184 matches found
CVE-2025-23202
The CVE-2025-23202 entry concerns the Bible Module for ROBLOX. The vulnerable components are the FetchVerse and FetchPassage functions, which lack input validation, enabling injection attacks that could manipulate API request URLs and potentially lead to unauthorized access or data tampering. The...
CVE-2024-39273
CVE-2024-39273 affects the Wavlink AC3000 router (M33A8.V5030.210505). Talos reports a firmware-update vulnerability in the fw_check.sh script used to fetch updates from two HTTP URLs. The vulnerability arises from lack of authentication and the ability to fetch and validate firmware metadata ove...
CVE-2024-30129 HCL Nomad server on Domino is affected by a host header injection vulnerability
The HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would cause the request to be sent to a completely different domain/IP address...
[SECURITY] [DLA 3970-1] twisted security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3970-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler November 28, 2024 https://wiki.debian.org/LTS -...
CVE-2024-47830 Plane allows server side request forgery via /_next/image endpoint
Plane is an open-source project management tool. Plane uses the wildcard support to retrieve the image from any hostname as in /web/next.config.js. This may permit an attacker to induce the server side into performing requests to unintended locations. This vulnerability is fixed in 0.23.0...
The vulnerability of the software platforms for developing and managing Magento Open Source and Adobe Commerce online stores relates to the possibility of manipulating cross-site requests. This allows attackers to bypass security restrictions and carry out CSRF attacks.
The vulnerability of the Magento Open Source and Adobe Commerce software platforms for developing and managing online stores is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and perform CSRF attacks...
CVE-2024-5731
A vulnerability in the IPS Manager, Central Manager, and Local Manager communication workflow allows an attacker to control the destination of a request by manipulating the parameter, thereby leveraging sensitive information...
The vulnerability of the WOPI protocol implementation in the MyOffice SDK software development kit allows a hacker to manipulate requests from the server.
The vulnerability of the WOPI protocol implementation in the MyOffice SDK software relates to insufficient validation of incoming requests. Exploiting this vulnerability allows a malicious actor to manipulate requests from the server remotely...
CVE-2024-5072
Improper input validation in PAM JIT elevation feature in Devolutions Server 2024.1.11.0 and earlier allows an authenticated user with access to the PAM JIT elevation feature to manipulate the LDAP filter query via a specially crafted request...
URL Manipulation
oceanic.js is vulnerable to a URL Manipulation. The vulnerability is due to improper input handling in certain functions such as Client.rest.channels.removeBan, which allows an attacker to manipulate the request specially crafted input to be normalized into unintended URLs, potentially resulting ...
Medium: cni-plugins
Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...
CVE-2024-34223
Insecure permission vulnerability in /hrm/leaverequest.php in SourceCodester Human Resource Management System 1.0 allow attackers to approve or reject leave ticket...
CVE-2024-32493
An issue was discovered in Znuny LTS 6.5.1 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in agent is able to inject SQL in the draft form ID parameter of an AJAX request...
The vulnerability of the IBM Engineering Requirements Management DOORS application, related to the manipulation of inter-site requests, allows a perpetrator to execute arbitrary commands.
The vulnerability of the IBM Engineering Requirements Management DOORS application relates to the manipulation of inter-site requests. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...
PT-2024-3864 · Sap · Sap Fiori App
Name of the Vulnerable Software and Affected Versions: SAP Fiori app My Overtime Request version 605 Description: The issue is related to the absence of necessary authorization checks for authenticated users, which may lead to an escalation of privileges. It is possible to manipulate the URLs of...
CVE-2023-48256
The CVE-2023-48256 entry concerns Bosch Nexo Cordless Nutrunner and related components. The root cause is insufficient handling of CRLF sequences in HTTP headers, which allows a remote attacker to inject arbitrary HTTP response headers or manipulate the HTTP response body within a victim’s sessio...
Exploit for Server-Side Request Forgery in Rbaskets Request_Baskets
CVE-2023-27163 !WARNING This is an educational projec...
CVE-2023-49094
Symbolicator (the symbolication service) is affected by a Server-Side Request Forgery (SSRF) where a specially crafted HTTP endpoint can trigger the service to send arbitrary GET requests to internal IPs. The attacker could have the response reflected back if they have an account on the Sentry in...
CVE-2023-45868
CVE-2023-45868 concerns the Learning Module in ILIAS 7.25 (2023-09-12 release). The vulnerability allows a high-impact Directory Traversal leading to confidentiality and availability loss. An attacker with basic user privileges can exploit the issue by manipulating a POST request during exercise ...
CVE-2023-22618
If Security Hardening guide rules are not followed, then Nokia WaveLite products allow a local user to create new users with administrative privileges by manipulating a web request. This affects for example WaveLite Metro 200 and Fan, WaveLite Metro 200 OPS and Fans, WaveLite Metro 200 and F2B...