Lucene search
K

11 matches found

EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42636

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, backend/openwebui/routers/terminals.py built the wsterminal upstream URL from an unencoded sessionid and appended userid as a query parameter, allowing query injection to make the terminal backe...

8CVSS6AI score0.00286EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 7:13 p.m.13 views

Malicious code in bolt-delivery-menu-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cc39247db76b4edd80084e400324518739f141dafda621d368c3e5a9ac41f791 Package executes a DNS-based beacon at both install time package.json scripts.install runs node index.js and on every require of the module...

5.8AI score
Exploits0References1
EUVD
EUVD
added 2026/04/28 1:42 p.m.9 views

EUVD-2026-26054

When an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker thread and can be inherited by a subsequent unauthenticated request on the same thread. This may allow the subsequent user to gain escalated permissions. Affected versions:...

4.2CVSS5.2AI score0.00171EPSS
Exploits0References1
Hacker One
Hacker One
added 2026/04/17 6:59 p.m.77 views

curl: libcurl omits IPv6 zoneid from host identity and leaks credentials/cookies across scoped link-local realms

Summary: libcurl omits the IPv6 zoneid component from multiple security-sensitive host identity decisions even though the connection layer still routes by zoneid. As a result, two distinct scoped/link-local destinations such as fe80::X%zoneA and fe80::X%zoneB are treated as the same host by...

7.5CVSS6.7AI score0.02794EPSS
Exploits1
Hacker One
Hacker One
added 2026/03/29 7:2 p.m.19 views

curl: HackerOne Vulnerability Report: libcurl SSL/TLS Identity Leakage via Insecure Connection Reuse

Summary libcurl contains a critical logic flaw in its connection reuse mechanism where transfers using the CURLOPTSSLCTXFUNCTION SSL context callback to establish a specific identity e.g., via client certificates can have their connections incorrectly reused by subsequent, unauthenticated transfe...

5.9AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 6:21 a.m.7 views

SUSE CVE-2002-1623

The design of the Internet Key Exchange IKE protocol, when using Aggressive Mode for shared secret authentication, does not encrypt initiator or responder identities during negotiation, which may allow remote attackers to determine valid usernames by 1 monitoring responses before the password is...

5CVSS7.1AI score0.48573EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/07/12 12:0 a.m.3 views

SAMSUNG Mobile devices telephony-common.jar 日志信息泄露漏洞

Samsung telephony-common.jar is a Telephony service for Samsung mobile devices that provides support for the Telephony Application Programming Interface TAPI. A local attacker with log access could exploit the vulnerability to obtain IMSI through device logs...

3.3CVSS5.5AI score0.00099EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2020/04/28 8:19 a.m.4 views

Researchers Uncover Novel Way to De-anonymize Device IDs to Users' Biometrics

Researchers have uncovered a potential means to profile and track online users using a novel approach that combines device identifiers with their biometric information. The details come from a newly published research titled "Nowhere to Hide: Cross-modal Identity Leakage between Biometrics and...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2020/04/28 8:19 a.m.60 views

Researchers Uncover Novel Way to De-anonymize Device IDs to Users' Biometrics

Researchers have uncovered a potential means to profile and track online users using a novel approach that combines device identifiers with their biometric information. The details come from a newly published research titled "Nowhere to Hide: Cross-modal Identity Leakage between Biometrics and...

0.8AI score
Exploits0
NVD
NVD
added 2017/10/19 8:29 p.m.19 views

CVE-2017-5635

In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, if an anonymous user request is replicated to another node, the originating node identity is used rather than the "anonymous" user...

7.5CVSS7.5AI score0.03289EPSS
Exploits0References2
Cvelist
Cvelist
added 2017/10/19 8:0 p.m.18 views

CVE-2017-5635

In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, if an anonymous user request is replicated to another node, the originating node identity is used rather than the "anonymous" user...

7.4AI score0.03289EPSS
Exploits0References2
Rows per page
Query Builder