Page 5 of 38445 results (0.060 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

In versions prior to v1.49.0, the rate limiter could be bypassed by forging proxy headers allowing bad actors to send unlimited traffic to the site potentially causing a denial of service. • https://docs.pwpush.com/docs/proxies/#trusted-proxies https://github.com/pglombardo/PasswordPusher/releases/tag/v1.49.0 https://github.com/pglombardo/PasswordPusher/security/advisories/GHSA-ffp2-8p2h-4m5j • CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Version 5.4.1 fixes the issues. 2FAuth es una aplicación web para administrar cuentas de autenticación de dos factores (2FA) y generar sus códigos de seguridad. Existen dos vulnerabilidades interconectadas en la versión 5.4.1: un problema de omisión de validación de SSRF y URI. ... La combinación de estos dos problemas permite a un atacante recuperar URI accesibles desde la aplicación, siempre que su tipo de contenido esté basado en texto. • https://github.com/Bubka/2FAuth/security/advisories/GHSA-xwxc-w7v3-2p4j • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Version 5.4.1 contains a patch for the issue. 2FAuth es una aplicación web para administrar cuentas de autenticación de dos factores (2FA) y generar sus códigos de seguridad. • https://github.com/Bubka/2FAuth/commit/93c508e118f483f3c93ac36e1f91face95af642d https://github.com/Bubka/2FAuth/security/advisories/GHSA-q5p4-6q4v-gqg3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •

CVSS: -EPSS: 0%CPEs: -EXPL: 0

An issue in the Instructor Appointment Availability module of eSoft Planner 3.24.08271-USA allows attackers to cause a Denial of Service (DoS) via a crafted POST request. • https://github.com/esoft-planner-cve/esoft_planner_cve •

CVSS: -EPSS: 0%CPEs: -EXPL: 0

This bug is trivial to exploit for a denial of service but is not certain to suffice to bring the system down and can generally not be exploited further because the exploitable buffer is dynamically allocated. • https://github.com/mbed-ce/mbed-os/blob/54e8693ef4ff7e025018094f290a1d5cf380941f/connectivity/FEATURE_BLE/libraries/cordio_stack/ble-host/sources/hci/dual_chip/hci_evt.c#L2748 https://github.com/mbed-ce/mbed-os/pull/386 •