Lucene search
K

47 matches found

ICS
ICS
added 2026/05/07 12:0 a.m.10 views

CISA manage.get.gov incorrect portfolio administrator privileges

RISK EVALUATION manage.get.gov is the .gov TLD registrar maintained by CISA. manage.get.gov allows an organization administrator to assign domain manager privileges for domains not already in another organization. 2. RECOMMENDED PRACTICES Fixed in 1.176.0 on or around 2026-04-30. 3. DESCRIPTION...

5.9CVSS5.8AI score0.00398EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/27 12:41 a.m.6 views

CVE-2026-22866

Ethereum Name Service ENS is a distributed, open, and extensible naming system based on the Ethereum blockchain. In versions 1.6.2 and prior, the RSASHA256Algorithm and RSASHA1Algorithm contracts fail to validate PKCS1 v1.5 padding structure when verifying RSA signatures. The contracts only check...

7.5CVSS5.5AI score0.00177EPSS
Exploits0References1
Veracode
Veracode
added 2025/10/28 8:12 a.m.8 views

Improper Domain Name Validation

com.liferay.portal, com.liferay.portal.impl is vulnerable to an improper domain name validation. The vulnerability is due to incorrect identification of the subdomain in domain names, which can lead to the creation of a supercookie, allowing an attacker controlling a website with the same top-lev...

7.5CVSS6.5AI score0.00375EPSS
Exploits0References3Affected Software2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-29207

Malicious code in bioql PyPI...

6.9CVSS6.4AI score0.00375EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/17 4:52 p.m.15 views

CVE-2025-43793

Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions may incorrectly identify the subdomain of a domain name and create a supercookie, whic...

6.9CVSS6.9AI score0.00375EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/09/15 6:31 p.m.11 views

Liferay Portal has Improper Validation of Specified Quantity in Input

Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions may incorrectly identify the subdomain of a domain name and create a supercookie, whic...

7.5CVSS6.9AI score0.00375EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2025/09/15 6:31 p.m.3 views

GHSA-XVGG-9H29-4G34 Liferay Portal has Improper Validation of Specified Quantity in Input

Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions may incorrectly identify the subdomain of a domain name and create a supercookie, whic...

6.9CVSS6.9AI score0.00375EPSS
Exploits0References3
NVD
NVD
added 2025/09/15 4:15 p.m.5 views

CVE-2025-43793

Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions may incorrectly identify the subdomain of a domain name and create a supercookie, whic...

7.5CVSS0.00375EPSS
Exploits0References1
OSV
OSV
added 2025/09/15 4:15 p.m.5 views

CVE-2025-43793

Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions may incorrectly identify the subdomain of a domain name and create a supercookie, whic...

7.5CVSS6.8AI score0.00375EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/15 3:34 p.m.2 views

CVE-2025-43793

Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions may incorrectly identify the subdomain of a domain name and create a supercookie, whic...

6.9CVSS6.5AI score0.00375EPSS
Exploits0References1
CVE
CVE
added 2025/09/15 3:34 p.m.18 views

CVE-2025-43793

CVE-2025-43793 affects Liferay Portal (7.4.0–7.4.3.105) and Liferay DXP (2023.Q4.0, 2023.Q3.1–2023.Q3.4, 7.4 GA–update 92, 7.3 GA–update 35). The issue is improper subdomain/domain subcomponent identification that can create a supercookie, enabling remote attackers controlling a website sharing t...

7.5CVSS6.5AI score0.00375EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2025/09/15 3:34 p.m.6 views

CVE-2025-43793

Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions may incorrectly identify the subdomain of a domain name and create a supercookie, whic...

6.9CVSS0.00375EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/15 12:0 a.m.6 views

PT-2025-37709

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.3 GA through update 35 Liferay Portal versions 7.4 GA through update 92 Liferay Portal versions 7.4.0 through 7.4.3.105 Liferay DXP versions 2023.Q3.1 through 2023.Q3.4 Liferay DXP version 2023.Q4.0 Description Lifera...

7.5CVSS6.5AI score0.00375EPSS
Exploits0References8
OSV
OSV
added 2025/04/15 7:16 p.m.4 views

DEBIAN-CVE-2025-24358

gorilla/csrf provides Cross Site Request Forgery CSRF prevention middleware for Go web applications & services. Prior to 1.7.2, gorilla/csrf does not validate the Origin header against an allowlist. Its executes its validation of the Referer header for cross-origin requests only when it believes...

6CVSS5.1AI score0.00345EPSS
Exploits0References1
OSV
OSV
added 2023/11/21 10:15 p.m.5 views

CVE-2023-49104

An issue was discovered in ownCloud owncloud/oauth2 before 0.6.1, when Allow Subdomains is enabled. An attacker is able to pass in a crafted redirect-url that bypasses validation, and consequently allows an attacker to redirect callbacks to a Top Level Domain controlled by the attacker...

6.1CVSS5.8AI score
Exploits0References2
Prion
Prion
added 2023/11/21 10:15 p.m.16 views

Input validation

An issue was discovered in ownCloud owncloud/oauth2 before 0.6.1, when Allow Subdomains is enabled. An attacker is able to pass in a crafted redirect-url that bypasses validation, and consequently allows an attacker to redirect callbacks to a Top Level Domain controlled by the attacker...

5.8CVSS7AI score0.00562EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/11/21 12:0 a.m.14 views

CVE-2023-49104

An issue was discovered in ownCloud owncloud/oauth2 before 0.6.1, when Allow Subdomains is enabled. An attacker is able to pass in a crafted redirect-url that bypasses validation, and consequently allows an attacker to redirect callbacks to a Top Level Domain controlled by the attacker...

8.7CVSS6.9AI score0.00562EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/11/21 12:0 a.m.21 views

CVE-2023-49104

An issue was discovered in ownCloud owncloud/oauth2 before 0.6.1, when Allow Subdomains is enabled. An attacker is able to pass in a crafted redirect-url that bypasses validation, and consequently allows an attacker to redirect callbacks to a Top Level Domain controlled by the attacker...

8.7CVSS9AI score0.00562EPSS
Exploits0References2
Talos Blog
Talos Blog
added 2023/08/29 12:0 p.m.18 views

What's in a name? Strange behaviors at top-level domains creates uncertainty in DNS

Google introduced the new ".zip" Top Level Domain TLD on May 3, 2023, igniting a firestorm of controversy as security organizations warned against the confusion that was certain to occur. When clicking on a name that ends in ".zip" are people intending to open an archive file or an internet URL?...

6.8AI score
Exploits0
OSV
OSV
added 2023/03/03 4:15 p.m.3 views

CVE-2022-2837

A flaw was found in coreDNS. This flaw allows a malicious user to redirect traffic intended for external top-level domains TLD to a pod they control by creating projects and namespaces that match the TLD...

6.1CVSS5.8AI score0.00385EPSS
Exploits0References1
Rows per page
Query Builder