Lucene search
K

25 matches found

Nuclei
Nuclei
added 14 hours ago173 views

Hoverfly < 1.10.3 - Arbitrary File Read

Hoverfly is a lightweight service virtualization/ API simulation / API mocking tool for developers and testers. The /api/v2/simulation POST handler allows users to create new simulation views from the contents of a user-specified file. This feature can be abused by an attacker to read arbitrary...

7.5CVSS6.2AI score0.55864EPSS
Exploits3References2
OSV
OSV
added 2026/03/01 1:0 a.m.7 views

GHSA-H3H8-3V2V-RG7M Gradio: Mocked OAuth Login Exposes Server Credentials and Uses Hardcoded Session Secret

Summary Gradio applications running outside of Hugging Face Spaces automatically enable "mocked" OAuth routes when OAuth components e.g. gr.LoginButton are used. When a user visits /login/huggingface, the server retrieves its own Hugging Face access token via huggingfacehub.gettoken and stores it...

5.9AI score0.00453EPSS
Exploits1References6
NVD
NVD
added 2024/09/02 6:15 p.m.38 views

CVE-2024-45388

Hoverfly is a lightweight service virtualization/ API simulation / API mocking tool for developers and testers. The /api/v2/simulation POST handler allows users to create new simulation views from the contents of a user-specified file. This feature can be abused by an attacker to read arbitrary...

7.5CVSS0.55864EPSS
Exploits3References4
CVE
CVE
added 2024/09/02 4:7 p.m.123 views

CVE-2024-45388

Hoverfly (Git SpectoLabs) contains a path traversal vulnerability in the /api/v2/simulation POST handler that lets unauthenticated attackers read arbitrary files from the server by supplying a specially crafted bodyFile parameter (e.g., ../../../../etc/passwd). The implementation attempts to join...

7.5CVSS7.2AI score0.55864EPSS
In wildExploits3References4Affected Software1
Fedora
Fedora
added 2024/03/07 10:33 p.m.34 views

[SECURITY] Fedora 40 Update: mockito-5.8.0-5.fc40

Mockito is a mocking framework that tastes really good. It lets you write beautiful tests with clean & simple API. Mockito doesn't give you hangover because the tests are very readable and they produce clean verification errors...

8.8CVSS6.9AI score0.02578EPSS
Exploits3
Fedora
Fedora
added 2024/03/07 10:33 p.m.28 views

[SECURITY] Fedora 40 Update: hamcrest-2.2-16.fc40

Provides a library of matcher objects also known as constraints or predicate s allowing 'match' rules to be defined declaratively, to be used in other frameworks. Typical scenarios include testing frameworks, mocking libraries a nd UI validation rules...

8.8CVSS9AI score0.02578EPSS
Exploits3
Openbugbounty
Openbugbounty
added 2024/03/02 10:34 a.m.8 views

mocking-bird.org Cross Site Scripting vulnerability OBB-3863910

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Vulnrichment
Vulnrichment
added 2023/11/20 6:25 p.m.15 views

CVE-2023-48309 next-auth vulnerable to possible user mocking that bypasses basic authentication

NextAuth.js provides authentication for Next.js. next-auth applications prior to version 4.24.5 that rely on the default Middleware authorization are affected by a vulnerability. A bad actor could create an empty/mock user, by getting hold of a NextAuth.js-issued JWT from an interrupted OAuth...

5.3CVSS6.6AI score0.007EPSS
Exploits0References5
Cvelist
Cvelist
added 2023/11/20 6:25 p.m.35 views

CVE-2023-48309 next-auth vulnerable to possible user mocking that bypasses basic authentication

NextAuth.js provides authentication for Next.js. next-auth applications prior to version 4.24.5 that rely on the default Middleware authorization are affected by a vulnerability. A bad actor could create an empty/mock user, by getting hold of a NextAuth.js-issued JWT from an interrupted OAuth...

5.3CVSS5.4AI score0.007EPSS
Exploits0References5
Node JS Blog
Node JS Blog
added 2023/01/06 12:0 a.m.36 views

Node v18.13.0 (LTS)

Node v18.13.0 LTS By Danielle Adams, Jan 06, 2023 Notable changes Add support for externally shared js builtins By default Node.js is built so that all dependencies are bundled into the Node.js binary itself. Some Node.js distributions prefer to manage dependencies externally. There are existing...

7.3AI score
Exploits0
OSV
OSV
added 2022/09/16 5:42 p.m.88 views

GHSA-F524-RF33-2JJR OPA Compiler: Bypass of WithUnsafeBuiltins using "with" keyword to mock functions

Impact The Rego compiler provides a deprecated WithUnsafeBuiltins function, which allows users to provide a set of built-in functions that should be deemed unsafe — and as such rejected — by the compiler if encountered in the policy compilation stage. A bypass of this protection has been found,...

7.4CVSS8.7AI score0.0127EPSS
Exploits1References9
The Hacker News
The Hacker News
added 2022/09/16 3:8 a.m.32 views

Uber Says It's Investigating a Potential Breach of Its Computer Systems

Ride hailing giant Uber disclosed Thursday it's responding to a cybersecurity incident involving a breach of its network and that it's in touch with law enforcement authorities. The New York Times first reported the incident. The company pointed to its tweeted statement when asked for comment on...

0.1AI score
Exploits0
Fedora
Fedora
added 2022/07/20 1:40 a.m.14 views

[SECURITY] Fedora 35 Update: golang-github-jacobsa-oglemock-0-0.8.20190622gite94d794.fc35~bootstrap

Oglemock is a mocking framework for the Go programming language with the following features: - An extensive and extensible set of matchers for expressing call expectatio ns provided by the oglematchers package. - Clean, readable output that tells you exactly what you need to know. - Style and...

7.2AI score
Exploits0
Fedora
Fedora
added 2022/07/17 1:15 a.m.32 views

[SECURITY] Fedora 35 Update: golang-github-mock-1.4.4-4.fc35

GoMock is a mocking framework for the Go programming language. It integrates well with Go's built-in testing package, but can be used in other contexts to o...

9.3CVSS9AI score0.0995EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2020/07/27 12:0 a.m.31 views

openSUSE Security Update : opera (openSUSE-2020-917)

This update for opera fixes the following issues : Opera was updated to version 68.0.3618.104 - CHR-7909 Update chromium on desktop-stable-81-3618 to 81.0.4044.138 - CVE-2020-6831, CVE-2020-6464 - DNA-85609 Mac Tabs shrinking & disappearing - DNA-85629 Crash at...

9.8CVSS8.1AI score0.05803EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2020/05/26 12:0 a.m.23 views

openSUSE Security Update : opera (openSUSE-2020-709)

This update for opera fixes the following issues : Opera was updated to version 68.0.3618.104 - CHR-7909 Update chromium on desktop-stable-81-3618 to 81.0.4044.138 - CVE-2020-6831, CVE-2020-6464 - DNA-85609 Mac Tabs shrinking & disappearing - DNA-85629 Crash at...

9.8CVSS8.1AI score0.05803EPSS
Exploits1References2
Kitploit
Kitploit
added 2020/02/13 9:0 p.m.62 views

Aduket - Straight-forward HTTP Client Testing, Assertions Included

Straight-forward HTTP client testing, assertions included! Simple httptest.Server wrapper with a little request recorder spice on it. No special DSL, no complex API to learn. Just create a server and fire your request like an Hadouken then assert them. TODO Add example usages Add docs Add respons...

7.4AI score
Exploits0References1
The Hacker News
The Hacker News
added 2015/12/07 2:44 a.m.23 views

Save the Date — 11th December: Anonymous to Celebrate 'ISIS Trolling Day'

After hacking and taking down social media accounts of ISIS members, the online Hacktivist group Anonymous is back again with its new plan to harass the Islamic State IS militant group that was behind the horrific terror attack in Paris. Anonymous declared total war against ISIS after the last...

6.9AI score
Exploits0
0day.today
0day.today
added 2013/05/26 12:0 a.m.33 views

XOOPS 2.5.6 CSRF Vulnerability

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

7.1AI score
Exploits0
0day.today
0day.today
added 2013/03/25 12:0 a.m.28 views

xBoard 6.0 Local File Inclusion Vulnerability

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

7.1AI score
Exploits0
Rows per page
Query Builder