Lucene search
K

11 matches found

NVD
NVD
added 2026/05/14 5:16 p.m.22 views

CVE-2025-62316

HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured. Absence of these headers may reduce the effectiveness of browser-based security controls and could expose the application to limited security risks under specific conditions...

2.3CVSS0.00106EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/14 4:8 p.m.11 views

EUVD-2025-209856

HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured. Absence of these headers may reduce the effectiveness of browser-based security controls and could expose the application to limited security risks under specific conditions...

2.3CVSS5.8AI score0.00106EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.17 views

PT-2026-40957

HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured. Absence of these headers may reduce the effectiveness of browser-based security controls and could expose the application to limited security risks under specific conditions...

2.3CVSS5.8AI score0.00106EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/08/22 10:25 p.m.5 views

Malicious code in kmvn-ekjvnbwkhjbewv (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b7bdb5dbe3c34fefec0edf3fec374c428af88d2600073a8db94054e7feb101fa Collects basic information about the system, most probably a pentest or bug bounty. --- Category: PROBABLYPENTEST - Packages looking like typical pentest...

6.9AI score
Exploits0References1
OSV
OSV
added 2024/08/22 10:25 p.m.5 views

MAL-2024-12223 Malicious code in byterec-models (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a743bef3c7e21e3a83027eb77a9868e7b659f295c96c82ac735bc135b353e597 Collects basic information about the system, most probably a pentest or bug bounty. --- Category: PROBABLYPENTEST - Packages looking like typical pentest...

6.8AI score
Exploits0References1
OSV
OSV
added 2024/06/24 2:15 p.m.21 views

CVE-2024-4748

The CRUDDIY project is vulnerable to shell command injection via sending a crafted POST request to the application server. The exploitation risk is limited since CRUDDIY is meant to be launched locally. Nevertheless, a user with the project running on their computer might visit a website which...

7.8CVSS7.6AI score0.01115EPSS
Exploits0References3
CVE
CVE
added 2024/06/22 9:9 a.m.65 views

CVE-2024-38379

CVE-2024-38379 affects Apache Allura (versions 1.4.0–1.17.0). The vulnerability is a stored XSS in the neighborhood settings, accessible only to neighborhood admins, limiting scope to configurations where admins aren’t fully trusted. Root cause is unfiltered/unsafely handled user data in these se...

4.8CVSS4.9AI score0.00692EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/06/22 9:9 a.m.20 views

CVE-2024-38379 Apache Allura: Stored authenticated XSS

Apache Allura's neighborhood settings are vulnerable to a stored XSS attack. Only neighborhood admins can access these settings, so the scope of risk is limited to configurations where neighborhood admins are not fully trusted. This issue affects Apache Allura: from 1.4.0 through 1.17.0. Users ar...

5.9AI score0.00692EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/09/30 4:35 p.m.36 views

CVE-2022-40315

A limited SQL injection risk was identified in the "browse list of users" site administration page...

10AI score0.0083EPSS
Exploits0References2
NVD
NVD
added 2021/06/22 10:15 p.m.25 views

CVE-2021-34395

Trusty TLK contains a vulnerability in its access permission settings where it does not properly restrict access to a resource from a user with local privileges, which might lead to limited information disclosure, a low risk of modifcations to data, and limited denial of service...

4.6CVSS0.00179EPSS
Exploits0References1
Hacker One
Hacker One
added 2020/11/20 7:38 p.m.115 views

HackerOne: Second-order SOQL injection through email and campaign name parameter in Salesforce lead submission

The HackerOne directory contains profiles of bug bounty and vulnerability disclosure programs that aren't managed on HackerOne. These profiles can be claimed by the organization that manages it. As part of this flow, they will need to enter an email address to confirm that affiliation with the...

0.2AI score
Exploits0
Rows per page
Query Builder