CVE-2023-6868

In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties. This bug only affects Firefox on Android. This vulnerability affects Firefox 121...

PT-2023-31111 · Unknown · Dofollow Case By Case

Name of the Vulnerable Software and Affected Versions: DoFollow Case by Case versions 3.4.2 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the specified software. This type of issue allows an attacker to trick a user into performing unintended actions on a web applicatio...

The vulnerability in the set of tools for developing software to create Sentry-Javascript web applications arises from insufficient validation of incoming requests. This allows a hacker to perform an SSRF attack.

The vulnerability of the Sentry-Javascript software development tool for creating web applications is related to insufficient checking of incoming requests. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack remotely...

Server Side Request Forgery

nuxt-api-party is vulnerable to Cross-Site Request Forgery. The vulnerability exists due to a faulty regurlar expression which does not take white spaces into account validation within server.ts, allowing an attacker to execute requests bypasssing the whitelist, leading to unauthorized access...

The vulnerability of the google-translate-api-browser package in the NPM package manager, due to insufficient validation of incoming requests, allows a attacker to perform an SSRF attack.

The vulnerability of the google-translate-api-browser package in the NPM package manager is related to insufficient validation of incoming requests. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack remotely...

IceCMS Security Vulnerability

IceCMS is a content management system based on Spring Boot + Vue front-end and back-end separation by NgShow individual developers. A security vulnerability exists in IceCMS version 2.0.1, which stems from not fully validating the number of user requests...

PT-2023-30791 · Unknown · Mike Strand Bulk Comment Remove

Name of the Vulnerable Software and Affected Versions: Mike Strand Bulk Comment Remove versions prior to 2 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows an attacker to perform unauthorized actions on a user's account. This is achieved by tricking the user...

aiohttp's ClientSession is vulnerable to CRLF injection via method

Summary Improper validation makes it possible for an attacker to modify the HTTP request e.g. insert a new header or even create a new HTTP request if the attacker controls the HTTP method. Details The vulnerability occurs only if the attacker can control the HTTP method GET, POST etc. of the...

The vulnerability of the CreateAttachmentFromUri method in the Microsoft Exchange Server mail server allows a hacker to disclose protected information.

The vulnerability of the CreateAttachmentFromUri method in Microsoft Exchange Server’s mail server is related to insufficient validation of incoming requests. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information...

PT-2023-9658 · Cisco · Cisco Ios Xe +1

Name of the Vulnerable Software and Affected Versions: Cisco Unified Threat Defense UTD Snort Intrusion Prevention System IPS Engine for Cisco IOS XE Software affected versions not specified Description: A vulnerability in the Cisco UTD Snort IPS Engine could allow an unauthenticated, remote...

Mattermost denial of service vulnerability

Mattermost fails to properly validate requests to the Calls plugin, allowing an attacker sending a request without a User Agent header to cause a panic and crash the Calls plugin...

CVE-2023-5967

Mattermost fails to properly validate requests to the Calls plugin, allowing an attacker sending a request without a User Agent header to cause a panic and crash the Calls plugin...

CVE-2023-26453

CVE-2023-26453 affects the Open-Xchange App Suite imageconverter service. The vulnerability allows SQL injection by crafting requests to cache an image, with arbitrary SQL statements executed in the context of the service database user. Exploitation requires access to adjacent networks of the ima...

The vulnerability of the /v1/avatars/favicon component of the backend platform for developing mobile and web applications allows a attacker to perform an SSRF attack.

The vulnerability of the /v1/avatars/favicon component in the backend platform for developing mobile and web applications relates to insufficient validation of incoming requests. Exploiting this vulnerability allows a malicious actor to execute an SSRF attack using a specially crafted GET request...

The vulnerability of the Mastodon web application for deploying distributed social networks, related to insufficient validation of requests on the server side, allows a perpetrator to gain unauthorized access to local services.

The vulnerability of the Mastodon web application for deploying distributed social networks is related to insufficient validation of requests on the server side. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to local services through a specially created HTT...

The vulnerability of the WireMock software for creating virtual HTTP services lies in its insufficient checking of incoming requests. This allows attackers to redirect POST requests to arbitrary servers.

The vulnerability of the WireMock software for creating virtual HTTP services is related to insufficient checking of incoming requests. Exploiting this vulnerability allows a malicious actor to redirect POST requests to arbitrary servers...

The vulnerability of the Bluetooth module of the EMUI operating system of HarmonyOS allows a hacker to disclose protected information.

The vulnerability of the Bluetooth module of the EMUI operating system of HarmonyOS is related to the lack of checks for the validity of incoming requests. Exploiting this vulnerability can allow a remote attacker to disclose sensitive information that is protected by this system...

PT-2023-5868 · Sap · Sap Netweaver As Java

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS Java GRMG Heartbeat application version 7.50 Description: The issue is related to insufficient validation of incoming requests in the Generic Request and Message Generator GRMG/Heartbeat service of the SAP NetWeaver AS for Ja...

CVE-2023-20259

A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to cause high CPU utilization, which could impact access to the web-based management interface and cause delays with call processing. This API is not used for devic...

CVE-2023-32791

Cross-Site Request Forgery CSRF vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to manipulate and delete user accounts within the platform by sending a specifically crafted query to the server. The vulnerability is based on the lack of proper validation of t...