Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

IBM Security Bulletins
IBM Security Bulletinsadded 2023/09/11 4:44 p.m.48 views

Security Bulletin: IBM Cognos Command Center is affected by multiple vulnerabilities (CVE-2023-21939, CVE-2023-21967, CVE-2022-29117, XFID: 234366)

Summary There are vulnerabilities in IBM® Semeru Java™ Version 11 used by IBM Cognos Command Center. IBM Cognos Command Center 10.2.4 Fix Pack 1 IF19 has addressed the applicable CVEs by upgrading to IBM® Semeru JRE 11.0.19.0 CVE-2023-21939, CVE-2023-21967. The following 3rd party components used...

7.5CVSS7.6AI score0.02108EPSS
Exploits1Affected Software1
Snyk
Snykadded 2022/05/14 2:1 a.m.2 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to not using or validating the state parameter of the OAuth 2.0 and OpenID Connect protocols. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations...

8.8CVSS7.2AI score0.00141EPSS
Exploits0References2
Snyk
Snykadded 2022/05/14 2:1 a.m.1 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to not using or validating the state parameter of the OAuth 2.0 and OpenID Connect protocols. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations...

8.8CVSS7.2AI score0.00141EPSS
Exploits0References2
OSV
OSVadded 2022/05/14 2:1 a.m.9 views

GHSA-MMHR-3JR7-QJ2P Auth0-ASPNET and Auth0-ASPNET-Owin vulnerable to Cross-Site Request Forgery

An issue was discovered in Auth0 auth0-aspnet and auth0-aspnet-owin. Affected packages do not use or validate the state parameter of the OAuth 2.0 and OpenID Connect protocols. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations...

8.8CVSS8.8AI score0.00141EPSS
Exploits0References4
Github Security Blog
Github Security Blogadded 2022/05/14 2:1 a.m.14 views

Auth0-ASPNET and Auth0-ASPNET-Owin vulnerable to Cross-Site Request Forgery

An issue was discovered in Auth0 auth0-aspnet and auth0-aspnet-owin. Affected packages do not use or validate the state parameter of the OAuth 2.0 and OpenID Connect protocols. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations...

8.8CVSS7.1AI score0.00141EPSS
Exploits0References4Affected Software2
Veracode
Veracodeadded 2020/08/31 5:1 a.m.69 views

Authorization Bypass

microsoft.aspnetcore.http and microsoft.owin are vulnerable to authorization bypass. Cookie values are not properly decoded when it contain certain characters. A remote attacker is able to bypass the "Cookie Prefixes" security mechanism by sending malicious cookies to the application...

7.5CVSS7.5AI score0.20401EPSS
Exploits0References14Affected Software3
Prion
Prionadded 2018/08/29 3:29 a.m.9 views

Cross site request forgery (csrf)

An issue was discovered in Auth0 auth0-aspnet and auth0-aspnet-owin. Affected packages do not use or validate the state parameter of the OAuth 2.0 and OpenID Connect protocols. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations...

6.8CVSS8.8AI score0.00141EPSS
Exploits0References1
Rows per page
Query Builder