Lucene search
K

13 matches found

Snyk
Snyk
added 2026/01/22 6:6 p.m.1 views

LDAP Injection

Overview moonraker is an API Server for Klipper Affected versions of this package are vulnerable to LDAP Injection via the ldap component in the login endpoint. An attacker can enumerate user IDs and user attributes by exploiting LDAP search filter injection and analyzing 401 error responses to...

6.9CVSS5.9AI score0.0027EPSS
Exploits0References2
NVD
NVD
added 2026/01/07 12:17 p.m.8 views

CVE-2025-68637

The Uniffle HTTP client is configured to trust all SSL certificates and disables hostname verification by default. This insecure configuration exposes all REST API communication between the Uniffle CLI/client and the Uniffle Coordinator service to potential Man-in-the-Middle MITM attacks. This...

9.1CVSS0.0022EPSS
Exploits0References2
OSV
OSV
added 2026/01/07 9:39 a.m.5 views

CVE-2025-68637 Apache Uniffle: Insecure SSL Configuration in Uniffle HTTP Client

The Uniffle HTTP client is configured to trust all SSL certificates and disables hostname verification by default. This insecure configuration exposes all REST API communication between the Uniffle CLI/client and the Uniffle Coordinator service to potential Man-in-the-Middle MITM attacks. This...

9.1CVSS5.9AI score0.0022EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/07 9:39 a.m.3 views

CVE-2025-68637 Apache Uniffle: Insecure SSL Configuration in Uniffle HTTP Client

The Uniffle HTTP client is configured to trust all SSL certificates and disables hostname verification by default. This insecure configuration exposes all REST API communication between the Uniffle CLI/client and the Uniffle Coordinator service to potential Man-in-the-Middle MITM attacks. This...

6.5AI score0.0022EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/07 9:39 a.m.25 views

CVE-2025-68637 Apache Uniffle: Insecure SSL Configuration in Uniffle HTTP Client

The Uniffle HTTP client is configured to trust all SSL certificates and disables hostname verification by default. This insecure configuration exposes all REST API communication between the Uniffle CLI/client and the Uniffle Coordinator service to potential Man-in-the-Middle MITM attacks. This...

0.0022EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.6 views

PT-2026-1641

Name of the Vulnerable Software and Affected Versions Uniffle versions prior to 0.10.0 Description The Uniffle HTTP client is configured to trust all SSL certificates and disables hostname verification by default. This insecure configuration exposes all REST API communication between the Uniffle...

9.1CVSS6.7AI score0.0022EPSS
Exploits0References10
Snyk
Snyk
added 2025/05/13 4:44 p.m.1 views

Authentication Bypass by Primary Weakness

Overview Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness due to the improper handling of JWS signature verification. An attacker can bypass security checks and authenticate using a specially crafted JWS without valid credentials. Note: CVE-2025-4658 i...

10CVSS6.9AI score0.00355EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/03/15 12:0 a.m.4 views

PT-2024-22607

Name of the Vulnerable Software and Affected Versions tls-listener versions prior to 0.10.0 Description The default configuration of tls-listener makes any public service using TlsListener::new vulnerable to a slow-loris DoS attack. A malicious user can open 6.4 TcpStreams a second, sending 0...

7.5CVSS6.6AI score0.00964EPSS
Exploits1References18
Positive Technologies
Positive Technologies
added 2023/01/07 12:0 a.m.2 views

PT-2023-16018 · Unknown · Usememos/Memos

Name of the Vulnerable Software and Affected Versions: usememos/memos versions prior to 0.10.0 Description: The issue is related to Cross-site Scripting XSS - Stored, which occurs when an application stores user input and later displays it without proper validation, allowing attackers to inject...

7.1CVSS6.6AI score0.00498EPSS
Exploits1References11
Snyk
Snyk
added 2019/12/01 10:15 p.m.2 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write. An issue was discovered in amqphandleinput in amqpconnection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTIONSTATEHEADER. A rogue server could...

9.8CVSS7.3AI score0.03317EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2018/03/12 12:0 a.m.6 views

PT-2018-7170 · Red Hat · Hammer Cli

Name of the Vulnerable Software and Affected Versions: Hammer CLI versions prior to 0.10.0 Description: The issue concerns a problem where server certificates are not checked, making connections susceptible to man-in-the-middle attacks due to the lack of explicit verification of SSL certificates...

8.1CVSS6.8AI score0.00726EPSS
Exploits0References10
Snyk
Snyk
added 2017/09/13 10:0 p.m.3 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the REST server. An attacker can execute commands as the user by producing a malicious link that, if clicked while the user is logged in, exploits the server. PoC Attacker puts something like this int...

8.8CVSS7.2AI score0.01318EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/02/15 7:20 a.m.3 views

Apache Brooklyn vulnerable to cross-site request forgery

Overview Apache Brooklyn is a framework for modeling, monitoring, and managing applications. Apache Brooklyn contains a cross-site request forgery vulnerability. It is known that proof-of-concept code to exploit these vulnerabilties exist. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions,...

8.8CVSS7AI score0.01318EPSS
Exploits0References8
Rows per page
Query Builder