Lucene search
K
CvelistRecent

364749 matches found

Cvelist
Cvelist
•added 2026/06/19 6:14 p.m.•22 views

CVE-2026-49293 CPU exhaustion via O(n^2) BigInt construction on radix-prefixed integer literals

js-toml is a TOML parser for JavaScript, fully compliant with the TOML 1.0.0 Spec. Versions up to and including 1.1.0 parse hexadecimal / octal / binary integer literals via a hand-written parseBigInt loop that multiplies a BigInt accumulator by the radix once per input digit. Each iteration...

7.5CVSS0.00415EPSS
Exploits1References3
Cvelist
Cvelist
•added 2026/06/19 6:11 p.m.•37 views

CVE-2026-49288 Statamic CMS missing authorization on Control Panel fieldtype endpoints allows disclosure of restricted resources

Statamic is a Laravel and Git powered content management system CMS. Prior to 5.73.23 and 6.20.0, an authenticated Control Panel user could view metadata and content for resources they don't have permission to view, including entries, assets, users, roles, groups, and other configured resources...

4.3CVSS0.00162EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/19 5:59 p.m.•20 views

CVE-2026-49291 mcp-memory-service: OAuth read-only clients can write and delete memories through MCP tools/call

mcp-memory-service is a semantic memory layer for AI applications. Prior to version 10.65.3, the HTTP MCP JSON-RPC endpoint at /mcp requires only OAuth read scope for all requests, then dispatches tools/call directly to handlers that include mutating tools. A read-only OAuth client can call...

8.1CVSS0.00264EPSS
Exploits0References3
Cvelist
Cvelist
•added 2026/06/19 5:52 p.m.•19 views

CVE-2023-54357 Joomla com_booking 2.4.9 Information Disclosure via Account Enumeration

Joomla combooking component 2.4.9 contains an information disclosure vulnerability that allows unauthenticated attackers to enumerate user accounts by exploiting the getUserData function in the customer controller. Attackers can send GET requests to index.php with option=combooking,...

8.7CVSS0.00346EPSS
Exploits0References4
Cvelist
Cvelist
•added 2026/06/19 5:48 p.m.•19 views

CVE-2019-25762 Joomla! Component JoomProject 1.1.3.2 Information Disclosure

Joomla! Component JoomProject 1.1.3.2 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive user data by exploiting the projects endpoint. Attackers can send requests to index.php with option=comjpprojects&view=projects&tmpl=component&format=js...

8.7CVSS0.00442EPSS
Exploits0References4
Cvelist
Cvelist
•added 2026/06/19 5:45 p.m.•20 views

CVE-2019-25761 Joomla! Component JoomCRM 1.1.1 SQL Injection via deal_id

Joomla! Component JoomCRM 1.1.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the dealid parameter. Attackers can send GET requests to index.php with option=comjoomcrm&view=contacts and inject SQL...

7.1CVSS0.00221EPSS
Exploits0References4
Cvelist
Cvelist
•added 2026/06/19 5:42 p.m.•19 views

CVE-2019-25760 Joomla! Component Easy Shop 1.2.3 Local File Inclusion

Joomla! Component Easy Shop 1.2.3 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by supplying base64-encoded file paths. Attackers can send GET requests to index.php with the option parameter set to comeasyshop, task set to...

6.9CVSS0.00426EPSS
Exploits0References4
Cvelist
Cvelist
•added 2026/06/19 5:38 p.m.•21 views

CVE-2019-25759 Joomla! Component vBizz 1.0.7 SQL Injection

Joomla! Component vBizz 1.0.7 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the payid parameter. Attackers can submit POST requests to the employee management interface with crafted payid array valu...

7.1CVSS0.00221EPSS
Exploits0References4
Cvelist
Cvelist
•added 2026/06/19 5:36 p.m.•24 views

CVE-2026-49287 Statamic CMS vulnerable to unsafe method invocation via collection sorting allows data destruction

Statamic is a Laravel and Git powered content management system CMS. Prior to 5.73.23 and 6.20.0, the fix for CVE-2026-41175 was incomplete. It addressed the issue in the query builder, but the same protection was not applied to in-memory collection sorting. Manipulating sort parameters could...

7.4CVSS0.0027EPSS
Exploits0References2
Cvelist
Cvelist
•added 2026/06/19 5:35 p.m.•20 views

CVE-2019-25758 Joomla! Component vBizz 1.0.7 Remote Code Execution

Joomla! Component vBizz 1.0.7 contains an unrestricted file upload vulnerability that allows authenticated attackers to upload arbitrary PHP files by submitting malicious files through the profilepic parameter. Attackers can upload PHP files via POST requests to the employee view endpoint and...

8.8CVSS0.0067EPSS
Exploits0References4
Cvelist
Cvelist
•added 2026/06/19 5:31 p.m.•18 views

CVE-2019-25757 Joomla vWishlist 1.0.1 SQL Injection via vproductid Parameter

Joomla vWishlist 1.0.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the vproductid and userid parameters. Attackers can send POST requests to the component with crafted SQL payloads in these...

7.1CVSS0.00221EPSS
Exploits0References4
Cvelist
Cvelist
•added 2026/06/19 5:31 p.m.•22 views

CVE-2026-49290 Slopsmith has path traversal in archive extractors that allows arbitrary file write → potential RCE

Slopsmith is a self-contained web application for browsing, playing, and practicing Rocksmith 2014 Custom DLC CDLC. Prior to 0.2.9-alpha.5, a path-traversal vulnerability in Slopsmith's archive extractors allows an attacker to write arbitrary files outside the extraction directory by supplying a...

9.4CVSS0.00568EPSS
Exploits0References3
Cvelist
Cvelist
•added 2026/06/19 5:28 p.m.•17 views

CVE-2019-25756 Joomla! Component vAccount 2.0.2 SQL Injection via vaccount-dashboard

Joomla! Component vAccount 2.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the vid parameter. Attackers can send GET requests to the vaccount-dashboard/expense endpoint with crafted SQL payloa...

8.8CVSS0.00366EPSS
Exploits0References4
Cvelist
Cvelist
•added 2026/06/19 5:25 p.m.•22 views

CVE-2019-25755 Joomla vReview 1.9.11 SQL Injection via editReview

Joomla Component vReview 1.9.11 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cmId parameter. Attackers can send POST requests to the editReview task endpoint with URL-encoded SQL UNION...

8.8CVSS0.00366EPSS
Exploits0References4
Cvelist
Cvelist
•added 2026/06/19 5:21 p.m.•19 views

CVE-2019-25754 Joomla vRestaurant 1.9.4 SQL Injection via menu-listing-layout

Joomla Component vRestaurant 1.9.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keysearch parameter. Attackers can send POST requests to the menu-listing-layout endpoint with crafted SQL...

8.8CVSS0.00366EPSS
Exploits0References4
Cvelist
Cvelist
•added 2026/06/19 5:18 p.m.•17 views

CVE-2019-25753 Joomla! Component VMap 1.9.6 SQL Injection via loadmarker

Joomla! Component VMap 1.9.6 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the latlngbound parameter. Attackers can send GET requests to index.php with the option=comvmap&task=loadmarker parameters...

8.8CVSS0.00366EPSS
Exploits0References4
Cvelist
Cvelist
•added 2026/06/19 5:16 p.m.•25 views

CVE-2026-49271 libheif: Wrapped icef compressed-unit range check causes out-of-bounds read in uncompressed HEIF decoder

libheif is a HEIF and AVIF file format decoder and encoder. Prior to version 1.22.1, the uncompressed HEIF decoder validates explicit icef compressed-unit offsets using unitoffset + unitsize. Because the addition can wrap, a crafted HEIF file can pass the range check and then construct a vector...

6.5CVSS0.00199EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/19 5:15 p.m.•17 views

CVE-2019-25752 Joomla! Component J-BusinessDirectory 4.9.7 SQL Injection

Joomla! Component J-BusinessDirectory 4.9.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the type parameter. Attackers can send GET requests to index.php with the...

8.8CVSS0.00366EPSS
Exploits0References4
Cvelist
Cvelist
•added 2026/06/19 5:11 p.m.•18 views

CVE-2019-25751 Joomla J-ClassifiedsManager 3.0.5 SQL Injection

Joomla Component J-ClassifiedsManager 3.0.5 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the categorySearch, adType, and citySearch...

8.8CVSS0.00366EPSS
Exploits0References4
Cvelist
Cvelist
•added 2026/06/19 5:8 p.m.•16 views

CVE-2019-25750 Joomla J-MultipleHotelReservation 6.0.7 SQL Injection

Joomla Component J-MultipleHotelReservation 6.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the hotelid parameter. Attackers can send POST requests to the search-hotels endpoint with crafted S...

8.8CVSS0.00366EPSS
Exploits0References4
Cvelist
Cvelist
•added 2026/06/19 5:6 p.m.•19 views

CVE-2026-49359 PhpWeasyPrint vulnerable to SSRF and local file disclosure via the attachment option

PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, pontedilana/php-weasyprint fetches the content of option values server-side via filegetcontents when the value looks like a URL, without restricting the URL scheme. The attachment option of...

6.5CVSS0.00242EPSS
Exploits0References4
Cvelist
Cvelist
•added 2026/06/19 5:5 p.m.•18 views

CVE-2019-25749 Joomla J-CruisePortal 6.0.4 SQL Injection via cruises

Joomla J-CruisePortal 6.0.4 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the guestadult parameter. Attackers can send POST requests to the cruises endpoint with crafted SQL payloads in the guestadu...

7.1CVSS0.00221EPSS
Exploits0References4
Cvelist
Cvelist
•added 2026/06/19 5:3 p.m.•18 views

CVE-2026-49286 PhpWeasyPrint vulnerable to PHAR deserialization via output filename (CVE-2023-28115 case-insensitive bypass)

PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, pontedilana/php-weasyprint guarded the output filename against the phar:// stream wrapper with a case-sensitive blacklist. PHP stream wrappers are case-insensitive, so PHAR://, Phar://, etc...

8.1CVSS0.00555EPSS
Exploits0References4
Cvelist
Cvelist
•added 2026/06/19 5:1 p.m.•31 views

CVE-2019-25748 Joomla JHotelReservation 6.0.7 SQL Injection via search-hotels

Joomla JHotelReservation 6.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the rooms parameter. Attackers can send POST requests to the search-hotels endpoint with crafted SQL payloads in the...

8.8CVSS0.00296EPSS
Exploits0References4
Cvelist
Cvelist
•added 2026/06/19 4:59 p.m.•33 views

CVE-2026-49260 PhpWeasyPrint: shell command injection via configurable WeasyPrint binary path due to inverted is_executable() guard (mirror of KnpLabs/snappy GHSA-vpr4-p6fq-85jc)

PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.5.1, pontedilana/php-weasyprint builds the shell command for WeasyPrint by passing the binary path through escapeshellarg first and then checking the quoted result with isexecutable. On POSIX...

8.2CVSS0.00154EPSS
Exploits0References4
Cvelist
Cvelist
•added 2026/06/19 4:58 p.m.•30 views

CVE-2017-20282 Joomla! Component jCart for OpenCart 2.0 SQL Injection

Joomla! Component jCart for OpenCart 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the productid parameter. Attackers can send GET requests to index.php with the option=comjcart&route=product/product...

8.8CVSS0.00267EPSS
Exploits0References3
Cvelist
Cvelist
•added 2026/06/19 4:54 p.m.•30 views

CVE-2017-20281 Joomla! Component Extra Search 2.2.8 SQL Injection

Joomla! Component Extra Search 2.2.8 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the establename parameter. Attackers can send GET requests to index.php with the option=comextrasearch parameter and...

8.8CVSS0.00267EPSS
Exploits0References3
Cvelist
Cvelist
•added 2026/06/19 4:51 p.m.•32 views

CVE-2017-20280 Joomla Component Myportfolio 3.0.2 SQL Injection via pid Parameter

Joomla Component Myportfolio 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the pid parameter. Attackers can send GET requests to index.php with malicious pid values in the task=project&view=grid...

8.8CVSS0.00237EPSS
Exploits0References2
Cvelist
Cvelist
•added 2026/06/19 4:48 p.m.•28 views

CVE-2017-20279 Joomla Payage 2.05 SQL Injection via aid Parameter

Joomla Payage 2.05 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the aid parameter. Attackers can send GET requests to index.php with malicious aid values in the makepayment task to extract sensitive...

8.8CVSS0.00237EPSS
Exploits0References2
Cvelist
Cvelist
•added 2026/06/19 4:44 p.m.•32 views

CVE-2017-20278 Joomla JoomRecipe 1.0.3 SQL Injection via category parameter

Joomla Component JoomRecipe 1.0.3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the category parameter. Attackers can send GET requests to the all-recipes endpoint with malicious SQL payloads in the...

8.8CVSS0.00237EPSS
Exploits0References2
Cvelist
Cvelist
•added 2026/06/19 4:41 p.m.•28 views

CVE-2017-20277 Joomla JoomRecipe 1.0.4 Component Blind SQL Injection via search_author

Joomla JoomRecipe 1.0.4 component contains a blind SQL injection vulnerability in the searchauthor parameter on the search results page. Attackers can inject SQL code through POST requests to the search endpoint to extract database information using boolean-based blind SQL injection techniques...

8.8CVSS0.00253EPSS
Exploits0References4
Cvelist
Cvelist
•added 2026/06/19 4:38 p.m.•29 views

CVE-2017-20276 Joomla! Component SIMGenealogy 2.1.5 SQL Injection

Joomla! Component SIMGenealogy 2.1.5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the type parameter. Attackers can send GET requests to index.php with the option=comsimgenealogy, view=latest parameters...

8.8CVSS0.00237EPSS
Exploits0References2
Cvelist
Cvelist
•added 2026/06/19 4:34 p.m.•30 views

CVE-2017-20275 Joomla! Component PHP-Bridge 1.2.3 SQL Injection via id Parameter

Joomla! Component PHP-Bridge 1.2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=comphpbridge&view=phpview parameters and...

8.8CVSS0.00232EPSS
Exploits0References2
Cvelist
Cvelist
•added 2026/06/19 4:31 p.m.•29 views

CVE-2017-20274 Joomla LMS King Professional 3.2.4.0 SQL Injection via learningpath

Joomla LMS King Professional 3.2.4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cpid parameter. Attackers can send GET requests to index.php with the option=comlmsking, view=lmsking,...

8.8CVSS0.00237EPSS
Exploits0References2
Cvelist
Cvelist
•added 2026/06/19 4:28 p.m.•39 views

CVE-2026-56210 Libaom: libaom: heap-buffer-overflow read via missing bounds check in ctrl_set_layer_id

A heap-buffer-overflow read vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC Scalable Video Coding layer ID control function allows setting a spatiallayerid exceeding the configured number of layers. This causes an out-of-bounds heap rea...

7.1CVSS0.00245EPSS
Exploits0References5
Cvelist
Cvelist
•added 2026/06/19 4:28 p.m.•38 views

CVE-2026-56211 Libaom: libaom: remote code execution via svc layer context handling with attacker-controlled frames

A remote code execution vulnerability was found in libaom, the reference AV1 codec implementation. Insufficient bounds validation in the AV1 encoder's SVC Scalable Video Coding layer ID control allows an attacker to supply crafted video frame pixels that overlap with internal encoder layer contex...

7.1CVSS0.00414EPSS
Exploits0References5
Cvelist
Cvelist
•added 2026/06/19 4:28 p.m.•41 views

CVE-2026-56208 Libaom: libaom: heap buffer overflow in av1 encoder first-pass stats buffer via lap mode

A heap buffer overflow vulnerability was found in libaom, the reference AV1 codec implementation. A flaw in the AV1 encoder's Look-Ahead Processing LAP mode causes the first-pass stats ring buffer wrap-around guard to be bypassed when glaginframes is set to 1 or higher. This results in a 232-byte...

7.6CVSS0.00275EPSS
Exploits0References5
Cvelist
Cvelist
•added 2026/06/19 4:28 p.m.•43 views

CVE-2026-56209 Libaom: libaom: arbitrary address write via svc layer context oob and cyclic refresh map pointer hijack

An arbitrary address write vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC Scalable Video Coding layer ID control function allows an attacker to inject an arbitrary pointer into the cyclic refresh map field via crafted image pixel value...

7.1CVSS0.00272EPSS
Exploits0References5
Cvelist
Cvelist
•added 2026/06/19 4:28 p.m.•29 views

CVE-2017-20273 Joomla Event Registration Pro Calendar 4.1.3 SQL Injection

Joomla Event Registration Pro Calendar 4.1.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with...

8.8CVSS0.00237EPSS
Exploits0References2
Cvelist
Cvelist
•added 2026/06/19 4:24 p.m.•31 views

CVE-2017-20272 Joomla Ultimate Property Listing 1.0.2 SQL Injection via sf_selectuser_id

Joomla Ultimate Property Listing 1.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the sfselectuserid parameter. Attackers can send GET requests to index.php with the option=comupl and...

8.8CVSS0.00237EPSS
Exploits0References2
Cvelist
Cvelist
•added 2026/06/19 4:23 p.m.•32 views

CVE-2026-3195 Qemu-kvm: virtio-snd: heap buffer overflow in virtio_snd_pcm_in_cb (incomplete fix for cve-2024-7730)

A flaw was found in QEMU. When reading input audio in the virtio-snd device input callback, the virtiosndpcmincb function did not check whether the iov could fit the data buffer, potentially leading to a heap out-of-bounds write. This issue exists due to an incomplete fix for CVE-2024-7730...

7.4CVSS0.00126EPSS
Exploits0References2
Cvelist
Cvelist
•added 2026/06/19 4:23 p.m.•43 views

CVE-2026-3196 Qemu-kvm: virtio-snd: integer overflow leading to unbounded memory allocation

An integer overflow vulnerability was found in the virtio-snd device via PCMINFO requests from the guest. A malicious guest can provide out-of-bounds stream counts, potentially leading to unbounded memory allocation on the host and a denial of service condition...

5.5CVSS0.00102EPSS
Exploits0References2
Cvelist
Cvelist
•added 2026/06/19 4:21 p.m.•31 views

CVE-2017-20271 Joomla StreetGuessr Game 1.1.8 SQL Injection via catid

Joomla StreetGuessr Game 1.1.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the catid parameter. Attackers can send GET requests to index.php with the option=comstreetguess&view=maps parameters a...

8.8CVSS0.00237EPSS
Exploits0References2
Cvelist
Cvelist
•added 2026/06/19 4:17 p.m.•31 views

CVE-2017-20270 Joomla! Component Twitch Tv 1.1 SQL Injection

Joomla! Component Twitch Tv 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the username and id parameters. Attackers can send GET requests to index.php with option=comtwitchtv and view paramete...

8.8CVSS0.0027EPSS
Exploits0References4
Cvelist
Cvelist
•added 2026/06/19 4:14 p.m.•25 views

CVE-2017-20269 Joomla! Component KissGallery 1.0.0 SQL Injection

Joomla! Component KissGallery 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the component URL path. Attackers can supply malicious SQL code in the kissgallery endpoint to execute arbitrary database queries and extract sensitive...

8.8CVSS0.0027EPSS
Exploits0References4
Cvelist
Cvelist
•added 2026/06/19 4:11 p.m.•31 views

CVE-2017-20268 Joomla! Component Zap Calendar Lite 4.3.4 SQL Injection

Joomla! Component Zap Calendar Lite 4.3.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'eid' parameter. Attackers can send GET requests to the RSVP plugin endpoint with crafted SQL payloads t...

8.8CVSS0.0027EPSS
Exploits0References4
Cvelist
Cvelist
•added 2026/06/19 4:7 p.m.•31 views

CVE-2017-20267 Joomla! Component Calendar Planner 1.0.1 SQL Injection

Joomla! Component Calendar Planner 1.0.1 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the categoryid parameter. Attackers can send GET requests to the events view with malicious SQL code in the categoryid parameter to extract sensiti...

8.8CVSS0.00334EPSS
Exploits0References4
Cvelist
Cvelist
•added 2026/06/19 4:4 p.m.•33 views

CVE-2017-20266 Joomla SP Movie Database 1.3 SQL Injection via searchword

Joomla SP Movie Database 1.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the searchword parameter. Attackers can send GET requests to the searchresults view with crafted SQL payloads in the...

8.8CVSS0.00334EPSS
Exploits0References4
Cvelist
Cvelist
•added 2026/06/19 4:1 p.m.•36 views

CVE-2017-20265 Joomla! Component Flip Wall 8.0 SQL Injection

Joomla! Component Flip Wall 8.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wallid parameter. Attackers can send GET requests to index.php with the option=comflipwall&task=click&wallid...

7.1CVSS0.00241EPSS
Exploits0References4
Cvelist
Cvelist
•added 2026/06/19 3:59 p.m.•34 views

CVE-2026-12620 Access Token Exposure in URL Parameters in GridTime™ 3000 GNSS Time Server

The GridTime 3000 GNSS Time Server leaks the access token in the URL parameters of some endpoints. This issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0...

4.6CVSS0.00227EPSS
Exploits0References1
Total number of security vulnerabilities364749