Lucene search
K

42 matches found

NVD
NVD
added 2026/07/02 11:16 a.m.12 views

CVE-2026-54430

liboauth2 is vulnerable to Server-Side Request Forgery in oauth2josejwksawsalbresolve function. The AWS ALB verifier reads both signer and kid from the unverified JWT header. If signer matches the configured ARN, kid is appended to albbaseurl without URL encoding or path sanitization, and the HTT...

5.1CVSS0.00121EPSS
Exploits0References3
OSV
OSV
added 2026/07/02 11:16 a.m.2 views

UBUNTU-CVE-2026-54430

liboauth2 is vulnerable to Server-Side Request Forgery in oauth2josejwksawsalbresolve function. The AWS ALB verifier reads both signer and kid from the unverified JWT header. If signer matches the configured ARN, kid is appended to albbaseurl without URL encoding or path sanitization, and the HTT...

5.1CVSS5.9AI score0.00121EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/02 10:30 a.m.38 views

CVE-2026-54430 Server-Site Request Forgery in liboauth2

liboauth2 is vulnerable to Server-Side Request Forgery in oauth2josejwksawsalbresolve function. The AWS ALB verifier reads both signer and kid from the unverified JWT header. If signer matches the configured ARN, kid is appended to albbaseurl without URL encoding or path sanitization, and the HTT...

5.1CVSS0.00121EPSS
Exploits0References3
NVD
NVD
added 2026/01/23 9:15 p.m.7 views

CVE-2025-52023

A vulnerability in the PHP backend of gemscms.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This occurs when specially crafted HTTP GET/POST requests are sent to public A...

5.3CVSS0.00407EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-22582

Malware in sbrugna...

5.3CVSS5.4AI score0.01267EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-27765

Malicious code in bioql PyPI...

9.4CVSS6.2AI score0.00249EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-31515

Malicious code in bioql PyPI...

5.3CVSS5.7AI score0.00717EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-9726

Malicious code in bioql PyPI...

4.3CVSS6.6AI score0.00275EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/07/06 12:0 a.m.10 views

Jank 安全漏洞

Jank is a lightweight blogging system by the individual developer Fender. Jank has a security vulnerability that stems from the use of hard-coded passwords for the parameters accessSecret/refreshSecret in the file internal/utils/jwtutils.go...

6.3CVSS4.8AI score0.00353EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 2:55 a.m.5 views

CVE-2023-0454

OrangeScrum version 2.0.11 allows an authenticated external attacker to delete arbitrary local files from the server. This is possible because the application uses an unsanitized attacker-controlled parameter to construct an internal path...

8.1CVSS7.7AI score0.00986EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:34 p.m.6 views

CVE-2021-25118

The Yoast SEO WordPress plugin from versions 16.7 until 17.2 discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities...

5.3CVSS6.9AI score0.05632EPSS
Exploits1References1
Redos
Redos
added 2025/04/17 12:0 a.m.11 views

ROS-20250417-01

A vulnerability in the Nextcloud calendar cloud software application for creating and utilizing the Nextcloud Nextcloud data warehouse is related to disclosure of internal website paths when the SMTP server is unavailable. Exploitation of the vulnerability could allow an attacker acting remotely ...

4.3CVSS6.8AI score0.00438EPSS
Exploits0
NVD
NVD
added 2025/04/03 10:15 p.m.15 views

CVE-2025-0278

HCL Traveler is affected by an internal path disclosure in a Windows application when the application inadvertently reveals internal file paths, in error messages, debug logs, or responses to user requests...

4.3CVSS0.00275EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/03 10:7 p.m.21 views

CVE-2025-0278 An internal path disclosure vulnerability affects HCL Traveler

HCL Traveler is affected by an internal path disclosure in a Windows application when the application inadvertently reveals internal file paths, in error messages, debug logs, or responses to user requests...

4.3CVSS0.00275EPSS
Exploits0References1
CVE
CVE
added 2025/04/03 10:7 p.m.42 views

CVE-2025-0278

CVE-2025-0278 affects HCL Traveler, a Windows application. The issue is an internal path disclosure where internal file paths may be revealed in error messages, debug logs, or responses to user requests. The CVE entry cites a MEDIUM severity (CVSS v3.1: 4.3, AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) w...

4.3CVSS6.9AI score0.00275EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/04/03 10:7 p.m.5 views

CVE-2025-0278 An internal path disclosure vulnerability affects HCL Traveler

HCL Traveler is affected by an internal path disclosure in a Windows application when the application inadvertently reveals internal file paths, in error messages, debug logs, or responses to user requests...

4.3CVSS6.9AI score0.00275EPSS
Exploits0References1
NVD
NVD
added 2023/11/01 3:15 a.m.26 views

CVE-2023-5515

The responses for web queries with certain parameters disclose internal path of resources. This information can be used to learn internal structure of the application and to further plot attacks against web servers and deployed web applications...

5.3CVSS5.2AI score0.00377EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/11/01 2:49 a.m.31 views

CVE-2023-5515

The responses for web queries with certain parameters disclose internal path of resources. This information can be used to learn internal structure of the application and to further plot attacks against web servers and deployed web applications...

5.3CVSS5.5AI score0.00377EPSS
Exploits0References1
CVE
CVE
added 2023/11/01 2:49 a.m.75 views

CVE-2023-5515

Hitachi Energy eSOMS vulnerability CVE-2023-5515: exposure of internal resource paths via certain web query parameters. Affected product: eSOMS v6.3.13 and prior. Root cause: web responses reveal internal application structure, enabling information disclosure (CWE-497). Impact: potential disclosu...

5.3CVSS5.2AI score0.00377EPSS
Exploits0References1Affected Software1
GithubExploit
GithubExploit
added 2023/09/01 9:24 a.m.6 views

Exploit for Improper Input Validation in Usememos Memos

CVE-2023-4698 Local File Inclusion LFI in usememos/memos...

7.5CVSS8.3AI score0.00759EPSS
Exploits2
Rows per page
Query Builder