Lucene search
+L

212 matches found

NVD
NVD
added 2026/01/30 7:16 p.m.9 views

CVE-2025-62349

Salt contains an authentication protocol version downgrade weakness that can allow a malicious minion to bypass newer authentication/security features by using an older request payload format, enabling minion impersonation and circumventing protections introduced in response to prior issues...

7.5CVSS0.00407EPSS
Exploits0References2
OSV
OSV
added 2026/01/30 7:16 p.m.10 views

UBUNTU-CVE-2025-62349

Salt contains an authentication protocol version downgrade weakness that can allow a malicious minion to bypass newer authentication/security features by using an older request payload format, enabling minion impersonation and circumventing protections introduced in response to prior issues...

7.5CVSS5.8AI score0.00407EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/03 7:5 p.m.14 views

CVE-2025-52622

The BigFix SaaS's HTTP responses were missing some security headers. The absence of these headers weakens the application's client-side security posture, making it more vulnerable to common web attacks that these headers are designed to mitigate, such as Cross-Site Scripting XSS, Clickjacking, an...

5.4CVSS6.3AI score0.00155EPSS
Exploits0References1
NVD
NVD
added 2025/12/02 6:15 p.m.5 views

CVE-2025-52622

The BigFix SaaS's HTTP responses were missing some security headers. The absence of these headers weakens the application's client-side security posture, making it more vulnerable to common web attacks that these headers are designed to mitigate, such as Cross-Site Scripting XSS, Clickjacking, an...

5.4CVSS0.00155EPSS
Exploits0References1
CVE
CVE
added 2025/12/02 5:59 p.m.11 views

CVE-2025-52622

Technical details about CVE-2025-52622 are not publicly provided in the supplied documents. Monitor for updates from Red Hat, NVD, and CVE records to obtain affected products, fixed versions, and remediation guidance.

5.4CVSS6AI score0.00155EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/02 5:59 p.m.14 views

CVE-2025-52622 HCL BigFix SaaS Remediate is affected by a security vulnerability

The BigFix SaaS's HTTP responses were missing some security headers. The absence of these headers weakens the application's client-side security posture, making it more vulnerable to common web attacks that these headers are designed to mitigate, such as Cross-Site Scripting XSS, Clickjacking, an...

5.4CVSS0.00155EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/02 5:59 p.m.4 views

CVE-2025-52622 HCL BigFix SaaS Remediate is affected by a security vulnerability

The BigFix SaaS's HTTP responses were missing some security headers. The absence of these headers weakens the application's client-side security posture, making it more vulnerable to common web attacks that these headers are designed to mitigate, such as Cross-Site Scripting XSS, Clickjacking, an...

5.4CVSS6AI score0.00155EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/02 12:0 a.m.5 views

PT-2025-48738

The BigFix SaaS's HTTP responses were missing some security headers. The absence of these headers weakens the application's client-side security posture, making it more vulnerable to common web attacks that these headers are designed to mitigate, such as Cross-Site Scripting XSS, Clickjacking, an...

5.4CVSS6.3AI score0.00155EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2019-13588

Malware in sbrugna...

4.3CVSS4.8AI score0.01141EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2014-3512

Malware in sbrugna...

4.3CVSS7AI score0.13327EPSS
Exploits0References73
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-54392

Malicious code in bioql PyPI...

7.4CVSS6.7AI score0.00611EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-25405

Malicious code in bioql PyPI...

10CVSS9.2AI score0.06453EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-0916

Malicious code in bioql PyPI...

7.2CVSS7.1AI score0.00548EPSS
Exploits0References18
CNNVD
CNNVD
added 2025/09/22 12:0 a.m.3 views

WordPress plugin PressPage Entertainment Inc Mavis HTTPS to HTTP Redirection 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blog sites on PHP and MySQL based...

7.1CVSS5.8AI score0.00118EPSS
Exploits0References1
Veracode
Veracode
added 2025/09/18 2:19 p.m.8 views

Request Smuggling

h2 is vulnerable to request smuggling. The vulnerability is due to improper validation of header names/values when downgrading HTTP/2 requests to HTTP/1.1, which allows an attacker to inject CRLF characters, manipulate request boundaries, and bypass security controls...

6.9CVSS6.6AI score0.01596EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/09/15 12:0 a.m.3 views

Amazon Linux 2023 : python3-h2 (ALAS2023-2025-1181)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1181 advisory. h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF...

6.9CVSS5.4AI score0.01596EPSS
Exploits0References4
OSV
OSV
added 2025/08/25 8:44 p.m.2 views

GHSA-847F-9342-265H h2 allows HTTP Request Smuggling due to illegal characters in headers

Summary HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without properly validating header names/values, enabling attackers to manipulate request...

6.9CVSS6.4AI score0.01596EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/22 10:18 p.m.7 views

CVE-2022-20145

In startLegacyVpnPrivileged of Vpn.java, there is a possible way to retrieve VPN credentials due to a protocol downgrade attack. This could lead to remote escalation of privilege if a malicious Wi-Fi AP is used, with no additional execution privileges needed. User interaction is not needed for...

10CVSS7.4AI score0.06453EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:39 a.m.11 views

CVE-2019-3981

MikroTik Winbox 3.20 and below is vulnerable to man in the middle attacks. A man in the middle can downgrade the client's authentication protocol and recover the user's username and MD5 hashed password...

4.3CVSS7.1AI score0.01141EPSS
Exploits1References1
NVD
NVD
added 2025/03/24 1:15 p.m.7 views

CVE-2024-8773

SIMPLE.ERP client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affect SIMPLE.ERP from 6.20 to 6.30. Only the 6.30 version received a patch [email protected], which make ...

8.3CVSS0.00415EPSS
Exploits0References3
Rows per page
Query Builder