|
2701
|
- |
|
-
|
-
|
Cosmos provides users the ability self-host a home server by acting as a secure gateway to your application, as well as a server manager. By monitoring the error code returned in the login, it is pos…
|
CWE-204
Response Discrepancy Information Exposure
|
CVE-2025-23214
|
2025-01-21 03:15 |
2025-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2702
|
4.0 |
MEDIUM
Local
|
-
|
-
|
IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 allows web pages to be stored locally which can be read by another user on the system.
|
CWE-525
Use of Web Browser Cache Containing Sensitive Information
|
CVE-2024-22349
|
2025-01-21 03:15 |
2025-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2703
|
5.3 |
MEDIUM
Network
-
|
-
|
IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensiti…
|
CWE-942
Permissive Cross-domain Policy with Untrusted Domains
|
CVE-2024-22348
|
2025-01-21 03:15 |
2025-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2704
|
5.9 |
MEDIUM
Network
|
-
|
-
|
IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2024-22347
|
2025-01-21 03:15 |
2025-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2705
|
- |
|
-
|
-
|
Fedify is a TypeScript library for building federated server apps powered by ActivityPub and other standards. This vulnerability allows a user to maneuver the Webfinger mechanism to perform a GET req…
|
CWE-918
CWE-835
Server-Side Request Forgery (SSRF)
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2025-23221
|
2025-01-21 02:15 |
2025-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2706
|
- |
|
-
|
-
|
CodeIgniter is a PHP full-stack web framework. Prior to 4.5.8, CodeIgniter lacked proper header validation for its name and value. The potential attacker can construct deliberately malformed headers …
|
CWE-436
Interpretation Conflict
|
CVE-2025-24013
|
2025-01-21 01:15 |
2025-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2707
|
- |
|
-
|
-
|
Vite is a frontend tooling framework for javascript. Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation…
|
CWE-346
CWE-350
CWE-1385
Origin Validation Error
Reliance on Reverse DNS Resolution for a Security-Critical Action
Missing Origin Validation in WebSockets
|
CVE-2025-24010
|
2025-01-21 01:15 |
2025-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2708
|
- |
|
-
|
-
|
PwnDoc is a penetration test report generator. There is no CSRF protection in pwndoc, allowing attackers to send requests on a logged-in user's behalf. This includes GET and POST requests due to the …
|
CWE-352
Origin Validation Error
|
CVE-2025-23044
|
2025-01-21 01:15 |
2025-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2709
|
- |
|
-
|
-
|
gitoxide is an implementation of git written in Rust. Prior to 0.17.0, gix-worktree-state specifies 0777 permissions when checking out executable files, intending that the umask will restrict them ap…
|
CWE-281
CWE-687
Improper Preservation of Permissions
Function Call With Incorrectly Specified Argument Value
|
CVE-2025-22620
|
2025-01-21 01:15 |
2025-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2710
|
- |
|
-
|
-
|
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Cross-Site Scripting (XSS) vulnerability in the code which translates the XLSX file into a HTML representation and displays …
|
CWE-79
Cross-site Scripting
|
CVE-2025-22131
|
2025-01-21 01:15 |
2025-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
