Reprise License Manager 14.2 - Cross-Site Scripting

Reprise License Manager 14.2 contains a cross-site scripting vulnerability in the /goform/activateprocess "count" parameter via GET. id: CVE-2021-45422 info: name: Reprise License Manager 14.2 - Cross-Site Scripting author: edoardottt severity: medium description: | Reprise License Manager 14.2...

CVE-2026-46481

OpenMetadata is a unified metadata platform. Prior to version 1.12.4, a non-admin SSO user can trigger a TESTCONNECTION workflow for a Database Service and receive, in the HTTP 201 response of POST /api/v1/automations/workflows, both the cleartext database password in...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the POST /api/notifications/test-webhook endpoint, which is accessible without authentication in the default deployment. An attacker can cause the application to send HTTP POST requests to arbitrary...

CVE-2026-45298

Dozzle CVE-2026-45298 describes a pre-auth SSRF in default deployments. Before version 10.5.2, POST /api/notifications/test-webhook accepts an attacker-controlled URL and headers, forwards them to a WebhookDispatcher, and returns the downstream response status code plus up to 1 MB of the response...

Race Condition

Overview Affected versions of this package are vulnerable to Race Condition due to concurrent requests using the ApiClient class. An attacker can manipulate response status codes or headers between concurrent requests by exploiting shared state in multithreaded environments. Note: This is only...

EUVD-2021-11765

Malware in sbrugna...

EUVD-2025-27980

Malicious code in bioql PyPI...

SUSE CVE-2022-49929

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix mr leak in RESPSTERRRNR rxerecheckmr will increase mr's refcnt, so we should call rxeputmr to drop mr's refcnt in RESPSTERRRNR to avoid below warning: WARNING: CPU: 0 PID: 4156 at...

PT-2024-20331 · Unknown · Lotos Webserver

Name of the Vulnerable Software and Affected Versions: Lotos WebServer version 0.1.1 Description: A Use-After-Free UAF issue was discovered in the response append status line function at /lotos/src/response.c. This issue can be exploited, but details about the estimated number of potentially...

TP-Link TL-WR940N V4 - Buffer OverFlow Exploit

Exploit Title: TP-Link TL-WR940N V4 - Buffer OverFlow country: Iran Exploit Author: Amirhossein Bahramizadeh Category : hardware Dork : /userRpm/WanDynamicIpV6CfgRpm Tested on: Windows/Linux CVE : CVE-2023-36355 import requests Replace the IP address with the router's IP routerip = '192.168.0.1'...

Transfer error can fail unnoticed

Lines of code Vulnerability details Impact Quoting Solidity docs: The low-level functions call, delegatecall and staticcall return true as their first return value if the account called is non-existent, as part of the design of the EVM. Account existence must be checked prior to calling if needed...

CVE-2021-24853 QR Redirector < 1.6 - Subscriber+ Arbitrary QR Redirect Response Status Update

The QR Redirector WordPress plugin before 1.6 does not have capability and CSRF checks when saving bulk QR Redirector settings via the qrsavebulk AJAX action, which could allow any authenticated user, such as subscriber to change the redirect response status code of arbitrary QR Redirects...

QR Redirector < 1.6 - Subscriber+ Arbitrary QR Redirect Response Status Update

The plugin does not have capability and CSRF checks when saving bulk QR Redirector settings via the qrsavebulk AJAX action, which could allow any authenticated user, such as subscriber to change the redirect response status code of arbitrary QR Redirects PoC jQuery.postajaxurl, qrredirectresponse...

U.S. General Services Administration: e-mail verification bypass through interception & modification of response status

Hi, During registration of account at https://tams.preprod.gsa.gov, e-mail verification code validation can be bypassed through intercepting & modifying the response status-from "success":false to "success":true Video F1284281 is for reference. Steps To Reproduce 1. Open User Registration Url -...

Server side request forgery (ssrf)

A server-side request forgery vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in ZipExtractionInstaller.java that allows users with Overall/Read permission to have Jenkins submit a HTTP GET request to an arbitrary URL and learn whether the response is successful 200 or not...

Uber: Email Enumeration Vulnerability

Hello, I identified from one of your disclosed reports : the report 143291 that you added "security measures to help mitigate email enumeration" . However , I found a way to identify valid emails registered on Uber.com . I used the SIGN UP form to find if an email is valid or not. Proof of concep...

sip-call-spoof NSE Script

Spoofs a call to a SIP phone and detects the action taken by the target busy, declined, hung up, etc. This works by sending a fake sip invite request to the target phone and checking the responses. A response with status code 180 means that the phone is ringing. The script waits for the next...

http-userdir-enum NSE Script

Attempts to enumerate valid usernames on web servers running with the moduserdir module or similar enabled. The Apache moduserdir module allows user-specific directories to be accessed using the syntax. This script makes http requests in order to discover valid user-specific directories and infer...