Lucene search
K

19 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-1444

Malware in sbrugna...

6.5CVSS6.4AI score0.00514EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-0829

Malicious code in bioql PyPI...

5.3CVSS5.4AI score0.00634EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/09/22 7:22 p.m.10 views

CVE-2025-59432 Timing Attack Vulnerability in SCRAM Authentication

SCRAM Salted Challenge Response Authentication Mechanism is part of the family of Simple Authentication and Security Layer SASL, RFC 4422 authentication mechanisms. Prior to version 3.2, a timing attack vulnerability exists in the SCRAM Java implementation. The issue arises because Arrays.equals...

8.7CVSS0.00835EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 11:55 p.m.8 views

CVE-2022-23655

Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. Affected versions of OctoberCMS did not validate gateway server signatures. As a result non-authoritative gateway servers may be used to exfiltrate user private keys. Users are advised to upgrade their installations to...

5.3CVSS6.8AI score0.00634EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:18 p.m.6 views

CVE-2021-32738

js-stellar-sdk is a Javascript library for communicating with a Stellar Horizon server. The Utils.readChallengeTx function used in SEP-10 Stellar Web Authentication states in its function documentation that it reads and validates the challenge transaction including verifying that the...

6.5CVSS6.8AI score0.00514EPSS
Exploits0References1
Nextcloud
Nextcloud
added 2024/06/14 2:35 p.m.21 views

ID4me does not validate signature or expiration

None...

5.4CVSS5.6AI score0.0024EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/11/09 12:0 a.m.4 views

PT-2023-9800 · Asyncssh +3 · Asyncssh +3

Name of the Vulnerable Software and Affected Versions: AsyncSSH versions prior to 2.14.1 Description: The issue in AsyncSSH allows attackers to control the extension info message via a man-in-the-middle attack, enabling them to conduct algorithm downgrade attacks during user authentication. This...

6.8CVSS6.5AI score0.9378EPSS
Exploits4References50
EUVD
EUVD
added 2023/10/16 7:39 p.m.7 views

EUVD-2023-54518

The Form Maker by 10Web WordPress plugin before 1.15.20 does not validate signatures when creating them on the server from user input, allowing unauthenticated users to create arbitrary files and lead to RCE...

9.8CVSS9.5AI score0.03283EPSS
Exploits3References1
Prion
Prion
added 2022/02/24 12:15 a.m.19 views

Input validation

Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. Affected versions of OctoberCMS did not validate gateway server signatures. As a result non-authoritative gateway servers may be used to exfiltrate user private keys. Users are advised to upgrade their installations to...

2.6CVSS5.3AI score0.00634EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/02/23 11:30 p.m.42 views

CVE-2022-23655 Missing server signature validation in OctoberCMS

Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. Affected versions of OctoberCMS did not validate gateway server signatures. As a result non-authoritative gateway servers may be used to exfiltrate user private keys. Users are advised to upgrade their installations to...

4.8CVSS5.6AI score0.00634EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/02/23 11:30 p.m.9 views

CVE-2022-23655 Missing server signature validation in OctoberCMS

Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. Affected versions of OctoberCMS did not validate gateway server signatures. As a result non-authoritative gateway servers may be used to exfiltrate user private keys. Users are advised to upgrade their installations to...

4.8CVSS5.3AI score0.00634EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2021/07/02 7:20 p.m.83 views

Utils.readChallengeTx does not verify the server account signature

The Utils.readChallengeTx function used in SEP-10 Stellar Web Authentication states in its function documentation that it reads and validates the challenge transaction including verifying that the serverAccountID has signed the transaction. The function does not verify that the server has signed...

6.5CVSS2.2AI score0.00514EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2021/07/02 6:15 p.m.16 views

CVE-2021-32738 Utils.readChallengeTx does not verify the server account signature

js-stellar-sdk is a Javascript library for communicating with a Stellar Horizon server. The Utils.readChallengeTx function used in SEP-10 Stellar Web Authentication states in its function documentation that it reads and validates the challenge transaction including verifying that the...

6.5CVSS6.7AI score0.00514EPSS
Exploits0References2
CVE
CVE
added 2021/07/02 6:15 p.m.108 views

CVE-2021-32738

CVE-2021-32738 affects the js-stellar-sdk library used to interact with Stellar Horizon. The vulnerability lies in Utils.readChallengeTx, which, before version 8.2.3, did not verify that the server signature was present on the challenge transaction; however, signature verification via Utils.verif...

6.5CVSS6.4AI score0.00514EPSS
Exploits0References2Affected Software1
Metasploit
Metasploit
added 2020/03/06 9:21 p.m.1031 views

SQL Server Reporting Services (SSRS) ViewState Deserialization

A vulnerability exists within Microsoft's SQL Server Reporting Services which can allow an attacker to craft an HTTP POST request with a serialized object to achieve remote code execution. The vulnerability is due to the fact that the serialized blob is not signed by the server. This module...

8.8CVSS8.9AI score0.99046EPSS
Exploits14
OSV
OSV
added 2016/01/21 12:35 p.m.5 views

SUSE-SU-2016:0189-1 Security update for mozilla-nss

This update contains mozilla-nss 3.19.2.2 and fixes the following security issue: - CVE-2015-7575: MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature bsc959888...

5.9CVSS6.7AI score0.0288EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2013/02/28 12:0 a.m.12 views

Nmap NSE 6.01: smb-os-discovery

Attempts to determine the operating system, computer name, domain, workgroup, and current time over the SMB protocol ports 445 or 139. This is done by starting a session with the anonymous account or with a proper user account, if one is given; it likely doesn't make a difference; in response to ...

7.3AI score
Exploits0
Metasploit
Metasploit
added 2012/03/02 7:58 p.m.23 views

Apple Filing Protocol Info Enumerator

This module fetches AFP server information, including server name, network address, supported AFP versions, signature, machine type, and server flags. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2002/10/02 12:0 a.m.49 views

Apache 2 Cross-Site Scripting

This is being submitted without an update to Apache, but I am expecting an Apache Update Announcement shortly. The CVE has already assigned a candidate to this it is currently reserved, and CERT has assigned VU240329, but has not created a write-up yet. The reason for the ugly mail2web .sig is...

6.8CVSS0.2AI score0.94006EPSS
Exploits0
Rows per page
Query Builder