weblogin/login.fcgi (aka the WebLogin login script) in Stanford University WebAuth 3.5.5, 3.6.0, and 3.6.1 places passwords in URLs in certain circumstances involving conversion of a POST request to a GET request, which allows context-dependent attackers to discover passwords by reading (1) web-ser...
6.3AI Score
0.002EPSS
7.5CVSS
7.5AI Score
0.004EPSS
7.5CVSS
7.5AI Score
0.002EPSS
9.8CVSS
9.3AI Score
0.004EPSS
An Incorrect Access Control vulnerability exists in CoreNLP 4.3.2 via the classifier in NERServlet.java (lines 158 and 159).
9.8CVSS
9.3AI Score
0.003EPSS
7.1CVSS
6.8AI Score
0.001EPSS
9.8CVSS
9.3AI Score
0.002EPSS
stanford-parser v3.9.2 and below was discovered to contain a code injection vulnerability in the component edu.stanford.nlp.io.getBZip2PipedInputStream. This vulnerability is exploited via passing an unchecked argument.
9.8CVSS
9.6AI Score
0.003EPSS