Questions tagged [vulnerability]
A weakness or flaw in computer software and hardware which allows an attacker to take advantage of (exploit) a targeted system.
1,058 questions
-2votes
1answer
49views
what is the recommended xml secure configuration to prevent xxe
I want to write down as a security requirements, the recommended security configurations that should be applied to any xml parser. I checked the OWASP cheatsheet (https://cheatsheetseries.owasp.org/...
- 465
15votes
2answers
5kviews
Web application contains a link to a non-existing domain, is this a vulnerability?
I got a Dynamic Application Security Testing (DAST) scan that reports an issue on a web application. It says "The web application contains a link to a non-existing domain" and it's marked ...
- 465
1vote
1answer
140views
What's the deal with CISA adding CVE-2024-49035 (Microsoft Partner Center vulnerability) to its catalog of exploited vulnerabilities?
Two weeks ago (Feb 25, 2025), CISA added CVE-2024-49035 to its catalog of actively exploited vulnerabilities. Now, the thing is: CVE-2024-49035 is not a "classic" vulnerability in a software ...
- 3,940
1vote
0answers
134views
could XXE vulnerability lead to an RCE
I have identified an XXE vulnerability in an XML parser of an application that allows external entities. I used the below crafted xml to do a get request on localhost on port 9090, and on the same ...
- 465
12votes
10answers
2kviews
Best Practices for Managing Open-Source Vulnerabilities in Enterprise Deployments
We are facing a challenge with managing vulnerabilities in certain open-source libraries used in our enterprise product. The current versions of these libraries have known vulnerabilities flagged by ...
5votes
3answers
2kviews
Which external vulnerabilities remain for a web server secured with mTLS?
Scenario: A web server with a web app for remote staff. The web server is behind a reverse proxy (traefik) The web server has a host based firewall configured to allow connections only from the proxy ...
- 802
3votes
1answer
96views
how is CVE-2021-22044 risky
I am looking at this CVE: https://nvd.nist.gov/vuln/detail/CVE-2021-22044 The description says: In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported ...
- 465
0votes
0answers
68views
Does this vulnerability related to general purpose registers exist?
Does anyone know any type of vulnerability that affects CPU registers that allows an attacker overwrite registers with specific values that remain fixed for example for a few instructions and only ...
0votes
0answers
60views
how to check usages of a class method in open source code
I detected in a codeline usage of a bouncy castle that is vulnerable to the cve CVE-2023-33201. The CVE seems to come from the guilty class X509LDAPCertStoreSpi.java, and in specific the method search(...
- 465
1vote
0answers
61views
Do common centralized IT access policies create any security risks, and are there alternatives? [closed]
Many large companies have IT policies where even low-level IT employees have privileges such as remote access to any company computer (often automatic, able to override user denial, or even silent), ...
- 111
1vote
1answer
61views
can a tomcat application sitting behind a reverse proxy be exploited
I am trying to exploit a vulnerability in tomcat based on CVE-2020-13935. I found online this interesting poc https://blog.redteam-pentesting.de/2020/websocket-vulnerability-tomcat/ In my case, the ...
- 465
3votes
1answer
145views
Is unauthenticated access to electricity meter readings considered a vulnerability?
Every month I "tell" my electricity meter readings to my grid provider. They started sending me (and other customers) emails with an URL that includes my account number - for my convenience. ...
- 31
2votes
2answers
352views
Is path traversal a valid vulnerability valid for a windows desktop application?
I am having a small .NET console application that the user launches on its local machine, passing a path argument to which the application is writing a file. Can this be considered a path traversal ...
- 123
3votes
1answer
141views
can vulnerabilities in transitive dependencies be exploitable?
I am running nmap on an http server, and I got the netty version used by the server. Netty version used is 9.4.53.v20231009 , I tried to check online for CVEs related to this version, and it seems ...
- 465
2votes
3answers
256views
Is this a session hijacking vulnerability?
I have a web application that sends this cookie after login: Set-Cookie: ASP.NET_SessionId=55adfqwdf6qdqrgsdfg; path=/; HttpOnly; SameSite=Lax If I theoretically steal the session ID and use it in ...
