Lucene search
+L

18 matches found

Github Security Blog
Github Security Blog
added 2026/07/07 1:1 p.m.6 views

New API is vulnerable to CSRF through user email binding

Summary The email and WeChat account binding endpoints used GET requests for state-changing account operations. In deployments where session cookies could be sent on cross-site navigations, an attacker could trigger a logged-in user's browser to bind an attacker-controlled email address or OAuth...

5.3CVSS5.9AI score0.00189EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/04/24 12:0 a.m.5 views

EUVD-2025-209575

A Broken Access Control vulnerability exists in ClassroomIO v0.1.13 where an authenticated low-privileged "student" user can access unauthorized course-level information by modifying intercepted API requests. Changing a captured POST request to a GET request against the /rest/v1/course PostgREST...

6.5CVSS5.2AI score0.00212EPSS
Exploits0References2
CVE
CVE
added 2026/02/26 9:44 p.m.18 views

CVE-2026-25741

Zulip CVE-2026-25741 affects the Zulip Cloud payment processing flow. Before commit bf28c82dc9b1f630fa8e9106358771b20a0040f7, the API endpoint for creating a card update session during an upgrade flow was accessible to users with only organization member privileges. When the associated Stripe Che...

7.1CVSS5.4AI score0.00275EPSS
Exploits0References2
OSV
OSV
added 2025/05/07 7:11 p.m.5 views

RLSA-2024:11189 Moderate: python3.11-urllib3 security update

The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fixes: urllib3: Request body not stripped after redirect from 303 status changes request method to GET CVE-2023-45803 For more details about the security issues, including the...

4.2CVSS6.9AI score0.00544EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/02/25 11:30 a.m.3 views

urllib3: Request body not stripped after redirect from 303 status changes request method to GET

A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as POST to GET, as is required by HTTP...

4.2CVSS7.2AI score0.00544EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2024/05/22 8:37 p.m.10 views

urllib3: Request body not stripped after redirect from 303 status changes request method to GET

A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as POST to GET, as is required by HTTP...

4.2CVSS7.2AI score0.00544EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2024/05/22 9:48 a.m.4 views

urllib3: Request body not stripped after redirect from 303 status changes request method to GET

A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as POST to GET, as is required by HTTP...

4.2CVSS7.2AI score0.00544EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2024/05/22 9:26 a.m.4 views

urllib3: Request body not stripped after redirect from 303 status changes request method to GET

A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as POST to GET, as is required by HTTP...

4.2CVSS7.2AI score0.00544EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2024/04/30 9:56 a.m.4 views

urllib3: Request body not stripped after redirect from 303 status changes request method to GET

A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as POST to GET, as is required by HTTP...

4.2CVSS7.2AI score0.00544EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/02/29 12:0 a.m.14 views

CMS Security Vulnerability

Joomla! is a set of forum components used in the Joomla! content management system. A security vulnerability exists in Joomla! CMS that stems from the MFA management feature failing to properly terminate an existing user session when the user's MFA method has been modified...

6.3CVSS6.8AI score0.00512EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/01/30 1:27 p.m.4 views

urllib3: Request body not stripped after redirect from 303 status changes request method to GET

A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as POST to GET, as is required by HTTP...

4.2CVSS7.2AI score0.00544EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2024/01/25 11:5 a.m.3 views

urllib3: Request body not stripped after redirect from 303 status changes request method to GET

A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as POST to GET, as is required by HTTP...

4.2CVSS7.2AI score0.00544EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2024/01/10 10:50 a.m.3 views

urllib3: Request body not stripped after redirect from 303 status changes request method to GET

A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as POST to GET, as is required by HTTP...

4.2CVSS7.2AI score0.00544EPSS
Exploits0References7
OSV
OSV
added 2023/11/17 11:6 a.m.1 views

OESA-2023-1840 python-urllib3 security update

Sanity-friendly HTTP client for Python Security Fixes: urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could acce...

4.2CVSS4.9AI score0.00544EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:9 a.m.6 views

SUSE CVE-2019-14822

A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrokes of a victim user who is usi...

8CVSS6.5AI score0.00365EPSS
Exploits0References9
CNVD
CNVD
added 2018/06/27 12:0 a.m.54 views

Spring Framework Cross-Site Tracking Vulnerability

Pivotal Spring Framework is the United States Pivotal Software's set of open source Java, Java EE application framework. The framework helps developers build high-quality applications . A security vulnerability exists in Pivotal Spring Framework versions 5.0.x prior to 5.0.7, 4.3.x prior to 4.3.1...

5.9CVSS6AI score0.02781EPSS
Exploits0References1
NVD
NVD
added 2018/06/25 3:29 p.m.32 views

CVE-2018-11039

Spring Framework versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions allow web applications to change the HTTP request method to any HTTP method including TRACE using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS...

5.9CVSS6.5AI score0.02781EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2018/06/25 3:29 p.m.41 views

CVE-2018-11039

Spring Framework versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions allow web applications to change the HTTP request method to any HTTP method including TRACE using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS...

5.9CVSS6.8AI score0.02781EPSS
Exploits0References2
Rows per page
Query Builder