Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3 matches found

Prion
Prionadded 2023/09/06 1:15 p.m.17 views

Cross site request forgery (csrf)

Jenkins Azure AD Plugin 396.v86ce29279947 and earlier, except 378.380.v545b1154b3fb, uses a non-constant time comparison function when checking whether the provided and expected CSRF protection nonce are equal, potentially allowing attackers to use statistical methods to obtain a valid nonce...

5CVSS7.4AI score0.00122EPSS
Exploits0References2Affected Software1
Code423n4
Code423n4added 2022/08/06 12:0 a.m.13 views

Project party can unilaterally change price payed at task completion

Lines of code Vulnerability details Impact If there has been more than a change in a task's cost through mulitple calls to changeOrder, signatures previously passed can be replayed by one party to change the price payed for the task without consent of the other parties by frontrunning call to...

6.8AI score
Exploits0
Veracode
Veracodeadded 2018/01/11 9:30 a.m.8 views

Timing Attack

github.com/hashicorp/vault is vulnerable to timing attacks. The application is vulnerable because they do not compare nonces in constant-time, which allows attackers to use the timing of the request to progressively identify a valid nonce...

6.6AI score
Exploits0
Rows per page
Query Builder