Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2277 matches found

SUSE CVE
SUSE CVEadded 2023/02/15 3:36 a.m.1 views

SUSE CVE-2021-44540

A vulnerability was found in Privoxy which was fixed in geturlspecparam by freeing memory of compiled pattern spec before bailing...

7.5CVSS7.4AI score0.0043EPSS
Exploits0References5
Veracode
Veracodeadded 2023/02/15 2:2 a.m.14 views

Regular Expression Denial Of Service (ReDoS)

simple-markdown is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists due to an insecure Regex pattern used for the match attribute in the autolink object in simple-markdown.js, which allows an attacker to crash the application by providing a maliciously crafted...

7.5CVSS7.1AI score0.00239EPSS
Exploits1References6Affected Software1
Code423n4
Code423n4added 2023/02/03 12:0 a.m.13 views

Potential DOS in Contract Inheriting UUPSUpgradeable.sol

Lines of code Vulnerability details Impact There is a contract which inherit UUPSUpgradeable.sol, namely; Managed.sol . The contract is deployed using a proxy pattern whereby the implementation contract is used by the proxy contract for all its logic. The proxy contract will make delegate calls t...

7.3AI score
Exploits0
Code423n4
Code423n4added 2023/02/02 12:0 a.m.11 views

Critical Vulnerability exposed Reentrancy attack allowing unlimited Fund Withdrawals.

Lines of code Vulnerability details Impact Function register where it transfers a fixed amount of $NOTE tokens 100 $NOTE to the cidFeeWallet address without checking the reentrancy status. An attacker can repeatedly call this function to drain the contract balance...

6.8AI score
Exploits0
Code423n4
Code423n4added 2023/01/27 12:0 a.m.10 views

reentrancy in TimeswapV2Option.collect()

Lines of code Vulnerability details Impact collect function doesn't respect the check-effect-interaction pattern, where in the case if a param.data is provided it makes an external call to the caller, right after that, it updates option short amount state. in the case if the caller calls back int...

7.1AI score
Exploits0
Spring Engineering
Spring Engineeringadded 2023/01/25 9:8 p.m.14 views

Introducing Microservices Patterns with Spring Integration

Hey Spring Community! I hope you are enjoying Spring One Essentials these days. The most exciting feature for me is an Observability which is spread throughout the Spring portfolio from now on. Nevertheless, today Id like to share with a project Im working on since holidays, where the mentioned...

0.1AI score
Exploits0
Veracode
Veracodeadded 2023/01/25 3:43 a.m.53 views

Regular Expression Denial Of Service (ReDoS)

ua-parser-js is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists due to an insecure Regex pattern used for the str attribute in the trim function of ua-parser.js, which allows an attacker to crash the application by providing a maliciously crafted string...

7.5CVSS7.3AI score0.01453EPSS
Exploits2References2Affected Software2
Spring Engineering
Spring Engineeringadded 2023/01/25 12:0 a.m.19 views

Introducing Microservices Patterns with Spring Integration

Hey Spring Community! I hope you are enjoying Spring One Essentials these days. The most exciting feature for me is an Observability which is spread throughout the Spring portfolio from now on. Nevertheless, today I’d like to share with a project I’m working on since holidays, where the mentioned...

0.1AI score
Exploits0
Spring Engineering
Spring Engineeringadded 2023/01/25 12:0 a.m.8 views

Introducing Microservices Patterns with Spring Integration

Hey Spring Community! I hope you are enjoying Spring One Essentials these days. The most exciting feature for me is an Observability which is spread throughout the Spring portfolio from now on. Nevertheless, today I’d like to share with a project I’m working on since holidays, where the mentioned...

0.1AI score
Exploits0
Veracode
Veracodeadded 2023/01/19 2:4 a.m.22 views

Regular Expression Denial Of Service (ReDoS)

activesupport is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists due to the insecure Regex pattern used in the underscore function of methods.rb, allowing an attacker to crash the application by providing a maliciously crafted string...

7.5CVSS7.3AI score0.01484EPSS
Exploits0References8Affected Software3
Github Security Blog
Github Security Blogadded 2023/01/14 12:30 p.m.24 views

Apache Shiro Interpretation Conflict vulnerability

When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot 2.6 default to Ant sty...

7.5CVSS7.7AI score0.00217EPSS
Exploits0References3Affected Software1
OSV
OSVadded 2023/01/14 12:30 p.m.25 views

GHSA-7CXR-H8WM-FG4C Apache Shiro Interpretation Conflict vulnerability

When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot 2.6 default to Ant sty...

7.5CVSS7.7AI score0.00217EPSS
Exploits0References3
OSV
OSVadded 2023/01/14 10:15 a.m.2 views

DEBIAN-CVE-2023-22602

When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot 2.6 default to Ant sty...

7.5CVSS7.2AI score0.00217EPSS
Exploits0References1
OSV
OSVadded 2023/01/14 10:15 a.m.15 views

CVE-2023-22602

When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot 2.6 default to Ant sty...

7.5CVSS8.2AI score
Exploits0References2
NVD
NVDadded 2023/01/14 10:15 a.m.12 views

CVE-2023-22602

When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot 2.6 default to Ant sty...

7.5CVSS7.7AI score0.00217EPSS
Exploits0References2
UbuntuCve
UbuntuCveadded 2023/01/14 10:15 a.m.29 views

CVE-2023-22602

When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot 2.6 default to Ant sty...

7.5CVSS7.1AI score0.00217EPSS
Exploits0References3
OSV
OSVadded 2023/01/14 10:15 a.m.0 views

UBUNTU-CVE-2023-22602

When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot 2.6 default to Ant sty...

7.5CVSS7.1AI score0.00217EPSS
Exploits0References3
Prion
Prionadded 2023/01/14 10:15 a.m.15 views

Authentication flaw

When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot 2.6 default to Ant sty...

5CVSS7.7AI score0.00217EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichmentadded 2023/01/14 9:33 a.m.16 views

CVE-2023-22602 Apache Shiro before 1.11.0, when used with Spring Boot 2.6+, may allow authentication bypass through a specially crafted HTTP request

When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot 2.6 default to Ant sty...

7AI score0.00217EPSS
Exploits0References1
Debian CVE
Debian CVEadded 2023/01/14 9:33 a.m.32 views

CVE-2023-22602

When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot 2.6 default to Ant sty...

7.5CVSS7.7AI score0.00217EPSS
Exploits0
Rows per page
Query Builder