Lucene search
K

55 matches found

CNNVD
CNNVD
added 2025/05/09 12:0 a.m.7 views

Insomnia API Client 安全漏洞

Insomnia API Client is an open source cross-platform API client for GraphQL, REST, WebSockets, SSE and gRPC from Kong Open Source. A security vulnerability exists in Insomnia API Client versions prior to 11.0.2 that stems from a template injection issue that could lead to arbitrary code execution...

9.3CVSS7.3AI score0.00991EPSS
Exploits0References2
NVD
NVD
added 2025/02/16 3:15 p.m.5 views

CVE-2025-1353

A vulnerability was found in Kong Insomnia up to 10.3.0 and classified as critical. This issue affects some unknown processing in the library profapi.dll. The manipulation leads to untrusted search path. An attack has to be approached locally. The complexity of an attack is rather high. The...

7.3CVSS0.00171EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/02/16 3:0 p.m.5 views

CVE-2025-1353 Kong Insomnia profapi.dll untrusted search path

A vulnerability was found in Kong Insomnia up to 10.3.0 and classified as critical. This issue affects some unknown processing in the library profapi.dll. The manipulation leads to untrusted search path. An attack has to be approached locally. The complexity of an attack is rather high. The...

7.3CVSS6.8AI score0.00171EPSS
Exploits0References3
CVE
CVE
added 2025/02/16 3:0 p.m.69 views

CVE-2025-1353

CVE-2025-1353 affects Kong Insomnia up to 10.3.0, involving the library profapi.dll . The issue is an untrusted search path vulnerability that requires a local attack, with high complexity as described. The existence and reproducibility are disputed in sources. Affected component is the profapi.d...

7.3CVSS6.8AI score0.00171EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/02/16 3:0 p.m.15 views

CVE-2025-1353 Kong Insomnia profapi.dll untrusted search path

A vulnerability was found in Kong Insomnia up to 10.3.0 and classified as critical. This issue affects some unknown processing in the library profapi.dll. The manipulation leads to untrusted search path. An attack has to be approached locally. The complexity of an attack is rather high. The...

7.3CVSS0.00171EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/02/16 12:0 a.m.3 views

PT-2025-6886 · Kong · Kong Insomnia

Name of the Vulnerable Software and Affected Versions: Kong Insomnia versions prior to 10.3.0 Description: A critical issue has been detected in Kong Insomnia, affecting some unknown processing in the library profapi.dll. The manipulation leads to an untrusted search path. An attack must be...

7.3CVSS6.9AI score0.00171EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/02/16 12:0 a.m.4 views

Insomnia 代码问题漏洞

Insomnia is an open source, cross-platform API client from Insomnia for GraphQL, REST, WebSockets, server-sent events, and gRPC. A code issue vulnerability exists in Insomnia prior to version 10.3.0 that stems from an issue with profapi.dll containing an untrusted search path...

7.3CVSS6.9AI score0.00171EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2024/06/11 6:30 p.m.7 views

@pnp/nodejs (>=4.0.0 <=4.1.1-v4nightly.20240617), insomnia-plugin-azure-ad-authentication (=1.1.2) potentially affected by CVE-2024-35255 via @azure/msal-node (>=2.7.0 <=2.9.1)

@azure/msal-node NPM version =2.7.0, =4.0.0, =4.1.1-v4nightly.20240617 - insomnia-plugin-azure-ad-authentication =1.1.2 Source cves: CVE-2024-35255 Source advisory: OSV:GHSA-M5VV-6R4H-3VJ9...

5.5CVSS6.4AI score0.00788EPSS
Exploits0
NVD
NVD
added 2023/10/04 10:15 p.m.31 views

CVE-2023-40299

Kong Insomnia 2023.4.0 on macOS allows attackers to execute code and access restricted files, or make requests for TCC permissions, by using the DYLDINSERTLIBRARIES environment variable...

7.8CVSS7.7AI score0.00352EPSS
Exploits1References4
Prion
Prion
added 2023/10/04 10:15 p.m.57 views

Code injection

Kong Insomnia 2023.4.0 on macOS allows attackers to execute code and access restricted files, or make requests for TCC permissions, by using the DYLDINSERTLIBRARIES environment variable...

4.4CVSS7.7AI score0.00352EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2023/10/04 12:0 a.m.27 views

CVE-2023-40299

Kong Insomnia 2023.4.0 on macOS allows attackers to execute code and access restricted files, or make requests for TCC permissions, by using the DYLDINSERTLIBRARIES environment variable...

7.9AI score0.00352EPSS
Exploits1References4
OSV
OSV
added 2023/10/04 12:0 a.m.26 views

CVE-2023-40299

Kong Insomnia 2023.4.0 on macOS allows attackers to execute code and access restricted files, or make requests for TCC permissions, by using the DYLDINSERTLIBRARIES environment variable...

7.8CVSS7.6AI score0.00352EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2023/10/04 12:0 a.m.6 views

PT-2023-27366 · Kong · Kong Insomnia

Name of the Vulnerable Software and Affected Versions: Kong Insomnia version 2023.4.0 Description: The issue allows attackers to execute code and access restricted files, or make requests for TCC permissions, by using the DYLD INSERT LIBRARIES environment variable. This can be exploited on macOS...

7.8CVSS7.3AI score0.00352EPSS
Exploits1References9
Vulnrichment
Vulnrichment
added 2023/10/04 12:0 a.m.12 views

CVE-2023-40299

Kong Insomnia 2023.4.0 on macOS allows attackers to execute code and access restricted files, or make requests for TCC permissions, by using the DYLDINSERTLIBRARIES environment variable...

7.3AI score0.00352EPSS
Exploits1References4
CVE
CVE
added 2023/10/04 12:0 a.m.72 views

CVE-2023-40299

CVE-2023-40299 affects Kong Insomnia 2023.4.0 on macOS. The root cause is the use of the DYLD_INSERT_LIBRARIES environment variable, which can be manipulated to execute code and access restricted files, or trigger TCC permission requests. The exploit is described as a local attack with low attack...

7.8CVSS7.7AI score0.00352EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2023/10/04 12:0 a.m.8 views

Insomnia security breach

Insomnia is an open source, cross-platform API client from Insomnia for GraphQL, REST, WebSockets, server-sent events, and gRPC. A security vulnerability exists in Insomnia version 2023.4.0 that stems from the use of the DYLDINSERTLIBRARIES environment variable that can execute code and access...

7.8CVSS7.3AI score0.00352EPSS
Exploits1References5
OSV
OSV
added 2022/07/21 11:12 a.m.11 views

MAL-2022-3850 Malicious code in insomnia-plugin-simple-hmac-auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 82257b4c71933f16336920865f08941bf1fd250ffd06dd3e34a99e3319b78012 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Snyk
Snyk
added 2022/06/23 9:24 a.m.5 views

Malicious Package

Overview insomnia-plugin-simple-hmac-auth is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable ...

9.8CVSS7AI score
Exploits0References3
The Hacker News
The Hacker News
added 2020/04/22 9:11 a.m.7 views

Chinese Hackers Using New iPhone Hack to Spy On Uyghur Muslims

A Chinese hacking group has been found leveraging a new exploit chain in iOS devices to install a spyware implant targeting the Uyghur Muslim minority in China's autonomous region of Xinjiang. The findings, published by digital forensics firm Volexity, reveal that the exploit — named "Insomnia" —...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2018/12/04 12:0 a.m.23 views

RHEL 7 : Red Hat OpenShift Enterprise 3.1 (RHSA-2016:1852)

An update for Red Hat OpenShift Enterprise 3.1 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

7.5CVSS7.6AI score0.04707EPSS
Exploits1References3
Rows per page
Query Builder