Lucene search
K

18 matches found

Hacker One
Hacker One
added 2026/06/04 8:3 a.m.9 views

Revive Adserver: PHP code injection in delivery-limitation `logical` validation bypass - XML-RPC setChannelTargeting

Vulnerability description not provided...

8.8CVSS6.7AI score0.02734EPSS
Exploits2
CVE
CVE
added 2025/08/06 7:16 a.m.21 views

CVE-2025-7954

CVE-2025-7954 targets Shopware v6.6.10.4 and describes a race condition in the voucher system that allows bypassing voucher restrictions and exceeding usage limits. The issue arises during voucher validation, where non-atomic voucher checks can enable multiple checkouts to reuse limited or genera...

8.1CVSS6.5AI score0.00379EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2024/08/22 6:30 a.m.67 views

CVE-2024-39810

Mattermost Server vulnerable versions: 9.5.x up to 9.5.7 and 9.10.x up to 9.10.0. The root cause is failure to time/size-limit the CA path file in the Elasticsearch configuration, allowing a System Role with access to the Elasticsearch console to set any file as a CA path (e.g., /dev/zero). After...

4.9CVSS5.1AI score0.00456EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/17 8:24 a.m.14 views

CVE-2024-24873 WordPress Polls CP plugin <= 1.0.71 - Polls Limitation Bypass vulnerability

: Improper Control of Interaction Frequency vulnerability in CodePeople CP Polls allows Flooding.This issue affects CP Polls: from n/a through 1.0.71...

5.3CVSS6.9AI score0.0042EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/17 8:24 a.m.32 views

CVE-2024-24873 WordPress Polls CP plugin <= 1.0.71 - Polls Limitation Bypass vulnerability

: Improper Control of Interaction Frequency vulnerability in CodePeople CP Polls allows Flooding.This issue affects CP Polls: from n/a through 1.0.71...

5.3CVSS5.3AI score0.0042EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2024/03/25 8:9 p.m.99 views

CVE-2024-29025

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The HttpPostRequestDecoder can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits ...

5.3CVSS6.4AI score0.0138EPSS
Exploits1
Hacker One
Hacker One
added 2023/09/16 10:5 a.m.19 views

HackerOne: Ability to bulk submit reports via query named based batching

A vulnerability was discovered in the GraphQL API of the HackerOne platform. The vulnerability allowed an attacker to bulk submit reports via query-based batching, bypassing the intended limit of 500 reports. This was achieved by leveraging a Python script to generate a large number of reports in...

6.9AI score
Exploits0
Vulnrichment
Vulnrichment
added 2022/07/11 2:8 p.m.10 views

CVE-2022-2366 Incorrect defaults can cause attackers to bypass rate limitations

Incorrect default configuration for trusted IP header in Mattermost version 6.7.0 and earlier allows attacker to bypass some of the rate limitations in place or use manipulated IPs for audit logging via manipulating the request headers...

5.6CVSS5.6AI score0.00586EPSS
Exploits0References1
CVE
CVE
added 2019/02/28 6:0 p.m.144 views

CVE-2018-18497

CVE-2018-18497 : In Firefox, limitations on URIs allowed to WebExtensions via the browser.windows.create API can be bypassed by placing a pipe in the URL field, causing multiple pages to load as a single argument. This may allow a malicious WebExtension to open privileged locations such as about:...

6.5CVSS6.6AI score0.01422EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2017/11/07 12:0 a.m.33 views

Debian DSA-4020-1 : chromium-browser - security update

Several vulnerabilities have been discovered in the chromium web browser. In addition, this message serves as an annoucment that security support for chromium in the oldstable release jessie, Debian 8, is now discontinued. Debian 8 chromium users that desire continued security updates are strongl...

8.8CVSS6.5AI score0.05245EPSS
Exploits6References42
Tenable Nessus
Tenable Nessus
added 2017/10/23 12:0 a.m.41 views

FreeBSD : chromium -- multiple vulnerabilities (a692bffe-b6ad-11e7-a1c2-e8e0b747a45a)

Google Chrome Releases reports : 35 security fixes in this release, including : - 762930 High CVE-2017-5124: UXSS with MHTML. Reported by Anonymous on 2017-09-07 - 749147 High CVE-2017-5125: Heap overflow in Skia. Reported by Anonymous on 2017-07-26 - 760455 High CVE-2017-5126: Use after free in...

8.8CVSS6.6AI score0.05245EPSS
Exploits6References22
FreeBSD
FreeBSD
added 2017/10/17 12:0 a.m.33 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 35 security fixes in this release, including: 762930 High CVE-2017-5124: UXSS with MHTML. Reported by Anonymous on 2017-09-07 749147 High CVE-2017-5125: Heap overflow in Skia. Reported by Anonymous on 2017-07-26 760455 High CVE-2017-5126: Use after free in PDFium...

8.8CVSS8.3AI score0.05245EPSS
Exploits6References1
Debian CVE
Debian CVE
added 2015/10/30 3:0 p.m.40 views

CVE-2015-7971

Xen 3.2.x through 4.6.x does not limit the number of printk console messages when logging certain pmu and profiling hypercalls, which allows local guests to cause a denial of service via a sequence of crafted 1 HYPERCALLxenoprofop hypercalls, which are not properly handled in the doxenoprofop...

2.1CVSS6.8AI score0.00426EPSS
Exploits0
securityvulns
securityvulns
added 2014/08/18 12:0 a.m.58 views

Linux kernel multiple security vulnerabilities

DoS via ptrace syscall, filesystems mount options limitation bypass...

7.2CVSS2.9AI score0.02324EPSS
Exploits12References2Affected Software1
securityvulns
securityvulns
added 2012/12/03 12:0 a.m.24 views

rssh security vulnerabilities

Multiple environment limitation bypass possibilities...

4.4CVSS3.1AI score0.00388EPSS
Exploits2References1Affected Software1
seebug.org
seebug.org
added 2012/07/27 12:0 a.m.87 views

Apple XCode 4.x 信息泄露漏洞

BUGTRAQ ID: 54679 CVE ID: CVE-2012-3698,CVE-2011-3389 Xcode是苹果机器上所使用的开发工具。 Apple Xcode 4.4之前版本在实现上存在安全漏洞,可被恶意用户利用泄露敏感信息,劫持用户会话,绕过某些安全限制。 1) SSL 3.0和TLS 1.0协议的实现中存在设计错误。 2) DR实现中的错误可允许App Store应用访问用Xcode构建的Helper工具中的密钥链项目。 0 Apple XCode 4.x 厂商补丁: Apple ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...

5CVSS7.7AI score0.73327EPSS
Exploits4
seebug.org
seebug.org
added 2011/08/24 12:0 a.m.32 views

PHP &quot;crypt()&quot; MD5 Salt安全漏洞

PHP是流行的脚本语言环境。 PHP在"crypt"函数的实现上存在安全漏洞,远程攻击者可利用此漏洞绕过某些安全限制。 此漏洞源于"crypt"函数在生成有salt的MD5哈希时,仅返回salt PHP 5.3.x 厂商补丁: PHP --- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.php.net...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2008/10/26 12:0 a.m.22 views

Sun Java WebStart multiple security vulnerabilities

Sandbox limitation bypass, buffer overflow...

3.3AI score
Exploits0References3
Rows per page
Query Builder