4 matches found
CVE-2026-10291
A security vulnerability has been detected in Enderfga claw-orchestrator up to 3.7.0. The impacted element is the function validateRegex of the file claw-orchestrator/src/embedded-server.ts of the component Session Grep Endpoint. The manipulation of the argument body.pattern leads to inefficient...
Elastic Cloud Enterprise 3.7.1 Security Update (ESA-2024-08)
Elastic Cloud Enterprise - Uncontrolled Resource Consumption through HTTP/2 endpoints - CVE-2023-45288 ESA-2024-08 On April 4, 2024, the Go Project announced CVE-2023-45288, which can lead to CPU exhaustion as an attacker can cause an HTTP/2 endpoint to read arbitrary amounts of header data. In t...
PYSEC-2021-76
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In aiohttp before version 3.7.4 there is an open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website. It is caused by a bug in the...
PT-2012-4446 · Tridium · Tridium Niagara Ax Framework
Name of the Vulnerable Software and Affected Versions: Tridium Niagara AX Framework versions prior to 3.7 Description: The issue concerns the default configuration of the software, which uses a cleartext base64 format for transmitting credentials in cookies. This allows remote attackers to obtain...