13 matches found
LDAP Injection
Overview moonraker is an API Server for Klipper Affected versions of this package are vulnerable to LDAP Injection via the ldap component in the login endpoint. An attacker can enumerate user IDs and user attributes by exploiting LDAP search filter injection and analyzing 401 error responses to...
CVE-2025-68637
The Uniffle HTTP client is configured to trust all SSL certificates and disables hostname verification by default. This insecure configuration exposes all REST API communication between the Uniffle CLI/client and the Uniffle Coordinator service to potential Man-in-the-Middle MITM attacks. This...
CVE-2025-68637 Apache Uniffle: Insecure SSL Configuration in Uniffle HTTP Client
The Uniffle HTTP client is configured to trust all SSL certificates and disables hostname verification by default. This insecure configuration exposes all REST API communication between the Uniffle CLI/client and the Uniffle Coordinator service to potential Man-in-the-Middle MITM attacks. This...
CVE-2025-68637 Apache Uniffle: Insecure SSL Configuration in Uniffle HTTP Client
The Uniffle HTTP client is configured to trust all SSL certificates and disables hostname verification by default. This insecure configuration exposes all REST API communication between the Uniffle CLI/client and the Uniffle Coordinator service to potential Man-in-the-Middle MITM attacks. This...
CVE-2025-68637 Apache Uniffle: Insecure SSL Configuration in Uniffle HTTP Client
The Uniffle HTTP client is configured to trust all SSL certificates and disables hostname verification by default. This insecure configuration exposes all REST API communication between the Uniffle CLI/client and the Uniffle Coordinator service to potential Man-in-the-Middle MITM attacks. This...
PT-2026-1641
Name of the Vulnerable Software and Affected Versions Uniffle versions prior to 0.10.0 Description The Uniffle HTTP client is configured to trust all SSL certificates and disables hostname verification by default. This insecure configuration exposes all REST API communication between the Uniffle...
Authentication Bypass by Primary Weakness
Overview Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness due to the improper handling of JWS signature verification. An attacker can bypass security checks and authenticate using a specially crafted JWS without valid credentials. Note: CVE-2025-4658 i...
PT-2024-22607
Name of the Vulnerable Software and Affected Versions tls-listener versions prior to 0.10.0 Description The default configuration of tls-listener makes any public service using TlsListener::new vulnerable to a slow-loris DoS attack. A malicious user can open 6.4 TcpStreams a second, sending 0...
PT-2023-16018 · Unknown · Usememos/Memos
Name of the Vulnerable Software and Affected Versions: usememos/memos versions prior to 0.10.0 Description: The issue is related to Cross-site Scripting XSS - Stored, which occurs when an application stores user input and later displays it without proper validation, allowing attackers to inject...
Out-of-bounds Write
Overview Affected versions of this package are vulnerable to Out-of-bounds Write. An issue was discovered in amqphandleinput in amqpconnection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTIONSTATEHEADER. A rogue server could...
PT-2018-7170 · Red Hat · Hammer Cli
Name of the Vulnerable Software and Affected Versions: Hammer CLI versions prior to 0.10.0 Description: The issue concerns a problem where server certificates are not checked, making connections susceptible to man-in-the-middle attacks due to the lack of explicit verification of SSL certificates...
Cross-site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the REST server. An attacker can execute commands as the user by producing a malicious link that, if clicked while the user is logged in, exploits the server. PoC Attacker puts something like this int...
Apache Brooklyn vulnerable to cross-site request forgery
Overview Apache Brooklyn is a framework for modeling, monitoring, and managing applications. Apache Brooklyn contains a cross-site request forgery vulnerability. It is known that proof-of-concept code to exploit these vulnerabilties exist. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions,...