Lucene search
K

560 matches found

OSV
OSV
added 2024/04/24 8:15 p.m.2 views

UBUNTU-CVE-2024-32879

Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed b...

4.9CVSS6.7AI score0.00581EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/04/24 12:0 a.m.5 views

Python Social Auth 安全漏洞

Python Social Auth is an easy to set up social authentication/registration mechanism from Python Social Auth open source. Multiple frameworks and authentication providers are supported. A security vulnerability exists in Python Social Auth versions prior to 5.4.1 , which stems from the default...

4.9CVSS7.8AI score0.00581EPSS
Exploits0References3
NVD
NVD
added 2024/04/16 12:15 a.m.13 views

CVE-2024-1739

lunary-ai/lunary is vulnerable to an authentication issue due to improper validation of email addresses during the signup process. Specifically, the server fails to treat email addresses as case insensitive, allowing the creation of multiple accounts with the same email address by varying the cas...

9.1CVSS7.7AI score0.00561EPSS
Exploits1References2
OSV
OSV
added 2024/04/16 12:15 a.m.22 views

CVE-2024-1739

lunary-ai/lunary is vulnerable to an authentication issue due to improper validation of email addresses during the signup process. Specifically, the server fails to treat email addresses as case insensitive, allowing the creation of multiple accounts with the same email address by varying the cas...

9.1CVSS7.2AI score0.00561EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/04/16 12:0 a.m.15 views

CVE-2024-1739 Case Insensitive Email Address Validation Vulnerability in lunary-ai/lunary

lunary-ai/lunary is vulnerable to an authentication issue due to improper validation of email addresses during the signup process. Specifically, the server fails to treat email addresses as case insensitive, allowing the creation of multiple accounts with the same email address by varying the cas...

7.5CVSS7.9AI score0.00561EPSS
Exploits1References2
CVE
CVE
added 2024/04/16 12:0 a.m.60 views

CVE-2024-1739

CVE-2024-1739 affects lunary-ai/lunary and describes an authentication issue caused by improper validation of email addresses during signup. The server does not treat emails as case-insensitive, allowing multiple accounts to be created for the same address by varying case (e.g., [email protected] vs ...

9.1CVSS7AI score0.00561EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/04/16 12:0 a.m.14 views

CVE-2024-1739 Case Insensitive Email Address Validation Vulnerability in lunary-ai/lunary

lunary-ai/lunary is vulnerable to an authentication issue due to improper validation of email addresses during the signup process. Specifically, the server fails to treat email addresses as case insensitive, allowing the creation of multiple accounts with the same email address by varying the cas...

7.5CVSS7.2AI score0.00561EPSS
Exploits1References2
OSV
OSV
added 2024/04/08 11:14 a.m.3 views

USN-6722-1 python-django vulnerability

Simon Charette discovered that the password reset functionality in Django used a Unicode case insensitive query to retrieve accounts associated with an email address. An attacker could possibly use this to obtain password reset tokens and hijack accounts...

9.8CVSS6.7AI score0.3481EPSS
Exploits7References2
Snyk
Snyk
added 2024/03/12 3:39 p.m.4 views

Cross-site Scripting (XSS)

Overview phlex is a high-performance view framework optimised for fun. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to case-insensitivity in the code designed to prevent XSS attacks. When rendering HTML or SVG tags with user-provided attributes, malicious event...

7.1CVSS5.3AI score0.00604EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/03/06 3:38 p.m.3 views

jgit: arbitrary file overwrite

Arbitrary File Overwrite in Eclipse JGit = 6.6.0 In Eclipse JGit, all versions = 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive...

8.8CVSS7.7AI score0.01884EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/03/06 3:32 p.m.3 views

jgit: arbitrary file overwrite

Arbitrary File Overwrite in Eclipse JGit = 6.6.0 In Eclipse JGit, all versions = 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive...

8.8CVSS7.7AI score0.01884EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/03/06 3:32 p.m.2 views

jgit: arbitrary file overwrite

Arbitrary File Overwrite in Eclipse JGit = 6.6.0 In Eclipse JGit, all versions = 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive...

8.8CVSS7.7AI score0.01884EPSS
Exploits0References4
OSV
OSV
added 2024/03/01 4:58 p.m.20 views

GHSA-QW9G-7549-7WG5 Directus has MySQL accent insensitive email matching

Password reset vulnerable to accent confusion The password reset mechanism of the Directus backend is implemented in a way where combined with specific, need to double check if i can work around configuration in MySQL or MariaDB. As such, it allows attackers to receive a password reset email of a...

8.2CVSS8.1AI score0.00702EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2024/03/01 4:58 p.m.57 views

Directus has MySQL accent insensitive email matching

Password reset vulnerable to accent confusion The password reset mechanism of the Directus backend is implemented in a way where combined with specific, need to double check if i can work around configuration in MySQL or MariaDB. As such, it allows attackers to receive a password reset email of a...

8.2CVSS7AI score0.00702EPSS
Exploits1References6Affected Software1
Prion
Prion
added 2024/03/01 4:15 p.m.20 views

Design/Logic Flaw

Directus is a real-time API and App dashboard for managing SQL database content. The password reset mechanism of the Directus backend allows attackers to receive a password reset email of a victim user, specifically having it arrive at a similar email address as the victim with a one or more...

6.4CVSS8.1AI score0.00702EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/03/01 3:37 p.m.18 views

CVE-2024-27295 Directus MySQL accent insensitive email matching

Directus is a real-time API and App dashboard for managing SQL database content. The password reset mechanism of the Directus backend allows attackers to receive a password reset email of a victim user, specifically having it arrive at a similar email address as the victim with a one or more...

8.2CVSS8.4AI score0.00702EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/03/01 3:37 p.m.42 views

CVE-2024-27295 Directus MySQL accent insensitive email matching

Directus is a real-time API and App dashboard for managing SQL database content. The password reset mechanism of the Directus backend allows attackers to receive a password reset email of a victim user, specifically having it arrive at a similar email address as the victim with a one or more...

8.2CVSS8.6AI score0.00702EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/03/01 12:0 a.m.4 views

PT-2024-2179 · Unknown +2 · Mysql Server +2

Name of the Vulnerable Software and Affected Versions: Directus versions prior to 10.8.3 Description: The password reset mechanism of the Directus backend allows attackers to receive a password reset email of a victim user, specifically having it arrive at a similar email address as the victim wi...

8.5CVSS7AI score0.00702EPSS
Exploits1References16
RedHat Linux
RedHat Linux
added 2024/02/07 8:38 a.m.8 views

jgit: arbitrary file overwrite

Arbitrary File Overwrite in Eclipse JGit = 6.6.0 In Eclipse JGit, all versions = 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive...

8.8CVSS7.7AI score0.01884EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/02/07 8:37 a.m.5 views

jgit: arbitrary file overwrite

Arbitrary File Overwrite in Eclipse JGit = 6.6.0 In Eclipse JGit, all versions = 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive...

8.8CVSS7.7AI score0.01884EPSS
Exploits0References4
Rows per page
Query Builder