Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

NVD
NVDadded 2024/11/06 5:15 p.m.10 views

CVE-2024-10318

A session fixation issue was discovered in the NGINX OpenID Connect reference implementation, where a nonce was not checked at login time. This flaw allows an attacker to fix a victim's session to an attacker-controlled account. As a result, although the attacker cannot log in as the victim, they...

5.4CVSS0.01062EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2024/11/06 4:48 p.m.11 views

CVE-2024-10318 NGINX OpenID Connect Vulnerability

A session fixation issue was discovered in the NGINX OpenID Connect reference implementation, where a nonce was not checked at login time. This flaw allows an attacker to fix a victim's session to an attacker-controlled account. As a result, although the attacker cannot log in as the victim, they...

5.4CVSS6.9AI score0.01062EPSS
Exploits0References1
Cvelist
Cvelistadded 2024/11/06 4:48 p.m.21 views

CVE-2024-10318 NGINX OpenID Connect Vulnerability

A session fixation issue was discovered in the NGINX OpenID Connect reference implementation, where a nonce was not checked at login time. This flaw allows an attacker to fix a victim's session to an attacker-controlled account. As a result, although the attacker cannot log in as the victim, they...

5.4CVSS0.01062EPSS
Exploits0References1
OSV
OSVadded 2024/09/13 4:15 p.m.10 views

CVE-2024-6587

A Server-Side Request Forgery SSRF vulnerability exists in berriai/litellm version 1.38.10. This vulnerability allows users to specify the apibase parameter when making requests to POST /chat/completions, causing the application to send the request to the domain specified by apibase. This request...

7.5CVSS6.6AI score
Exploits0References2
Hacker One
Hacker Oneadded 2024/08/01 4:12 p.m.4 views

MTN Group: Yet Another OTP code Leaked in the API Response

The OTP code was leaked in the API response, which compromised the purpose of its implementation. The application requested a phone number for authentication and sent an OTP code to the user, but the OTP was returned in the API response, exposing it to potential misuse...

7.5AI score
Exploits0
Veracode
Veracodeadded 2024/04/16 11:32 a.m.18 views

Privilege Escalation

Amazon AWS Amplify CLI is vulnerable to Privilege Escalation. The vulnerability is due to the mishandling of role trust policies when the Authentication component is removed, leaving "Effect":"Allow" in place without conditions, thus exposing sts:AssumeRoleWithWebIdentity to potential misuse...

9.8CVSS6.8AI score0.00648EPSS
Exploits2References6Affected Software2
Code423n4
Code423n4added 2023/11/17 12:0 a.m.9 views

asD TOKEN CREATOR CAN PROFIT UNFAIRLY FROM THE cNote TOKENS DIRECLTY TRANSFERRED TO THE asD.sol CONTRACT

Lines of code Vulnerability details Impact The asD.withdrawCarry function is used to withdraw the interest that accrued in the asD contract in the form of NOTE tokens. Only the owner of the asD token is able to withdraw the interest accrued since the withdrawCarry is controlled by the onlyOwner...

7AI score
Exploits0
NCSC
NCSCadded 2022/10/11 12:0 a.m.1 views

Vulnerability fixed in Apple iOS

Apple has fixed a vulnerability in iOS 16. A malicious person could potentially exploit the vulnerability to use a rogue email to effect a crash. At this time, very little information has been shared by Apple about the vulnerability. Also, nothing has been disclosed about possible active misuse a...

6.5CVSS6.2AI score0.00268EPSS
Exploits0
Rows per page
Query Builder