Lucene search
K

5 matches found

Snyk
Snyk
added 2026/06/18 1:6 p.m.7 views

Partial String Comparison

Overview Affected versions of this package are vulnerable to Partial String Comparison via the router component. An attacker can route requests to unintended backend servers by sending crafted HTTP requests with manipulated Host headers. Remediation Upgrade http-proxy-middleware to version 2.0.10...

8.6CVSS5.9AI score0.0034EPSS
Exploits1References2
Snyk
Snyk
added 2025/09/12 8:2 p.m.3 views

Missing Authentication for Critical Function

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the forgot-password endpoint, which returns a valid password reset tempToken and sensitive user details without authentication or verification. An attacker c...

9.8CVSS7.3AI score0.50118EPSS
Exploits14References2
Positive Technologies
Positive Technologies
added 2023/07/28 12:0 a.m.5 views

PT-2023-26173 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.0.6 of the stable branch Discourse versions prior to 3.1.0.beta7 of the beta and tests-passed branches Description: Discourse is an open source discussion platform. The issue allows more users than permitted to b...

3.1CVSS3.8AI score0.0024EPSS
Exploits0References8
OSV
OSV
added 2023/04/20 9:33 p.m.4 views

GHSA-G5H3-W546-PJ7F Spring Boot Security Bypass with Wildcard Pattern Matching on Cloud Foundry

In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users...

9.8CVSS7.2AI score0.01122EPSS
Exploits0References11
PyPA
PyPA
added 2022/01/28 10:15 p.m.5 views

PYSEC-2022-21

Products.ATContentTypes are the core content types for Plone 2.1 - 4.3. Versions of Plone that are dependent on Products.ATContentTypes prior to version 3.0.6 are vulnerable to reflected cross site scripting and open redirect when an attacker can get a compromised version of the imageviewfullscre...

6.1CVSS5.9AI score0.00735EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder