Lucene search
K

7690 matches found

Prion
Prion
added 2022/03/16 1:15 a.m.15 views

Design/Logic Flaw

Gradle Enterprise before 2021.4.3 relies on cleartext data transmission in some situations. It uses Keycloak for identity management services. During the sign-in process, Keycloak sets browser cookies that effectively provide remember-me functionality. For backwards compatibility with older Safar...

4.3CVSS6.3AI score0.00523EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/03/16 12:10 a.m.21 views

CVE-2022-27225

Gradle Enterprise before 2021.4.3 relies on cleartext data transmission in some situations. It uses Keycloak for identity management services. During the sign-in process, Keycloak sets browser cookies that effectively provide remember-me functionality. For backwards compatibility with older Safar...

6.5AI score0.00523EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/15 5:45 p.m.41 views

Security Bulletin: A security vulnerability in Node.js follow-redirects module affects IBM Cloud Automation Manager

Summary A security vulnerability in Node.js follow-redirects module affects IBM Cloud Automation Manager. Vulnerability Details CVEID: CVE-2022-0536 DESCRIPTION: Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information, caused by a leakage of the...

5.9CVSS6.3AI score0.0126EPSS
Exploits0Affected Software1
Huntr
Huntr
added 2022/03/10 6:22 p.m.12 views

SSL certificate verification disabled

Description This report is strange, partially because the existence of this code has been acknowledged without any alarm about its security implications, and also because a pull request that would fix the vulnerability opened as a bug patch has been open for over two years! Having SSL certificate...

1.5AI score
Exploits0References1
OpenVAS
OpenVAS
added 2022/03/08 12:0 a.m.22 views

Python DoS Vulnerability (bpo-44022) - Windows

Python is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...

7.5CVSS7.8AI score0.11586EPSS
Exploits1References2
WPVulnDB
WPVulnDB
added 2022/03/01 12:0 a.m.17 views

WPC Smart Wishlist for WooCommerce < 2.9.4 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the key parameter before outputting it back in the wishlistquickview AJAX action's response available to any authenticated user, leading to a Reflected Cross-Site Scripting PoC The source and destination should use the https:// protocol for the exploit to...

5.4CVSS5.4AI score0.00591EPSS
Exploits2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.9 views

WordPress WP Free SSL – Free SSL Certificate for WordPress and force HTTPS plugin < 1.2.7 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress WP Free SSL – Free SSL Certificate for WordPress and force HTTPS plugin versions 1.2.7. Solution Update the WordPress WP Free SSL – Free SSL Certificate for WordPress and force HTTPS plugin to the late...

1.7AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.13 views

WordPress WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to fix Insecure Content plugin < 5.7.11 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to fix Insecure Content plugin versions 5.7.11. Solution Update the WordPress WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to fix...

0.2AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.12 views

WordPress SSL Zen – Free SSL Certificate & HTTPS Redirect for WordPress plugin <= 4.0.4 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress SSL Zen – Free SSL Certificate & HTTPS Redirect for WordPress plugin versions = 4.0.4. Solution Update the WordPress SSL Zen – Free SSL Certificate & HTTPS Redirect for WordPress plugin to the latest available version at least...

0.6AI score
Exploits0References2Affected Software1
wpexploit
wpexploit
added 2022/02/28 12:0 a.m.711 views

NotificationX < 2.3.12 - Unauthenticated SQLi

The plugin does not validate and escape the id parameter in its notificationx/v1/notification REST endpoint before using it in a SQL statement, which could allow unauthenticated attackers to perform SQL Injection attacks. The apikey is the md5 of the homeurl either with http or https protocol...

2.4AI score
Exploits0References1
OpenVAS
OpenVAS
added 2022/02/23 12:0 a.m.13 views

Cobbler <= 3.3.3 Unsafe Protocol Vulnerability

Cobbler is prone to an unsafe protocol usage vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

5.9CVSS5.7AI score0.00897EPSS
Exploits0References2
Hacker One
Hacker One
added 2022/02/22 9:0 p.m.34 views

Shopify: Bypass of fix #1370749

Hello team, on report 1370749 the reporter found that the preview link is not expiring. So when someone will gain access to the preview link, he can access it for whole life as the preview link remains the same even after changing the storefont password. I have reported the issue 1401525 where i ...

7.3AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2022/02/22 12:0 a.m.30 views

(Pwn2Own) Cisco RV340 Firmware Update Improper Certificate Validation Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. User interaction is required to exploit this vulnerability in that an administrator must perform a firmware update on the device. The specific flaw exists within the...

7.1CVSS3.9AI score0.08634EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/22 12:0 a.m.15 views

Cobbler has an unspecified vulnerability (CNVD-2022-18326)

Cobbler is a network installation server suite that is primarily used to quickly build Linux network installation environments. a security vulnerability exists in Cobbler that stems from routines in some files that use the HTTP protocol instead of the more secure HTTPS. no details of the...

5.9CVSS0.5AI score0.00897EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2022/02/21 12:0 a.m.271 views

FileCloud 21.2 Cross Site Request Forgery

Exploit Title: FileCloud 21.2 - Cross-Site Request Forgery CSRF Date: 2022-02-20 Exploit Author: Masashi Fujiwara Vendor Homepage: https://www.filecloud.com/ Software Link: https://hub.docker.com/r/filecloud/filecloudserver21.2 Version: All versions of FileCloud prior to 21.3 Fiexd: version...

0.4AI score0.03271EPSS
Exploits4
OpenVAS
OpenVAS
added 2022/02/21 12:0 a.m.32 views

Ruby on Rails Information Disclosure Vulnerability (GHSA-rmj8-8hhh-gv5h) - Linux

Ruby on Rails is prone to an information disclosure vulnerability in puma. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is...

8CVSS6.5AI score0.02092EPSS
Exploits0References1
0day.today
0day.today
added 2022/02/21 12:0 a.m.333 views

FileCloud 21.2 - Cross-Site Request Forgery Vulnerability

Exploit Title: FileCloud 21.2 - Cross-Site Request Forgery CSRF Date: 2022-02-20 Exploit Author: Masashi Fujiwara Vendor Homepage: https://www.filecloud.com/ Software Link: https://hub.docker.com/r/filecloud/filecloudserver21.2 Version: All versions of FileCloud prior to 21.3 Fiexd: version...

8.8CVSS0.9AI score0.03271EPSS
Exploits4
OSV
OSV
added 2022/02/20 6:15 p.m.16 views

CVE-2021-45081

An issue was discovered in Cobbler through 3.3.1. Routines in several files use the HTTP protocol instead of the more secure HTTPS...

5.9CVSS7.1AI score
Exploits0References3
NVD
NVD
added 2022/02/20 6:15 p.m.9 views

CVE-2021-45081

An issue was discovered in Cobbler through 3.3.1. Routines in several files use the HTTP protocol instead of the more secure HTTPS...

5.9CVSS0.00897EPSS
Exploits0References3
Prion
Prion
added 2022/02/20 6:15 p.m.14 views

Design/Logic Flaw

An issue was discovered in Cobbler through 3.3.1. Routines in several files use the HTTP protocol instead of the more secure HTTPS...

4.3CVSS5.7AI score0.00897EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder