Lucene search
K

9791 matches found

EUVD
EUVD
added 2026/06/22 9:4 p.m.6 views

EUVD-2026-38372

Capgo backend Supabase edge functions before 12.128.2 does not apply the global authentication middleware to the GET /private/rolebindings/:orgid endpoint, unlike the POST and DELETE rolebindings routes, so unauthenticated requests reach the handler instead of being rejected at the middleware...

6.9CVSS5.9AI score0.00322EPSS
Exploits0References2
NVD
NVD
added 2026/06/22 4:16 p.m.12 views

CVE-2026-9072

IBM WebSphere Application Server and IBM WebSphere Application Server Liberty - when using Intelligent Management with the WebSphere WebServer Plug-in component - are vulnerable to remote code execution and denial of service. This vulnerability can be exploited when an attacker impersonates backe...

9.8CVSS0.00409EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 3:58 p.m.50 views

CVE-2026-55602

The CVE-2026-55602 issue affects http-proxy-middleware (Node.js) versions 0.16.0 through 2.0.10, 3.0.6, and 4.1.0. The host+path router uses unanchored substring matching on attacker-controlled request metadata, enabling a crafted Host header that is a superstring match for a configured key to ro...

8.6CVSS5.9AI score0.0034EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/22 3:58 p.m.4 views

CVE-2026-55602

http-proxy-middleware is node.js http-proxy middleware. From 0.16.0 until 2.0.10, 3.0.6, and 4.1.0, http-proxy-middleware documents router proxy-table entries as host, path, or host+path selectors, but the host+path implementation uses unanchored substring matching on attacker-controlled request...

6.9CVSS5.9AI score0.0034EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/06/22 2:21 p.m.34 views

CVE-2026-9072 WebSphere Application Server is Affected By Denial of Service, HTTP Request Smuggling, and Remote Code Execution Vulnerabilities in IBM WebSphere Application Server Liberty [, , , , ]

IBM WebSphere Application Server and IBM WebSphere Application Server Liberty - when using Intelligent Management with the WebSphere WebServer Plug-in component - are vulnerable to remote code execution and denial of service. This vulnerability can be exploited when an attacker impersonates backe...

8.1CVSS0.00409EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 2:21 p.m.4 views

CVE-2026-9072

IBM WebSphere Application Server and IBM WebSphere Application Server Liberty - when using Intelligent Management with the WebSphere WebServer Plug-in component - are vulnerable to remote code execution and denial of service. This vulnerability can be exploited when an attacker impersonates backe...

9.8CVSS6.5AI score0.00409EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/22 2:17 p.m.10 views

CVE-2026-42129

The Loki datasource plugin's callResource handler contains a path traversal vulnerability. An authenticated Viewer-role user can escape the plugin's resource sandbox and access administrative Loki endpoints e.g. /config, /services, /ready to extract sensitive backend configuration and internal...

7.7CVSS0.00394EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 1:18 p.m.21 views

CVE-2026-42129

The CVE describes a path traversal vulnerability in the Loki datasource plugin (callResource handler). An authenticated Viewer-role user can escape the plugin’s resource sandbox and reach administrative Loki endpoints (for example, /config, /services, /ready) to exfiltrate sensitive backend confi...

7.7CVSS5.9AI score0.00394EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/22 1:18 p.m.6 views

EUVD-2026-38241

The Loki datasource plugin's callResource handler contains a path traversal vulnerability. An authenticated Viewer-role user can escape the plugin's resource sandbox and access administrative Loki endpoints e.g. /config, /services, /ready to extract sensitive backend configuration and internal...

7.7CVSS5.9AI score0.00394EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 1:18 p.m.31 views

CVE-2026-42129 Path Traversal in Loki Datasource leads to Internal Information Disclosure

The Loki datasource plugin's callResource handler contains a path traversal vulnerability. An authenticated Viewer-role user can escape the plugin's resource sandbox and access administrative Loki endpoints e.g. /config, /services, /ready to extract sensitive backend configuration and internal...

7.7CVSS0.00394EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/06/22 1:18 p.m.5 views

CVE-2026-42129

The Loki datasource plugin's callResource handler contains a path traversal vulnerability. An authenticated Viewer-role user can escape the plugin's resource sandbox and access administrative Loki endpoints e.g. /config, /services, /ready to extract sensitive backend configuration and internal...

7.7CVSS5.9AI score0.00394EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/22 4:44 a.m.5 views

poppler: Integer overflow in Poppler SplashOutputDev::tilingPatternFill leads to heap buffer overflow via unchecked dimension multiplication

A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the tilingPatternFill function. This overflow leads to an undersized heap memory allocation, allowing a subsequent...

7.8CVSS6.1AI score0.00252EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/22 3:56 a.m.5 views

poppler: Integer overflow in Poppler SplashOutputDev::tilingPatternFill leads to heap buffer overflow via unchecked dimension multiplication

A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the tilingPatternFill function. This overflow leads to an undersized heap memory allocation, allowing a subsequent...

7.8CVSS6.1AI score0.00252EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/22 3:21 a.m.8 views

poppler: Integer overflow in Poppler SplashOutputDev::tilingPatternFill leads to heap buffer overflow via unchecked dimension multiplication

A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the tilingPatternFill function. This overflow leads to an undersized heap memory allocation, allowing a subsequent...

7.8CVSS6.1AI score0.00252EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/22 3:12 a.m.6 views

poppler: Integer overflow in Poppler SplashOutputDev::tilingPatternFill leads to heap buffer overflow via unchecked dimension multiplication

A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the tilingPatternFill function. This overflow leads to an undersized heap memory allocation, allowing a subsequent...

7.8CVSS6.1AI score0.00252EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/22 2:41 a.m.4 views

poppler: Integer overflow in Poppler SplashOutputDev::tilingPatternFill leads to heap buffer overflow via unchecked dimension multiplication

A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the tilingPatternFill function. This overflow leads to an undersized heap memory allocation, allowing a subsequent...

7.8CVSS6.1AI score0.00252EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.5 views

Amazon Linux 2023 : poppler, poppler-cpp, poppler-cpp-devel (ALAS2023-2026-1852)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1852 advisory. A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the...

7.8CVSS6.1AI score0.00252EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.8 views

PT-2026-51350

Name of the Vulnerable Software and Affected Versions IBM i versions 7.3 through 7.6 IBM WebSphere Application Server affected versions not specified IBM WebSphere Application Server Liberty affected versions not specified Description Remote code execution and denial of service are possible when...

9.8CVSS6.3AI score0.00409EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/21 5:6 a.m.8 views

Authentication Bypass Using an Alternate Path or Channel

Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via exception handling in the MCP proxy authentication flow. An attacker can bypass authentication by supplying an...

9.8CVSS7.8AI score0.00612EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/20 12:34 a.m.8 views

EUVD-2026-38094

Capgo before 12.128.2 contains a flaw in the Enforce Password Policy feature: after a Super Admin enables the policy and successfully changes their password to a compliant one, the backend does not update the password-compliance state. As a result, the backend continues to treat the account as...

6.9CVSS5.9AI score0.00299EPSS
Exploits0References3
Rows per page
Query Builder