Lucene search
K

6 matches found

Snyk
Snyk
added 2026/03/18 8:0 p.m.4 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the field action processing endpoint. An attacker can bypass intended authorization restrictions by submitting crafted requests with attacker-controlled field definitions. Remediation Upgrade statamic/cms to...

5.4CVSS5.8AI score0.00224EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/13 8:3 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetchKey function. An attacker can cause the server to make arbitrary HTTP requests to attacker-controlled destinations by crafting a JWT with malicious claim values that are interpolated into th...

9.3CVSS5.9AI score0.00258EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/13 8:3 p.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetchKey function. An attacker can cause the server to make arbitrary HTTP requests to attacker-controlled destinations by crafting a JWT with malicious claim values that are interpolated into th...

9.3CVSS5.9AI score0.00258EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/13 8:3 p.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetchKey function. An attacker can cause the server to make arbitrary HTTP requests to attacker-controlled destinations by crafting a JWT with malicious claim values that are interpolated into th...

9.3CVSS5.9AI score0.00258EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/03 3:44 p.m.2 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the GET /1.0/certificates API endpoint. An attacker can enumerate all certificate fingerprints trusted by the server by sending crafted requests as an authenticated, restricted user. Remediation Upgrade...

5.3CVSS6AI score0.00141EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/04/27 12:0 a.m.4 views

PT-2023-23272 · Unknown · Startsharp +1

Name of the Vulnerable Software and Affected Versions: Serenity Serene versions prior to 6.7.0 StartSharp versions prior to 6.7.0 Description: A security issue was discovered where users can upload temporary files with certain file endings, such as .html or .htm, that contain a malicious payload...

6.1CVSS7.3AI score0.00785EPSS
Exploits1References10
Rows per page
Query Builder