Lucene search
K

1712 matches found

NVD
NVD
added yesterday4 views

CVE-2026-49876

Authenticated SSRF in Gravitino JobManager allows server-side HTTP requests to internal network and cloud metadata endpoints via unvalidated job template URIs. A vulnerability in Apache Gravitino. This issue affects Apache Gravitino: from 1.0.0 through 1.2.1. Users are recommended to upgrade to...

6.5CVSS0.00204EPSS
Exploits0References2
CVE
CVE
added yesterday9 views

CVE-2026-49876

CVE-2026-49876 describes an authenticated SSRF in the Gravitino JobManager. The issue allows server-side HTTP requests to internal networks and cloud metadata endpoints via unvalidated job template URIs. Affected software: Apache Gravitino 1.0.0 through 1.2.1. Impact is tied to the ability to rea...

6.5CVSS6.1AI score0.00204EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-43076

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Drupal Location Selector allows SQL Injection. This issue affects Location Selector versions: from 0.0.0 to 1.3.0...

6.1AI score0.00194EPSS
Exploits0References2
NVD
NVD
added 4 days ago6 views

CVE-2026-15081

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Drupal Location Selector allows SQL Injection. This issue affects Location Selector versions: from 0.0.0 to 1.3.0...

7.4CVSS0.00194EPSS
Exploits0References1
NVD
NVD
added 4 days ago3 views

CVE-2026-13236

Missing Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from 0.0.0 to 1.1.4, from 1.2.0 to 1.2.5, from 1.3.0 to 1.3.1...

4.2CVSS0.00142EPSS
Exploits0References1
CVE
CVE
added 4 days ago11 views

CVE-2026-15081

CVE-2026-15081 affects Drupal Location Selector module (versions 0.0.0–1.3.0). The vulnerability arises from a Views filter that does not sufficiently sanitize user input, allowing improper neutralization of special elements in an SQL command (SQL Injection). Impact is_high confidentiality and in...

7.4CVSS6.1AI score0.00194EPSS
Exploits0References1
CVE
CVE
added 4 days ago12 views

CVE-2026-13234

CVE-2026-13234 concerns an improper neutralization of input during web page generation (XSS) in Drupal AI (Artificial Intelligence). Affected versions: 0.0.0–1.2.17, 1.3.0–1.3.8, and 1.4.0–1.4.3. The root cause is input handling within the module and certain submodules (AI Automators, AI Translat...

6.1CVSS6.1AI score0.00161EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 6:16 p.m.10 views

CVE-2026-54282

Starlette is a lightweight ASGI framework/toolkit. Prior to 1.3.0, the HTTP request path is not validated before being used to reconstruct request.url. Because request.url is rebuilt by concatenating scheme://hostpath and re-parsing the result, a path that does not begin with / for example...

5.3CVSS0.00187EPSS
Exploits0References1
OSV
OSV
added 2026/06/22 6:16 p.m.3 views

UBUNTU-CVE-2026-54282

Starlette is a lightweight ASGI framework/toolkit. Prior to 1.3.0, the HTTP request path is not validated before being used to reconstruct request.url. Because request.url is rebuilt by concatenating scheme://hostpath and re-parsing the result, a path that does not begin with / for example...

5.3CVSS5.9AI score0.00187EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/06/22 4:45 p.m.8 views

CVE-2026-54282

Starlette is a lightweight ASGI framework/toolkit. Prior to 1.3.0, the HTTP request path is not validated before being used to reconstruct request.url. Because request.url is rebuilt by concatenating scheme://hostpath and re-parsing the result, a path that does not begin with / for example...

5.3CVSS5.9AI score0.00187EPSS
Exploits0
CVE
CVE
added 2026/06/22 4:45 p.m.65 views

CVE-2026-54282

The CVE concerns Starlette prior to 1.3.0: HTTP request path is not validated when reconstructing request.url, allowing attacker-controlled hostname by re-parsing a non-absolute path (e.g., @google.com). The issue is fixed in 1.3.0. Remediate by upgrading to 1.3.0+; no exploitation details are pr...

5.3CVSS5.9AI score0.00187EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/22 4:45 p.m.48 views

CVE-2026-54282 Starlette: Unvalidated request path concatenated into authority poisons request.url.hostname

Starlette is a lightweight ASGI framework/toolkit. Prior to 1.3.0, the HTTP request path is not validated before being used to reconstruct request.url. Because request.url is rebuilt by concatenating scheme://hostpath and re-parsing the result, a path that does not begin with / for example...

3.7CVSS0.00187EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 6:35 p.m.11 views

EUVD-2026-37648

Unauthenticated Local File Inclusion in Promo = 1.3.0 versions...

8.1CVSS5.2AI score0.00363EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.11 views

CVE-2026-22325

Unauthenticated Local File Inclusion in Promo = 1.3.0 versions...

8.1CVSS0.00363EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:50 a.m.29 views

CVE-2026-22325 WordPress Promo theme <= 1.3.0 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Promo = 1.3.0 versions...

8.1CVSS0.00363EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/15 8:38 p.m.8 views

Use of Incorrectly-Resolved Name or Reference

Overview starlette is a The little ASGI library that shines. Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference in the reconstruction of request.url when the HTTP request path does not begin with /. An attacker can mislead the application into trusti...

8.3CVSS5.3AI score0.00187EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/11 12:9 p.m.13 views

WordPress Powerpack for LearnDash plugin < 1.3.0 - Unauthenticated Arbitrary Option Update vulnerability

Unauthenticated Arbitrary Option Update vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin PowerPack for LearnDash versions 1.3.0...

9.8CVSS7.8AI score0.00303EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/11 5:4 a.m.49 views

CVE-2026-41699

CVE-2026-41699 : Spring for GraphQL is affected by an Unsafe Deserialization flaw when processing paginated GraphQL queries (Connection fields). If the classpath contains specific deserialization-related classes, a crafted GraphQL request can lead to Remote Code Execution. Affected versions: Spri...

9.8CVSS5.7AI score0.0043EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/09 3:48 a.m.39 views

CVE-2026-41715 Reactor Netty HTTP Client Leaks Credentials On Protocol Downgrade Redirect

In specific scenarios involving HTTP redirects from a secure to an insecure endpoint, the Reactor Netty HTTP client may leak credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects. Affected versions: Reactor Netty 1.0.0 through 1.0.51;...

6.1CVSS0.00172EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 3:48 a.m.10 views

EUVD-2026-35322

In specific scenarios involving HTTP redirects from a secure to an insecure endpoint, the Reactor Netty HTTP client may leak credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects. Affected versions: Reactor Netty 1.0.0 through 1.0.51;...

6.1CVSS5.5AI score0.00172EPSS
Exploits0References1
Rows per page
Query Builder