary code on the system. Vulnerability Details CVEID:CVE-2021-42550...

8.5CVSS8.2AI score0.08665EPSS
Exploits3Affected Software1
OSV
OSVadded 2024/09/13 9:19 a.m.18 views

RHSA-2014:1166 Red Hat Security Advisory: jakarta-commons-httpclient security update

Bulletin has no description...

4.8CVSS6.1AI score0.09149EPSS
Exploits1References8
OSV
OSVadded 2024/09/13 8:2 a.m.9 views

RHSA-2013:0682 Red Hat Security Advisory: jakarta-commons-httpclient security update

Bulletin has no description...

3.7CVSS6.9AI score0.09254EPSS
Exploits0References7
OSV
OSVadded 2024/09/13 8:1 a.m.15 views

RHSA-2013:0680 Red Hat Security Advisory: jakarta-commons-httpclient security update

Bulletin has no description...

3.7CVSS6.9AI score0.09254EPSS
Exploits0References7
OSV
OSVadded 2024/09/13 8:0 a.m.19 views

RHSA-2013:0270 Red Hat Security Advisory: jakarta-commons-httpclient security update

Bulletin has no description...

3.7CVSS6.9AI score0.09254EPSS
Exploits0References7
Packet Storm
Packet Stormadded 2024/09/01 12:0 a.m.151 views

HTTP Blind XPATH 1.0 Injector

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HTTP Blind XPATH 1.0 Injector', 'Description' = %q This module exploits blind XPATH 1.0 injections over HTTP GET requests. , 'Author' = 'et at...

7.4AI score
Exploits0
Packet Storm
Packet Stormadded 2024/09/01 12:0 a.m.220 views

Jira Users Enumeration

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Jira Users Enumeration', 'Description' = %q This module exploits an information disclosure vulnerability that allows an unauthenticated user to...

5.3CVSS7AI score0.99603EPSS
Exploits8
Packet Storm
Packet Stormadded 2024/09/01 12:0 a.m.182 views

Cisco Ironport Bruteforce Login Utility

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco Ironport Bruteforce Login Utility', 'Description' = % This module scans for Cisco Ironport SMA, WSA and ESA web login portals, finds AsyncO...

7.4AI score
Exploits0
Packet Storm
Packet Stormadded 2024/09/01 12:0 a.m.219 views

Dolibarr 16 Pre-auth Contact Database Dump

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Dolibarr 16 pre-auth contact database dump', 'Description' = %q Dolibarr version 16 'Vladimir TOUTAIN', 'Nolan LOSSIGNOL-DRILLIEN' , 'License' =...

7.4AI score
Exploits0
Packet Storm
Packet Stormadded 2024/09/01 12:0 a.m.213 views

Cisco Network Access Manager Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco Network Access Manager Directory Traversal Vulnerability', 'Description' = %q This module tests whether a directory traversal vulnerability...

7.8CVSS7AI score0.21593EPSS
Exploits2
Rows per page
Query Builder