Lucene search
K

12 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2020-26586

Malware in sbrugna...

8.8CVSS8.6AI score0.00986EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/07/07 10:13 p.m.16 views

Better Auth Open Redirect Vulnerability in originCheck Middleware Affects Multiple Routes

Summary An open redirect has been found in the originCheck middleware function, which affects the following routes: /verify-email, /reset-password/:token, /delete-user/callback, /magic-link/verify, /oauth-proxy-callback. Details In the matchesPattern function, url.startsWith can be deceived with ...

5.3CVSS6.4AI score0.00334EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/05/07 5:7 p.m.7 views

DRUPAL-CONTRIB-2025-055

The module enables you to add second-factor authentication in addition to the default Drupal login. The module doesn't sufficiently protect certain sensitive routes, allowing an attacker to view or modify various TFA-related settings...

6.5CVSS6.9AI score0.00207EPSS
Exploits0References1
Drupal
Drupal
added 2025/05/07 12:0 a.m.8 views

Enterprise MFA - TFA for Drupal - Critical - Access bypass - SA-CONTRIB-2025-055

The module enables you to add second-factor authentication in addition to the default Drupal login. The module doesn't sufficiently protect certain sensitive routes, allowing an attacker to view or modify various TFA-related settings...

6.5CVSS5.5AI score0.00207EPSS
Exploits0References3
Drupal
Drupal
added 2025/04/09 12:0 a.m.24 views

Panels - Critical - Access bypass - SA-CONTRIB-2025-033

Panels enables administrators to add page variants within page manager, panelizer, etc to create custom pages. The module doesn't sufficiently protect sensitive routes, allowing an attacker to view and modify blocks within variants without requiring appropriate permission. This vulnerability is...

6.5CVSS6.7AI score0.00348EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2025/03/27 7:41 a.m.205 views

Exploit for CVE-2025-29927

CVE-2025-29927 Checker 📌 Introduction This script checks for t...

9.1CVSS9.5AI score0.99621EPSS
Exploits58
Positive Technologies
Positive Technologies
added 2024/12/30 12:0 a.m.4 views

PT-2024-37073 · Simofa · Simofa

Name of the Vulnerable Software and Affected Versions: Simofa versions prior to 0.2.7 Description: Simofa is a tool to help automate static website building and deployment. Due to a design mistake in the RouteLoader class, some API routes may be publicly accessible when they should require...

10CVSS7AI score0.00521EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2022/04/05 12:0 a.m.2 views

PT-2022-9950 · Beego · Beego

Name of the Vulnerable Software and Affected Versions: beego versions prior to 1.12.11 beego versions through 2.0.1 Description: An issue was discovered in the route lookup process in beego that allows attackers to bypass access control. Recommendations: For versions prior to 1.12.11, update to...

9.8CVSS7.1AI score0.0121EPSS
Exploits0References11
OSV
OSV
added 2020/08/21 10:15 p.m.16 views

CVE-2020-5417

Cloud Foundry CAPI Cloud Controller, versions prior to 1.97.0, when used in a deployment where an app domain is also the system domain which is true in the default CF Deployment manifest, were vulnerable to developers maliciously or accidentally claiming certain sensitive routes, potentially...

8.8CVSS6.7AI score0.00986EPSS
Exploits0References1
Prion
Prion
added 2020/08/21 10:15 p.m.13 views

Design/Logic Flaw

Cloud Foundry CAPI Cloud Controller, versions prior to 1.97.0, when used in a deployment where an app domain is also the system domain which is true in the default CF Deployment manifest, were vulnerable to developers maliciously or accidentally claiming certain sensitive routes, potentially...

6.5CVSS8.5AI score0.00986EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2020/08/21 9:50 p.m.17 views

CVE-2020-5417 Cloud Controller may allow developers to claim sensitive routes

Cloud Foundry CAPI Cloud Controller, versions prior to 1.97.0, when used in a deployment where an app domain is also the system domain which is true in the default CF Deployment manifest, were vulnerable to developers maliciously or accidentally claiming certain sensitive routes, potentially...

8.5CVSS8.7AI score0.00986EPSS
Exploits0References1
Cloud Foundry
Cloud Foundry
added 2020/08/13 12:0 a.m.28 views

CVE-2020-5417: Cloud Controller may allow developers to claim sensitive routes | Cloud Foundry

Severity High Vendor Cloud Foundry Foundation Description Cloud Foundry CAPI Cloud Controller, versions prior to 1.97.0, when used in a deployment where an app domain is also the system domain which is true in the default CF Deployment manifest, is vulnerable to developers maliciously or...

8.8CVSS8.7AI score0.00986EPSS
Exploits0Affected Software2
Rows per page
Query Builder