Lucene search
K

7 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-5962

Malicious code in bioql PyPI...

4.7CVSS6.4AI score0.00237EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-5956

Malicious code in bioql PyPI...

4.7CVSS6.4AI score0.00237EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/05/09 7:34 p.m.29 views

code-server's session cookie can be extracted by having user visit specially crafted proxy URL

Summary A maliciously crafted URL using the proxy subpath can result in the attacker gaining access to the session token. Details Failure to properly validate the port for a proxy request can result in proxying to an arbitrary domain. The malicious URL https:///proxy/[email protected]/path would be...

8.3CVSS7AI score0.36027EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2025/01/20 3:8 a.m.7 views

Cross-Site Request Forgery (CSRF)

typo3/cms-form is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper handling of state-changing actions in downstream components, which incorrectly accept submissions via HTTP GET requests instead of enforcing the correct HTTP method. Misconfigured settings, such ...

5.4CVSS6.7AI score0.00183EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/01/14 3:40 p.m.10 views

GHSA-7R5Q-4QGX-V545 TYPO3 Indexed Search Module vulnerable to Cross-Site Request Forgery

Problem A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP...

4.3CVSS4.6AI score0.00188EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2005/02/25 12:0 a.m.25 views

Mozilla Firefox < 1.0.1 Multiple Vulnerabilities

Binary data 2652.prm...

10CVSS7.3AI score0.82537EPSS
Exploits19References56
exploitpack
exploitpack
added 2001/02/14 12:0 a.m.14 views

KICQ 1.0 - Arbitrary Command Execution

KICQ 1.0 - Arbitrary Command Execution source: https://www.securityfocus.com/bid/2443/info KICQ is an ICQ-compatible interactive messaging client for Unix. Versions of KICQ are vulnerable to remote execution of arbitrary commands embedded in URLs. A maliciously-composed URL containing shell...

0.5AI score
Exploits0
Rows per page
Query Builder