Lucene search
K

243 matches found

Cvelist
Cvelist
added 2025/01/21 3:27 p.m.65 views

CVE-2025-24011 Umbraco CMS Vulnerable to User Enumeration Feasible Based On Management API Timing and Response Codes

Umbraco is a free and open source .NET content management system. Starting in version 14.0.0 and prior to versions 14.3.2 and 15.1.2, it's possible to determine whether an account exists based on an analysis of response codes and timing of Umbraco management API responses. Versions 14.3.2 and...

5.3CVSS0.01451EPSS
Exploits1References3
CVE
CVE
added 2025/01/21 3:27 p.m.120 views

CVE-2025-24011

Summary: CVE-2025-24011 affects Umbraco CMS (.NET). From 14.0.0 up to, but not including, 14.3.2 and 15.1.2, an attacker can determine whether an account exists by analyzing response codes and timing of the management API. Impact: information exposure; no availability/integrity impact claimed. Ve...

5.3CVSS5.3AI score0.01451EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2025/01/21 12:0 a.m.6 views

Umbraco 信息泄露漏洞

Umbraco is an open source content management system CMS written in C from Umbraco, Denmark. An information disclosure vulnerability exists in Umbraco version 14.0.0 and earlier, which stems from the ability to determine the existence of an account based on an analysis of the response code and the...

5.3CVSS6.1AI score0.01451EPSS
Exploits1References4
OSV
OSV
added 2024/11/05 4:15 p.m.4 views

CVE-2023-29117

Waybox Enel X web management API authentication could be bypassed and provide administrator’s privileges over the Waybox system...

8.8CVSS5.8AI score0.00312EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/05 3:14 p.m.16 views

CVE-2023-29117 Authentication Bypass in JuiceBox Web Manager interface

Waybox Enel X web management API authentication could be bypassed and provide administrator’s privileges over the Waybox system...

8.8CVSS7.2AI score0.00312EPSS
Exploits0References1
Chainguard
Chainguard
added 2024/10/03 12:30 p.m.8 views

GHSA-78WR-2P64-HPWJ vulnerabilities

Vulnerabilities for packages: kafka, hadoop-client-modules, confluent-kafka, kserve, kserve-modelmesh, sonarqube, py3.10-vllm-cuda-11.8, confluent-kafka-jre-bcfips, apache-nifi, opensearch, zookeeper-fips, management-api-for-apache-cassandra-5.0, management-api-for-apache-cassandra-4.0,...

5.9AI score
Exploits0
Chainguard
Chainguard
added 2024/10/03 12:15 p.m.16 views

CVE-2024-47554 vulnerabilities

Vulnerabilities for packages: kafka, hadoop-client-modules, confluent-kafka, kserve, kserve-modelmesh, sonarqube, py3.10-vllm-cuda-11.8, confluent-kafka-jre-bcfips, apache-nifi, opensearch, zookeeper-fips, management-api-for-apache-cassandra-5.0, management-api-for-apache-cassandra-4.0,...

4.3CVSS6.7AI score0.01249EPSS
Exploits0
CVE
CVE
added 2024/09/19 11:11 p.m.81 views

CVE-2024-46999

CVE-2024-46999 : Zitadel’s user grants deactivation did not work, allowing deactivated grants to remain in tokens and potentially grant access to apps/resources. The issue affected multiple older releases; management/auth API could return an active state or lack state information. Affected versio...

7.3CVSS6.8AI score0.00332EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2024/08/21 5:48 a.m.17 views

Information Disclosure

umbraco.cms is vulnerable Information Disclosure. The vulnerability is due to improper handling of error responses in the Management API, which causes stack trace information to be returned even when Umbraco is not in debug mode. It allows an attacker to gain access to internal details of the...

5.3CVSS6.9AI score0.00363EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2024/08/20 6:25 p.m.2 views

Generation of Error Message Containing Sensitive Information

Overview Umbraco.Cms.Web.Common is a package containing the web assembly needed to run Umbraco CMS. Affected versions of this package are vulnerable to Generation of Error Message Containing Sensitive Information. An attacker can obtain stack trace information that may include sensitive data by...

5.3CVSS6.6AI score0.00363EPSS
Exploits0References2
Snyk
Snyk
added 2024/08/20 6:25 p.m.2 views

Generation of Error Message Containing Sensitive Information

Overview Affected versions of this package are vulnerable to Generation of Error Message Containing Sensitive Information. An attacker can obtain stack trace information that may include sensitive data by sending crafted requests to the Management API endpoints. Remediation Upgrade...

5.3CVSS6.7AI score0.00363EPSS
Exploits0References2
NVD
NVD
added 2024/08/20 3:15 p.m.22 views

CVE-2024-43376

Umbraco is an ASP.NET CMS. Some endpoints in the Management API can return stack trace information, even when Umbraco is not in debug mode. This vulnerability is fixed in 14.1.2...

5.3CVSS0.00363EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/08/20 2:40 p.m.17 views

CVE-2024-43376 Umbraco CMS vulnerable to Generation of Error Message Containing Sensitive Information

Umbraco is an ASP.NET CMS. Some endpoints in the Management API can return stack trace information, even when Umbraco is not in debug mode. This vulnerability is fixed in 14.1.2...

4.3CVSS7AI score0.00363EPSS
Exploits0References2
CVE
CVE
added 2024/08/20 2:40 p.m.108 views

CVE-2024-43376

CVE-2024-43376 affects Umbraco CMS (ASP.NET). The vulnerability exists in the Management API where certain endpoints can return stack trace information even when Umbraco is not in debug mode. This could expose internal details. The issue is addressed in version 14.1.2 of Umbraco, with remediation...

5.3CVSS4.6AI score0.00363EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/08/20 2:40 p.m.43 views

CVE-2024-43376 Umbraco CMS vulnerable to Generation of Error Message Containing Sensitive Information

Umbraco is an ASP.NET CMS. Some endpoints in the Management API can return stack trace information, even when Umbraco is not in debug mode. This vulnerability is fixed in 14.1.2...

4.3CVSS0.00363EPSS
Exploits0References2
OSV
OSV
added 2024/08/20 2:40 p.m.19 views

CVE-2024-43376 Umbraco CMS vulnerable to Generation of Error Message Containing Sensitive Information

Umbraco is an ASP.NET CMS. Some endpoints in the Management API can return stack trace information, even when Umbraco is not in debug mode. This vulnerability is fixed in 14.1.2...

4.3CVSS6.6AI score0.00363EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/08/20 12:0 a.m.7 views

PT-2024-30539 · Umbraco · Umbraco Cms

Name of the Vulnerable Software and Affected Versions: Umbraco CMS versions prior to 14.1.2 Description: The issue allows an authenticated user to access a few unintended endpoints. This is because a few endpoints in the Umbraco Management API were not properly protected, requiring only...

6.3CVSS6.8AI score0.00244EPSS
Exploits0References10
OSV
OSV
added 2024/06/26 12:15 a.m.3 views

CVE-2024-29954

A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive information in log files. This could allow an authenticated user to view the server passwords for protocols such as scp and sftp. Detail. When the...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/06/25 12:0 a.m.7 views

PT-2024-23168 · Brocade · Brocade Fabric Os

Name of the Vulnerable Software and Affected Versions: Brocade Fabric OS versions prior to 9.2.1 Brocade Fabric OS versions prior to 9.2.0b Brocade Fabric OS versions prior to 9.1.1d Brocade Fabric OS versions prior to 8.2.3e Description: A vulnerability in the password management API prints...

5.9CVSS7AI score0.00114EPSS
Exploits0References5
Wolfi
Wolfi
added 2024/06/21 6:31 a.m.14 views

GHSA-V2XM-76PQ-PHCF vulnerabilities

Vulnerabilities for packages: management-api-for-apache-cassandra-5.0...

5.8AI score
Exploits0
Rows per page
Query Builder