Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/06/17 11:14 p.m.7 views

CVE-2026-11525

A flaw was found in undici. When undici processes Set-Cookie headers, it incorrectly interprets the SameSite attribute, accepting partial matches instead of exact ones. This allows a malicious server to downgrade a cookie's SameSite policy to a less secure setting, potentially leading to unintend...

3.7CVSS4.9AI score0.00248EPSS
Exploits0References5
Packet Storm News
Packet Storm News
added 2025/11/28 12:0 a.m.3 views

Retrieval-Augmented Few-Shot Prompting Versus Fine-Tuning for Code Vulnerability Detection

Few-shot prompting has emerged as a practical alternative to fine-tuning for leveraging the capabilities of large language models LLMs in specialized tasks. However, its effectiveness depends heavily on the selection and quality of in-context examples, particularly in complex domains. In this wor...

6.8AI score
Exploits0
OSV
OSV
added 2024/12/02 6:34 p.m.1 views

GHSA-75C5-XW7C-P5PM PyJWT Issuer field partial matches allowed

Summary The wrong string if check is run for iss checking, resulting in "acb" being accepted for "abc". Details This is a bug introduced in version 2.10.0: checking the "iss" claim changed from isinstanceissuer, list to isinstanceissuer, Sequence. diff - if isinstanceissuer, list: + if...

2.2CVSS7.1AI score0.0081EPSS
Exploits1References5
OSV
OSV
added 2023/11/29 9:33 p.m.20 views

GHSA-GXHX-G4FQ-49HJ CarrierWave Content-Type allowlist bypass vulnerability, possibly leading to XSS

Impact CarrierWave::Uploader::ContentTypeAllowlist has a Content-Type allowlist bypass vulnerability, possibly leading to XSS. The validation in allowlistedcontenttype? determines Content-Type permissions by performing a partial match. If the contenttype argument of allowlistedcontenttype? is...

6.8CVSS5.9AI score0.00613EPSS
Exploits0References9
Debian CVE
Debian CVE
added 2023/11/29 2:38 p.m.19 views

CVE-2023-49090

CarrierWave is a solution for file uploads for Rails, Sinatra and other Ruby web frameworks. CarrierWave has a Content-Type allowlist bypass vulnerability, possibly leading to XSS. The validation in allowlistedcontenttype? determines Content-Type permissions by performing a partial match. If the...

6.8CVSS6.2AI score0.00613EPSS
Exploits0
n0where
n0where
added 2016/08/30 4:11 p.m.54 views

Packet Capture Generator for IDS: Sniffles

Packet Capture Generator for IDS and Regular Expression Evaluation Sniffles is a tool for creating packet captures that will test IDS that use fixed patterns or regular expressions for detecting suspicious behavior. Sniffles works very simply. It takes a set of regular expressions or rules and...

Exploits0References1
Rows per page
Query Builder