Lucene search
+L

159 matches found

Snyk
Snyk
added 2025/01/14 3:40 p.m.4 views

Exposed Dangerous Method or Function

Overview Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via the backend user interface functionality involving deep links. An attacker can manipulate the state-changing actions and delete items by sending a crafted URL to a logged-in user. Note: This is...

5.1CVSS6.9AI score0.00191EPSS
Exploits0References2
Snyk
Snyk
added 2025/01/14 3:40 p.m.5 views

Exposed Dangerous Method or Function

Overview typo3/cms-form is a Form Library, Plugin and Editor Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via the backend user interface functionality involving deep links. An attacker can manipulate or delete persisted form definitions by deceiving a...

5.4CVSS6.9AI score0.00186EPSS
Exploits0References2
Snyk
Snyk
added 2025/01/14 3:25 p.m.15 views

Exposed Dangerous Method or Function

Overview Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via the Backend User Module. An attacker can manipulate user actions by tricking a victim into visiting a malicious URL while logged into the backend. Note: This is only exploitable if...

5.4CVSS6.9AI score0.00239EPSS
Exploits0References2
Snyk
Snyk
added 2025/01/14 3:24 p.m.4 views

Exposed Dangerous Method or Function

Overview Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via the Log Module. An attacker can manipulate log entries by deceiving a user into interacting with a malicious URL while logged into the backend user interface. Note: This is only exploitable if...

5.1CVSS6.9AI score0.00239EPSS
Exploits0References2
Amazon
Amazon
added 2024/12/19 12:0 a.m.17 views

Medium: apr

Issue Overview: Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data. This issue does not affect non-Unix platforms, or builds with APRUSESHMEMSHMGET=1 apr...

5.5CVSS5.7AI score0.00332EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/11/01 7:0 a.m.6 views

Apache Portable Runtime (APR): Unexpected lax shared memory permissions

...

5.5CVSS7AI score0.00332EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/09/04 12:0 a.m.22 views

Fedora 40 : apr (2024-b40491b84b)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-b40491b84b advisory. This update to the apr package fixes a security issue in the handling of shared memory permissions. SECURITY: CVE-2023-49582: Apache Portable Runtime APR:...

5.5CVSS6.4AI score0.00332EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2024/07/10 12:0 a.m.27 views

CVE-2024-6611

A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox 128 and Thunderbird 128...

9.8CVSS7.1AI score0.00662EPSS
Exploits0References5
NVD
NVD
added 2024/06/24 3:15 a.m.30 views

CVE-2024-4499

A Cross-Site Request Forgery CSRF vulnerability exists in the XTTS server of parisneo/lollms version 9.6 due to a lax CORS policy. The vulnerability allows attackers to perform unauthorized actions by tricking a user into visiting a malicious webpage, which can then trigger arbitrary LoLLMS-XTTS...

7.6CVSS0.00175EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/06/24 12:0 a.m.6 views

LoLLMs Cross-Site Request Forgery Vulnerability

LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A cross-site request forgery vulnerability exists in LoLLMs version 9.6 that stems from a lax CORS policy. An attacker could use this vulnerability to read arbitrary files on the system and wri...

7.6CVSS6.8AI score0.00175EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/06/24 12:0 a.m.6 views

PT-2024-31349 · Lollms +1 · Lollms +2

Name of the Vulnerable Software and Affected Versions: lollms version 9.6 Description: A Cross-Site Request Forgery CSRF vulnerability exists in the XTTS server due to a lax CORS policy, allowing attackers to perform unauthorized actions by tricking a user into visiting a malicious webpage. This...

7.6CVSS7.6AI score0.00175EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/03/06 12:0 a.m.6 views

CasaOS Security Vulnerabilities

CasaOS is a simple, easy to use and elegant open source home cloud system. A security vulnerability exists in CasaOS-UserService versions prior to 0.4.6 that stems from lax filtering of URL paths, which allows an attacker to obtain any file on the system...

9.8CVSS6.7AI score0.00971EPSS
Exploits1References4
OSV
OSV
added 2024/02/21 12:10 a.m.20 views

GHSA-CP68-QRHR-G9H8 MeshCentral cross-site websocket hijacking (CSWSH) vulnerability

We have identified a cross-site websocket hijacking CSWSH vulnerability within the control.ashx endpoint of MeshCentral. This component is the primary mechanism used within MeshCentral to perform administrative actions on the server. To demonstrate the impact of the vulnerability we developed a...

8.3CVSS8.6AI score0.00464EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2024/02/21 12:10 a.m.79 views

MeshCentral cross-site websocket hijacking (CSWSH) vulnerability

We have identified a cross-site websocket hijacking CSWSH vulnerability within the control.ashx endpoint of MeshCentral. This component is the primary mechanism used within MeshCentral to perform administrative actions on the server. To demonstrate the impact of the vulnerability we developed a...

8.8CVSS6.7AI score0.00464EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2024/02/02 12:0 a.m.6 views

Beetl Security Vulnerabilities

Beetl is a high-speed template engine by the individual developer Li Jiazhi xiandafu in China. A security vulnerability exists in Beetl v3.15.12 and earlier versions, which stems from lax blacklist filtering. The vulnerability can be exploited by an attacker to remotely execute code...

9.8CVSS6.9AI score0.01028EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/01/29 12:0 a.m.4 views

aiohttp Environment Issue Vulnerability

aiohttp is an open source asynchronous HTTP client/server framework for asyncio and Python. A vulnerability exists in aiohttp versions prior to 3.9.2, which stems from the HTTP parser's overly lax treatment of delimiters, which can help with request smuggling...

6.5CVSS6.8AI score0.01029EPSS
Exploits1References3
Wired Threat Level
Wired Threat Level
added 2023/10/31 6:11 p.m.32 views

How Telegram Became a Terrifying Weapon in the Israel-Hamas War

Hamas posted gruesome images and videos that were designed to go viral. Sources argue that Telegram’s lax moderation ensured they were seen around the world...

7.2AI score
Exploits0
CNNVD
CNNVD
added 2023/10/26 12:0 a.m.4 views

Obl.ong Security Vulnerabilities

Obl.ong is a high-quality subdomain built with Rails from Obl.ong. A security vulnerability exists in versions of Obl.ong prior to 1.1.2 that stems from lax email OTP filtering, which allows an attacker to bypass authorization checks...

5.3CVSS6.7AI score0.00382EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2023/10/17 12:40 p.m.29 views

CSRF Token Reuse Vulnerability

A Cross-Site Request Forgery CSRF vulnerability has been identified in the application, which allows an attacker to inject arbitrary values and forge malicious requests on behalf of a user. This vulnerability can allow an attacker to inject arbitrary values without any authentication, or perform...

10CVSS6.9AI score0.00313EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2023/10/16 9:15 p.m.46 views

Cross site request forgery (csrf)

Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery CSRF vulnerability has been identified in the application, which allows an attacker to inject arbitrary values and forge malicious requests on behalf of a user. This vulnerability can allow an attacker to injec...

6.8CVSS8.9AI score0.00313EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder