Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

NVD
NVDadded 2023/10/04 11:15 a.m.22 views

CVE-2023-1584

A flaw was found in Quarkus. Quarkus OIDC can leak both ID and access tokens in the authorization code flow when an insecure HTTP protocol is used, which can allow attackers to access sensitive user data directly from the ID token or by using the access token to access user data from OIDC provide...

7.5CVSS7.4AI score0.00955EPSS
Exploits0References6
Prion
Prionadded 2023/10/04 11:15 a.m.18 views

Authorization

A flaw was found in Quarkus. Quarkus OIDC can leak both ID and access tokens in the authorization code flow when an insecure HTTP protocol is used, which can allow attackers to access sensitive user data directly from the ID token or by using the access token to access user data from OIDC provide...

5CVSS7.5AI score0.00955EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVEadded 2023/03/24 1:7 p.m.49 views

CVE-2023-1584

A flaw was found in Quarkus. Quarkus OIDC can leak both ID and access tokens in the authorization code flow when an insecure HTTP protocol is used, which can allow attackers to access sensitive user data directly from the ID token or by using the access token to access user data from OIDC provide...

7.5CVSS6.6AI score0.00955EPSS
Exploits0References5
Veracode
Veracodeadded 2022/02/21 8:24 a.m.23 views

Information Disclosure

cobbler is vulnerable to information disclosure. The vulnerability exists due to the cleartext transmission of data through the insecure HTTP protocol, allowing an attacker to gain sensitive information...

5.9CVSS0.4AI score0.00897EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVEadded 2022/02/10 7:47 p.m.46 views

CVE-2022-0536

A flaw was found in the follow-redirects package. This flaw allows the exposure of sensitive information to an unauthorized actor due to the usage of insecure HTTP protocol. This issue happens with an Authorization header leak from the same hostname, https-http, and requires a Man-in-the-Middle...

5.9CVSS1.3AI score0.0126EPSS
Exploits0References3
NVD
NVDadded 2018/04/11 5:29 p.m.12 views

CVE-2017-8154

The Themes App Honor 8 Lite Huawei mobile phones with software of versions before Prague-L31C576B172, versions before Prague-L31C530B160, versions before Prague-L31C432B180 has a man-in-the-middle MITM vulnerability due to the use of the insecure HTTP protocol for theme download. An attacker may...

5.3CVSS5.2AI score0.00379EPSS
Exploits0References1
Prion
Prionadded 2018/04/11 5:29 p.m.15 views

Design/Logic Flaw

The Themes App Honor 8 Lite Huawei mobile phones with software of versions before Prague-L31C576B172, versions before Prague-L31C530B160, versions before Prague-L31C432B180 has a man-in-the-middle MITM vulnerability due to the use of the insecure HTTP protocol for theme download. An attacker may...

2.6CVSS5.2AI score0.00379EPSS
Exploits0References1Affected Software1
CVE
CVEadded 2018/04/11 5:0 p.m.39 views

CVE-2017-8154

The CVE-2017-8154 entry concerns Huawei/Honor devices (Themes App on Honor 8 Lite) with software versions prior to Prague-L31C576B172, Prague-L31C530B160, and Prague-L31C432B180. The underlying issue is an MITM vulnerability arising from the use of insecure HTTP to download themes, enabling an at...

5.3CVSS5.2AI score0.00379EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder