Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
routes project routes vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2021-36793
The routes (aka Extbase Yaml Routes) extension prior to 2.1.1 for TYPO3, when CsrfTokenViewHelper is used, allows Sensitive Information Disclosure because a session identifier is unsafely present in HTML output.
Routes Project Routes
9.8
CVSSv3
CVE-2023-27849
rails-routes-to-json v1.0.0 exists to contain a remote code execution (RCE) vulnerability via the child_process function.
Rails-routes-to-json Project Rails-routes-to-json 1.0.0
7.5
CVSSv3
CVE-2022-25508
An access control issue in the component /ManageRoute/postRoute of FreeTAKServer v1.9.8 allows unauthenticated malicious users to cause a Denial of Service (DoS) via an unusually large amount of created routes, or create unsafe or false routes for legitimate users.
Freetakserver-ui Project Freetakserver-ui 1.9.8
6.1
CVSSv3
CVE-2023-49438
An open redirect vulnerability in the python package Flask-Security-Too <=5.3.2 allows malicious users to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on the /login and /register routes.
Flask-security-too Project Flask-security-too
1 Github repository
9.8
CVSSv3
CVE-2015-10055
A vulnerability was found in PictureThisWebServer and classified as critical. This issue affects the function router.post of the file routes/user.js. The manipulation of the argument username/password leads to sql injection. The patch is named 68b9dc346e88b494df00d88c7d058e96820e...
Picturethiswebserver Project Picturethiswebserver
6.1
CVSSv3
CVE-2020-36621
A vulnerability, which was classified as problematic, has been found in chedabob whatismyudid. Affected by this issue is the function exports.enrollment of the file routes/mobileconfig.js. The manipulation leads to cross site scripting. The attack may be launched remotely. The na...
Whatismyudid Project Whatismyudid
7.5
CVSSv3
CVE-2020-7764
This affects the package find-my-way prior to 2.2.5, from 3.0.0 and prior to 3.0.5. It accepts the Accept-Version' header by default, and if versioned routes are not being used, this could lead to a denial of service. Accept-Version can be used as an unkeyed header in a cach...
Find-my-way Project Find-my-way
8.8
CVSSv3
CVE-2016-10533
express-restify-mongoose is a module to easily create a flexible REST interface for mongoose models. express-restify-mongoose 2.4.2 and previous versions and 3.0.X up to and including 3.0.1 allows a malicious user to send a request for `GET /User?distinct=password` and get all th...
Express-restify-mongoose Project Express-restify-mongoose
8.8
CVSSv3
CVE-2022-24857
django-mfa3 is a library that implements multi factor authentication for the django web framework. It achieves this by modifying the regular login view. Django however has a second login view for its admin area. This second login view was not modified, so the multi factor authent...
Django-mfa3 Project Django-mfa3
7.5
CVSSv3
CVE-2023-33960
OpenProject is web-based project management software. For any OpenProject installation, a `robots.txt` file is generated through the server to denote which routes shall or shall not be accessed by crawlers. These routes contain project identifiers of all public projects in the in...
Openproject Openproject
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »