Lucene search
K

159 matches found

Vulnrichment
Vulnrichment
added 2025/12/06 5:49 a.m.3 views

CVE-2025-12721 g-FFL Cockpit <= 1.7.1 - Missing Authorization to Unauthenticated Information Exposure

The g-FFL Cockpit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.1 via the /serverstatus REST API endpoint due to a lack of capability checks. This makes it possible for unauthenticated attackers to extract information about the serv...

5.3CVSS5.3AI score0.00248EPSS
Exploits0References4
CVE
CVE
added 2025/12/06 5:49 a.m.16 views

CVE-2025-12721

The CVE-2025-12721 entry concerns the WordPress plugin g-FFL Cockpit (versions up to 1.7.1). Public docs indicate a Missing Authorization to Unauthenticated Information Exposure via the /server_status REST endpoint, allowing unauthenticated attackers to extract server information. Connected sourc...

5.3CVSS5.3AI score0.00248EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/12/06 12:0 a.m.5 views

PT-2025-49337

The g-FFL Cockpit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.1 via the /server status REST API endpoint due to a lack of capability checks. This makes it possible for unauthenticated attackers to extract information about the...

5.3CVSS5.6AI score0.00248EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2020-19494

Malware in sbrugna...

9.3CVSS9AI score0.01222EPSS
Exploits0References13
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2020-24004

Malware in sbrugna...

5.4CVSS5.6AI score0.00558EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2007-5779

Malware in sbrugna...

4.3CVSS6.4AI score0.01065EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-36794

Malicious code in bioql PyPI...

9.3CVSS8.2AI score0.00449EPSS
Exploits0References1
OSV
OSV
added 2025/09/23 8:46 a.m.4 views

BIT-MONGODB-2024-3372 MongoDB Server may have unexpected application behaviour due to invalid BSON

Improper validation of certain metadata input may result in the server not correctly serialising BSON. This can be performed pre-authentication and may cause unexpected application behavior including unavailability of serverStatus responses. This issue affects MongoDB Server v7.0 versions prior t...

7.5CVSS7.7AI score0.0055EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2017-18635

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages...

6.1CVSS6AI score0.0481EPSS
Exploits1References2
Citrix
Citrix
added 2025/05/31 12:0 a.m.15 views

NetScaler 14.1 - STA server marked down

STA server status is Down on Gateway vserver though it is reachable from the NetScaler...

7.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 6:24 p.m.10 views

CVE-2021-24662

The Game Server Status WordPress plugin through 1.0 does not validate or escape the serverid parameter before using it in SQL statement, leading to an Authenticated SQL Injection in an admin page...

7.2CVSS7.9AI score0.013EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:35 p.m.5 views

CVE-2020-36527

A vulnerability, which was classified as problematic, has been found in Server Status. This issue affects some unknown processing of the component HTTP Status/SMTP Status. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the...

5.4CVSS6.2AI score0.00558EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 12:44 a.m.8 views

CVE-2011-3819

WoW Server Status 4.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by status.php and certain other files...

5CVSS6.5AI score0.01229EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/04 12:0 a.m.4 views

Checkmate 安全漏洞

Checkmate is an open source, self-hosted tool from BlueWave Open Source designed to track and monitor server hardware, uptime, response time and events in real-time with beautiful visualizations. A security vulnerability exists in Checkmate 2.0.2 and earlier versions, which stems from the fact th...

8.1CVSS6.6AI score0.0042EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/12/26 9:59 p.m.8 views

CVE-2024-56361 Stored Cross-Site Scripting (XSS) in lgsl v7.0

LGSL Live Game Server List provides online status for games. Before 7.0.0, a stored cross-site scripting XSS vulnerability was identified in lgsl. The function lgslquery40 in lgslprotocol.php has implemented an HTTP crawler. This function makes a request to the registered game server, and upon...

5.3CVSS5.2AI score0.00435EPSS
Exploits0References2
Citrix
Citrix
added 2024/07/13 12:0 a.m.7 views

Using Veeam Backup Software on Provisioning Services Server

While running Veeam software to backup Provisioning Services PVS servers, one of the PVS servers display status as Down in PVS server console regardless of whether the stream service is running. The following screen shot shows the server status in PVS console. The following screen shot shows the...

7.1AI score
Exploits0
OSV
OSV
added 2024/07/01 7:20 p.m.17 views

GHSA-J59V-VGCR-HXVF GeoServer's Server Status shows sensitive environmental variables and Java properties

GeoServer's Server Status page and REST API at /geoserver/rest/about/status lists all environment variables and Java properties to any GeoServer user with administrative rights as part of those modules' status message. These variables/properties can also contain sensitive information, such as...

4.5CVSS5.1AI score0.00397EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/07/01 7:20 p.m.35 views

GeoServer's Server Status shows sensitive environmental variables and Java properties

GeoServer's Server Status page and REST API at /geoserver/rest/about/status lists all environment variables and Java properties to any GeoServer user with administrative rights as part of those modules' status message. These variables/properties can also contain sensitive information, such as...

4.9CVSS6.9AI score0.00397EPSS
Exploits0References3Affected Software2
NVD
NVD
added 2024/07/01 3:15 p.m.38 views

CVE-2024-34696

GeoServer is an open source server that allows users to share and edit geospatial data. Starting in version 2.10.0 and prior to versions 2.24.4 and 2.25.1, GeoServer's Server Status page and REST API lists all environment variables and Java properties to any GeoServer user with administrative...

4.9CVSS0.00397EPSS
Exploits0References1
OSV
OSV
added 2024/07/01 2:36 p.m.25 views

CVE-2024-34696 GeoServer's Server Status shows sensitive environmental variables and Java properties

GeoServer is an open source server that allows users to share and edit geospatial data. Starting in version 2.10.0 and prior to versions 2.24.4 and 2.25.1, GeoServer's Server Status page and REST API lists all environment variables and Java properties to any GeoServer user with administrative...

4.5CVSS6.6AI score0.00397EPSS
Exploits0References3
Rows per page
Query Builder