Lucene search
+L

130 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 10:33 a.m.14 views

CVE-2024-44685

Titan SFTP and Titan MFT Server 2.0.25.2426 and earlier have a vulnerability a vulnerability where sensitive information, including passwords, is exposed in clear text within the JSON response when configuring SMTP settings via the Web UI...

5CVSS6.9AI score0.00264EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:13 a.m.11 views

CVE-2023-23856

In SAP BusinessObjects Business Intelligence Web Intelligence user interface - version 430, some calls return json with wrong content type in the header of the response. As a result, a custom application that calls directly the jsp of Web Intelligence DHTML may be vulnerable to XSS attacks. On...

5.4CVSS5.9AI score0.00338EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:50 a.m.8 views

CVE-2023-0015

In SAP BusinessObjects Business Intelligence Platform Web Intelligence user interface - version 420, some calls return json with wrong content type in the header of the response. As a result, a custom application that calls directly the jsp of Web Intelligence DHTML may be vulnerable to XSS...

5.4CVSS5.2AI score0.00345EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:3 a.m.9 views

CVE-2022-24978

Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privilege Escalation on Integrated products. This occurs because a password field is present in a JSON response...

8.8CVSS6.9AI score0.01092EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:49 p.m.8 views

CVE-2022-30617

An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, for other admin panel users that have a relationship e.g., created by, updated by with content accessible to the authenticated user. For example, a...

9CVSS6.5AI score0.01409EPSS
Exploits0References1
NVD
NVD
added 2025/03/28 10:15 p.m.13 views

CVE-2024-58130

In app/Controller/Component/RestResponseComponent.php in MISP before 2.4.193, REST endpoints have a lack of sanitization for non-JSON responses...

7.2CVSS0.00217EPSS
Exploits0References2
OSV
OSV
added 2025/03/19 7:54 p.m.15 views

GHSA-JVHM-GJRH-3H93 Nuxt allows DOS via cache poisoning with payload rendering response

Summary By sending a crafted HTTP request to a server behind an CDN, it is possible in some circumstances to poison the CDN cache and highly impacts the availability of a site. It is possible to craft a request, such as https://mysite.com/?/payload.json which will be rendered as JSON. If the CDN ...

7.5CVSS6.3AI score0.00364EPSS
Exploits0References3
NVD
NVD
added 2025/03/19 7:15 p.m.34 views

CVE-2025-27415

Nuxt is an open-source web development framework for Vue.js. Prior to 3.16.0, by sending a crafted HTTP request to a server behind an CDN, it is possible in some circumstances to poison the CDN cache and highly impacts the availability of a site. It is possible to craft a request, such as...

7.5CVSS0.00364EPSS
Exploits0References1
Veracode
Veracode
added 2024/11/13 10:54 a.m.17 views

Insecure Deserialization

Apache Lucene.Net.Replicator is vulnerable to Insecure Deserialization. The vulnerability exists due to the deserialization of untrusted data without adequate validation, allowing an attacker who intercepts traffic or controls the replication node URL to send a malicious JSON response...

8.1CVSS6.7AI score0.01234EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/31 9:57 a.m.23 views

CVE-2024-43383 Apache Lucene.Net.Replicator: Remote Code Execution in Lucene.Net.Replicator

Deserialization of Untrusted Data vulnerability in Apache Lucene.Net.Replicator. This issue affects Apache Lucene.NET's Replicator library: from 4.8.0-beta00005 through 4.8.0-beta00016. An attacker that can intercept traffic between a replication client and server, or control the target replicati...

8CVSS7.8AI score0.01234EPSS
Exploits0References1
NVD
NVD
added 2024/09/13 4:15 p.m.33 views

CVE-2024-44685

Titan SFTP and Titan MFT Server 2.0.25.2426 and earlier have a vulnerability a vulnerability where sensitive information, including passwords, is exposed in clear text within the JSON response when configuring SMTP settings via the Web UI...

5CVSS0.00264EPSS
Exploits0References2
CVE
CVE
added 2024/09/13 12:0 a.m.70 views

CVE-2024-44685

The vulnerability CVE-2024-44685 affects Titan SFTP and Titan MFT Server versions 2.0.25.2426 and earlier. The root cause is that passwords and other sensitive data are exposed in clear text within the JSON response when configuring SMTP settings via the Web UI. This impacts confidentiality (high...

5CVSS6.5AI score0.00264EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/09/13 12:0 a.m.30 views

CVE-2024-44685

Titan SFTP and Titan MFT Server 2.0.25.2426 and earlier have a vulnerability a vulnerability where sensitive information, including passwords, is exposed in clear text within the JSON response when configuring SMTP settings via the Web UI...

0.00264EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/03/25 6:19 p.m.13 views

CVE-2023-48296 OroPlatform's storefront user can access history and most viewed data from matching back-office user with the same ID

OroPlatform is a PHP Business Application Platform BAP. Navigation history, most viewed and favorite navigation items are returned to storefront user in JSON navigation response if ID of storefront user matches ID of back-office user. This vulnerability is fixed in 5.1.4...

4.3CVSS6.7AI score0.0044EPSS
Exploits0References2
CVE
CVE
added 2024/03/25 6:19 p.m.69 views

CVE-2023-48296

Summary: OroPlatform (PHP BAP) contains an information disclosure vulnerability in the JSON navigation response. If a storefront user’s ID matches a back-office user’s ID, the response leaks navigation history, as well as most viewed and favorite navigation items. Root cause: Insufficient access ...

4.3CVSS4.4AI score0.0044EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/03/06 10:54 a.m.28 views

BIT-GRAFANA-2022-39307 Grafana subject to Exposure of Sensitive Information resulting in User enumeration via forget password

Grafana is an open-source platform for monitoring and observability. When using the forget password on the login page, a POST request is made to the /api/user/password/sent-reset-email URL. When the username or email does not exist, a JSON response contains a “user not found” message. This leaks...

6.7CVSS6.4AI score0.00702EPSS
Exploits0References3
NVD
NVD
added 2023/12/04 9:15 p.m.14 views

CVE-2023-49080

The Jupyter Server provides the backend i.e. the core services, APIs, and REST endpoints for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. Unhandled errors in API requests coming from an authenticated user include traceback information, which can include path information...

4.3CVSS0.00841EPSS
Exploits0References4
OSV
OSV
added 2023/11/03 7:50 p.m.21 views

GHSA-7CRC-R3WG-CFGF Json response for search reveals Solr credentials

Impact An error in Ibexa's Solr search engine results in potential exposure of Solr credentials. This is a critical vulnerability and all supported versions of the engine are affected. Those not using the Solr search engine are not affected. Patches The issue is fixed in all supported versions of...

6.9AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/11/03 7:48 p.m.15 views

Json response for search reveals Solr credentials

Impact An error in Ibexa's Solr search engine results in potential exposure of Solr credentials. This is a critical vulnerability and all supported versions of the engine are affected. Those not using the Solr search engine are not affected. Patches The issue is fixed in all supported versions of...

7.1AI score
Exploits0References3Affected Software1
OSV
OSV
added 2023/05/26 1:56 p.m.18 views

GHSA-6QJX-787V-6PXR Craft CMS stored XSS in indexedVolumes

Summary XSS can be triggered via the Update Asset Index utility PoC 1. Access setting tab 2. Create new assets 3. In assets name inject payload: "alert26 4. Click Utilities tab 5. Choose all volumes, or volume trigger xss 7. Click Update asset indexes. XSS will be triggered Json response volumes...

5.5CVSS5.4AI score0.00681EPSS
Exploits1References5
Rows per page
Query Builder