Lucene search
K

37 matches found

Vulnrichment
Vulnrichment
added 2025/08/12 3:48 p.m.6 views

CVE-2025-54864 Hydra missing authentication when triggering evaluations through GitHub and Gitea plugins

Hydra is a continuous integration service for Nix based projects. Prior to commit f7bda02, /api/push-github and /api/push-gitea are called by the corresponding forge without HTTP Basic authentication. Both forges do however feature HMAC signing with a secret key. Triggering an evaluation can be...

6.9CVSS7AI score0.00382EPSS
Exploits0References2
CVE
CVE
added 2025/08/12 3:48 p.m.43 views

CVE-2025-54864

CVE-2025-54864 affects Hydra (Nix-based CI) where the endpoints /api/push-github and /api/push-gitea were called without HTTP Basic authentication, despite the forges implementing HMAC with a secret key. The root cause is missing authentication on those calls, enabling heavy evaluations that can ...

7.5CVSS7AI score0.00382EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/06/06 2:4 p.m.4 views

OESA-2025-1610 cpp-httplib security update

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include httplib.h file in your code! Security Fixes: cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Prior to version 0.20.1, the library fails to enforce configured size...

7.5CVSS6.9AI score0.00603EPSS
Exploits1References2
OSV
OSV
added 2025/05/06 1:15 a.m.2 views

DEBIAN-CVE-2025-46728

cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Prior to version 0.20.1, the library fails to enforce configured size limits on incoming request bodies when Transfer-Encoding: chunked is used or when no Content-Length header is provided. A remote attacker can send a chunked...

7.5CVSS7.3AI score0.00603EPSS
Exploits1References1
OSV
OSV
added 2025/05/06 12:45 a.m.11 views

CVE-2025-46728 cpp-httplib has Unbounded Memory Allocation in Chunked/No-Length Requests

cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Prior to version 0.20.1, the library fails to enforce configured size limits on incoming request bodies when Transfer-Encoding: chunked is used or when no Content-Length header is provided. A remote attacker can send a chunked...

7.5CVSS7.4AI score0.00603EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/02/05 1:33 p.m.9 views

CVE-2020-26286

HedgeDoc is a collaborative platform for writing and sharing markdown. In HedgeDoc before version 1.7.1 an unauthenticated attacker can upload arbitrary files to the upload storage backend including HTML, JS and PHP files. The problem is patched in HedgeDoc 1.7.1. You should however verify that...

7.5CVSS7.1AI score0.01419EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 3:43 a.m.4 views

SUSE CVE-2021-29471

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.33.2 "Push rules" can specify conditions under which they will match, including eventmatch, which matches event...

5.3CVSS6.2AI score0.01647EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:37 a.m.5 views

SUSE CVE-2021-41281

Synapse is a package for Matrix homeservers written in Python 3/Twisted. Prior to version 1.47.1, Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory. No authentication is required for the affected endpoint. T...

7.5CVSS7.8AI score0.01514EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/12/29 6:36 p.m.7 views

CVE-2022-46181 Gotify server XSS vulnerability in the application image file upload

Gotify server is a simple server for sending and receiving messages in real-time per WebSocket. Versions prior to 2.2.2 contain an XSS vulnerability that allows authenticated users to upload .html files. An attacker could execute client side scripts if another user opened a link. The attacker cou...

6.1CVSS6.1AI score0.00502EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/09/06 12:0 a.m.6 views

PT-2022-23130 · Unknown · Reactphp Http

Name of the Vulnerable Software and Affected Versions: ReactPHP HTTP versions 0.7.0 through 1.7.0 Description: The issue arises when ReactPHP's HTTP server component processes incoming HTTP cookie values, url-decoding the cookie names. This can lead to confusion between cookies with prefixes like...

5.3CVSS5AI score0.00804EPSS
Exploits0References13
Vulnrichment
Vulnrichment
added 2022/06/03 2:40 p.m.8 views

CVE-2022-31028 Possible DDOS by establishing keep-alive connections with anonymous HTTP clients in MinIO

MinIO is a multi-cloud object storage solution. Starting with version RELEASE.2019-09-25T18-25-51Z and ending with version RELEASE.2022-06-02T02-11-04Z, MinIO is vulnerable to an unending go-routine buildup while keeping connections established due to HTTP clients not closing the connections...

7.5CVSS7.7AI score0.02843EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2021/11/17 12:0 a.m.5 views

PT-2021-23236 · Metabase · Metabase

Name of the Vulnerable Software and Affected Versions: Metabase versions prior to 0.40.5 Metabase versions prior to 1.40.5 Description: A security issue has been discovered in Metabase, an open source data analytics platform, related to the custom GeoJSON map support and potential local file...

10CVSS9.3AI score0.97178EPSS
Exploits5References33
OSV
OSV
added 2021/08/31 5:15 p.m.1 views

DEBIAN-CVE-2021-39164

Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the membership list of members, with their display names of a room if they know the ID of the room. The vulnerability is limited to rooms with shared history...

3.1CVSS6.8AI score0.01457EPSS
Exploits0References1
PyPA
PyPA
added 2021/08/31 5:15 p.m.12 views

PYSEC-2021-425

Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the membership list of members, with their display names of a room if they know the ID of the room. The vulnerability is limited to rooms with shared history...

3.5CVSS6.8AI score0.01457EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2021/05/11 3:15 p.m.8 views

PYSEC-2021-135

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.33.2 "Push rules" can specify conditions under which they will match, including eventmatch, which matches event...

5.3CVSS6.8AI score0.01647EPSS
Exploits0References3Affected Software1
PyPA
PyPA
added 2021/04/15 9:15 p.m.5 views

PYSEC-2021-21

Sydent is a reference Matrix identity server. Sydent does not limit the size of requests it receives from HTTP clients. A malicious user could send an HTTP request with a very large body, leading to memory exhaustion and denial of service. Sydent also does not limit response size for requests it...

7.5CVSS6.8AI score0.01833EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2021/04/15 12:0 a.m.10 views

PT-2021-18206 · Sydent · Sydent

Name of the Vulnerable Software and Affected Versions: Sydent versions prior to 89071a1, 0523511, f56eee3 Description: Sydent is a reference Matrix identity server that does not limit the size of requests it receives from HTTP clients, allowing a malicious user to send an HTTP request with a very...

8.7CVSS7.3AI score0.01833EPSS
Exploits0References13
Rows per page
Query Builder