1752 matches found
CVE-2024-23639
Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical ...
Design/Logic Flaw
Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical ...
CVE-2024-23639 micronaut-core management endpoints vulnerable to drive-by localhost attack
Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical ...
CVE-2024-23639
Affected product: Micronaut Framework (micronaut-core). Vulnerability: Enabled but unsecured management endpoints allow drive-by localhost attacks when a malicious site issues HTTP requests to localhost, potentially bypassing CORS checks for some simple requests. Impact: Local development environ...
CVE-2024-23639 micronaut-core management endpoints vulnerable to drive-by localhost attack
Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical ...
CVE-2024-23639 micronaut-core management endpoints vulnerable to drive-by localhost attack
Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical ...
Micronaut Framework Security Vulnerability
Micronaut Framework is a modern full-stack Java framework based on the JVM from the Micronaut Foundation. A security vulnerability exists in Micronaut Framework versions prior to 3.8.3 that stems from an enabled but insecure management endpoint that is vulnerable to local host attacks...
PT-2024-19989 · Unknown · Micronaut Framework
Name of the Vulnerable Software and Affected Versions: Micronaut Framework versions prior to 3.8.3 Description: The issue concerns enabled but unsecured management endpoints in the Micronaut Framework, which are susceptible to drive-by localhost attacks. A malicious or compromised website can mak...
Fedora 39 : dnsmasq (2024-b359bbdf87)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-b359bbdf87 advisory. Change initial configuration to use local-service=host for initial listening on localhost. It auto- disables itself as soon as other explicit interface or...
Exploit for Injection in Atlassian Confluence_Data_Center
CVE-2023-22527-confluence Confluence CVE-2023-22527 realworl...
SUSE SLES15 / openSUSE 15 Security Update : hawk2 (SUSE-SU-2024:0076-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:0076-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVE...
PT-2024-17554
Name of the Vulnerable Software and Affected Versions: INW Krbyyyzo version 25.2002 Description: A problematic issue was found in the Daily Huddle Site component, specifically in the file /gbo.aspx. The manipulation of the argument s leads to resource consumption. It is possible to launch the...
PT-2023-32863 · Miniflare · Miniflare
Name of the Vulnerable Software and Affected Versions: Miniflare versions prior to 3.20231030.2 Description: Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on...
CVE-2023-48380
Softnext Mail SQR Expert is an email management platform, it has insufficient filtering for a special character within a spcific function. A remote attacker authenticated as a localhost can exploit this vulnerability to perform command injection attacks, to execute arbitrary system command,...
CVE-2023-48380
Softnext Mail SQR Expert is an email management platform, it has insufficient filtering for a special character within a spcific function. A remote attacker authenticated as a localhost can exploit this vulnerability to perform command injection attacks, to execute arbitrary system command,...
PT-2023-31357 · Unknown · Nuxt-Api-Party
Name of the Vulnerable Software and Affected Versions: nuxt-api-party versions prior to 0.22.1 Description: The issue arises from a recent change in the detection of absolute URLs, which is no longer sufficient to prevent Server-Side Request Forgery SSRF. The regular expression ^https?:// used to...
PT-2023-9161 · Ghost · Ghost
Name of the Vulnerable Software and Affected Versions: Ghost versions prior to 5.76.0 Description: The issue is related to the lack of protection of the web page structure, allowing a remote attacker to conduct a cross-site scripting XSS attack by sending a specially crafted malicious SVG file...
VulnCheck KEV: CVE-2019-9733
An issue was discovered in JFrog Artifactory 6.7.3. By default, the access-admin account is used to reset the password of the admin account in case an administrator gets locked out from the Artifactory console. This is only allowable from a connection directly from localhost, but providing a...
Server side request forgery (ssrf)
google-translate-api-browser is an npm package which interfaces with the google translate web api. A Server-Side Request Forgery SSRF Vulnerability is present in applications utilizing the google-translate-api-browser package and exposing the translateOptions to the end user. An attacker can set ...
CVE-2023-48711 Server-Side Request Forgery (SSRF) Vulnerability in google-translate-api-browser
google-translate-api-browser is an npm package which interfaces with the google translate web api. A Server-Side Request Forgery SSRF Vulnerability is present in applications utilizing the google-translate-api-browser package and exposing the translateOptions to the end user. An attacker can set ...