Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
Use of Hard-coded Cryptographic Key vulnerability in Apache OpenMeetings. The remember-me cookie encryption key is set to default value in openmeetings.properties and not being auto-rotated. In case
Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings. The REST login endpoint uses HTTP GET method with username and password passed as query parameters. Please
Improper Handling of Insufficient Privileges vulnerability in Apache OpenMeetings. Any registered user can query web service with their credentials and get files/sub-folders of any folder by ID (meta
A flaw was found in Keycloak. Keycloak does not immediately enforce the disabling of the "Remember Me" realm setting on existing user sessions. Sessions created while "Remember Me" was active retain t
A vulnerability was found in wangl1989 mysiteforme 1.0 and classified as critical. Affected by this issue is the function rememberMeManager of the file src/main/java/com/mysiteforme/admin/config/Shiro
Boruta is a standalone authorization server that aims to implement OAuth 2.0 and Openid Connect up to decentralized identity specifications. Prior to version 0.9.1, boruta session cookies and the iden
A vulnerability, which was classified as critical, was found in lty628 Aidigu up to 1.8.2. This affects the function checkUserCookie of the file /application/common.php of the component PHP Object Han
CVE-2024-54676
CRITICAL CVSS 9.8
Find Similar
Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0 Description: Default clustering instructions at https://openmeetings.apache.org/Clustering.html
Default configurations of Apache Shiro send sensitive cookies in HTTPS session without 'Secure' attribute. This issue affects Apache Shiro from 1.0 to 2.1.0, and 3.0.0-alpha-1. Users are recommend
A vulnerability was found in crmeb crmeb_java 1.4. Affected is the function RestTemplate.getForEntity of the file crmeb-common/src/main/java/com/zbkj/common/utils/RestTemplateUtil.java of the componen
Misskey is an open source, federated social media platform. Attackers who use an untrusted reverse proxy or not using a reverse proxy at all can bypass IP rate limiting by adding a forged X-Forwarded-
A vulnerability was identified in CRMEB up to 5.6.1. This affects an unknown function of the component JWT HMAC Secret Handler. Such manipulation of the argument secret with the input default leads to
Open OnDemand provides remote web access to supercomputers. In versions 4.0.8 and prior, the Apache proxy allows sensitive headers to be passed to origin servers. This means malicious users can create
A security flaw has been discovered in CRMEB up to 5.6.3. The affected element is the function appleLogin of the file crmeb/app/api/controller/v1/LoginController.php. Performing a manipulation of the
The mem0 1.0.0 server lacks authentication and authorization controls for its memory management API endpoints. Critical functions such as updating memory records (PUT /memories/{memory_id}) are expose
Mem0 versions through 0.2.8, fixed in commit ae7f406, contain a missing authorization vulnerability in the self-hosted server component where the POST /configure endpoint modifies global LLM provider
A vulnerability has been identified in Mendix Encryption (All versions >= V10.0.0 < V10.0.2). Affected versions of the module define a specific hard-coded default value for the EncryptionKey constant,
The Secure attribute is missing on multiple cookies provided by the MEAC300-FNADE4. An attacker can trick a user to establish an unencrypted HTTP connection to the server and intercept the request con
A stored cross-site scripting vulnerability exists in MISP when the Overmind theme is used. The setHomePage endpoint previously saved the user-controlled path value through setSettingInternal(), bypas
A security flaw has been discovered in perfree go-fastdfs-web up to 1.3.7. This affects the function rememberMeManager of the file src/main/java/com/perfree/config/ShiroConfig.java of the component Ap
Page 1+ Next →