CVE-2024-23639 micronaut-core management endpoints vulnerable to drive-by localhost attack

Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical ...

CVE-2024-23639 micronaut-core management endpoints vulnerable to drive-by localhost attack

Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical ...

CVE-2024-23639 micronaut-core management endpoints vulnerable to drive-by localhost attack

Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical ...

CVE-2024-23639

Affected product: Micronaut Framework (micronaut-core). Vulnerability: Enabled but unsecured management endpoints allow drive-by localhost attacks when a malicious site issues HTTP requests to localhost, potentially bypassing CORS checks for some simple requests. Impact: Local development environ...

Micronaut Framework Security Vulnerability

Micronaut Framework is a modern full-stack Java framework based on the JVM from the Micronaut Foundation. A security vulnerability exists in Micronaut Framework versions prior to 3.8.3 that stems from an enabled but insecure management endpoint that is vulnerable to local host attacks...

PT-2024-19989 · Unknown · Micronaut Framework

Name of the Vulnerable Software and Affected Versions: Micronaut Framework versions prior to 3.8.3 Description: The issue concerns enabled but unsecured management endpoints in the Micronaut Framework, which are susceptible to drive-by localhost attacks. A malicious or compromised website can mak...

Fedora 39 : dnsmasq (2024-b359bbdf87)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-b359bbdf87 advisory. Change initial configuration to use local-service=host for initial listening on localhost. It auto- disables itself as soon as other explicit interface or...

Exploit for Injection in Atlassian Confluence_Data_Center

CVE-2023-22527-confluence Confluence CVE-2023-22527 realworl...

SUSE SLES15 / openSUSE 15 Security Update : hawk2 (SUSE-SU-2024:0076-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:0076-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVE...

PT-2024-17554

Name of the Vulnerable Software and Affected Versions: INW Krbyyyzo version 25.2002 Description: A problematic issue was found in the Daily Huddle Site component, specifically in the file /gbo.aspx. The manipulation of the argument s leads to resource consumption. It is possible to launch the...

PT-2023-32863 · Miniflare · Miniflare

Name of the Vulnerable Software and Affected Versions: Miniflare versions prior to 3.20231030.2 Description: Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on...

CVE-2023-48380

Softnext Mail SQR Expert is an email management platform, it has insufficient filtering for a special character within a spcific function. A remote attacker authenticated as a localhost can exploit this vulnerability to perform command injection attacks, to execute arbitrary system command,...

CVE-2023-48380

Softnext Mail SQR Expert is an email management platform, it has insufficient filtering for a special character within a spcific function. A remote attacker authenticated as a localhost can exploit this vulnerability to perform command injection attacks, to execute arbitrary system command,...

PT-2023-31357 · Unknown · Nuxt-Api-Party

Name of the Vulnerable Software and Affected Versions: nuxt-api-party versions prior to 0.22.1 Description: The issue arises from a recent change in the detection of absolute URLs, which is no longer sufficient to prevent Server-Side Request Forgery SSRF. The regular expression ^https?:// used to...

PT-2023-9161 · Ghost · Ghost

Name of the Vulnerable Software and Affected Versions: Ghost versions prior to 5.76.0 Description: The issue is related to the lack of protection of the web page structure, allowing a remote attacker to conduct a cross-site scripting XSS attack by sending a specially crafted malicious SVG file...

VulnCheck KEV: CVE-2019-9733

An issue was discovered in JFrog Artifactory 6.7.3. By default, the access-admin account is used to reset the password of the admin account in case an administrator gets locked out from the Artifactory console. This is only allowable from a connection directly from localhost, but providing a...

Server side request forgery (ssrf)

google-translate-api-browser is an npm package which interfaces with the google translate web api. A Server-Side Request Forgery SSRF Vulnerability is present in applications utilizing the google-translate-api-browser package and exposing the translateOptions to the end user. An attacker can set ...

CVE-2023-48711 Server-Side Request Forgery (SSRF) Vulnerability in google-translate-api-browser

google-translate-api-browser is an npm package which interfaces with the google translate web api. A Server-Side Request Forgery SSRF Vulnerability is present in applications utilizing the google-translate-api-browser package and exposing the translateOptions to the end user. An attacker can set ...

Path Traversal

github.com/arduino/arduino-create-agent is vulnerable to Path Traversal. The vulnerability results from inadequate sanitization of the filename parameter. Exploiting this flaw, an attacker can execute HTTP requests on the localhost interface or bypass CORS configuration. Consequently, they may be...

Directory Traversal

github.com/arduino/arduino-create-agent is vulnerable to Directory Traversal. When the attacker has access to the localhost interface, they can send a specially crafted HTTP DELETE request to the /v2/pkgs/tools/installed endpoint, specifying the path of the file or folder that they want to delete...