Lucene search
+L

1078 matches found

CVE
CVE
added yesterday40 views

CVE-2026-48978

The CVE-2026-48978 issue affects the oras-go library prior to 2.6.1, where auth.Client can follow the registry’s Bearer challenge realm without validating the scheme/host. This enables a malicious or compromised registry to trigger SSRF to internal networks (e.g., 169.254.169.254, 10.0.0.x, 127.0...

2.1CVSS5.2AI score
Exploits0References3
Cvelist
Cvelist
added yesterday13 views

CVE-2026-48978 oras-go: Malicious registry can hijack Bearer token realm to exfiltrate credentials and refresh tokens

oras-go is a Go library for managing OCI artifacts. Prior to 2.6.1, auth.Client follows the realm URL from a registry's WWW-Authenticate: Bearer challenge without validating the scheme or host, allowing a malicious or compromised registry to cause SSRF to internal networks such as...

2.1CVSS
Exploits0References3
Ubuntu
Ubuntu
added 2 days ago6 views

USN-8555-1: Ubuntu Advantage Tools (pro client) vulnerabilities

Bilal Teke discovered that Ubuntu Advantage Tools exposed the Pro bearer token in command-line arguments when validating APT credentials. A local attacker could possibly use this issue to obtain sensitive information and gain unauthorized access to Ubuntu Pro repositories. CVE-2026-9494 Frederick...

9CVSS6.3AI score0.00317EPSS
Exploits0
CVE
CVE
added 2 days ago15 views

CVE-2026-9494

An information disclosure vulnerability in Canonical ubuntu-pro-client (formerly ubuntu-advantage-tools) allows the secret bearer token to be exposed in a cleartext URL when /usr/lib/apt/apt-helper uses the download-file command. The token is embedded in the URL passed via argv (e.g., bearer:@esm...

5.5CVSS6.1AI score0.00103EPSS
Exploits0References1
Nuclei
Nuclei
added 2 days ago13 views

Apache Kafka Client - Arbitrary File Read

Apache Kafka Client contains arbitrary file read and server-side request forgery caused by untrusted configuration of sasl.oauthbearer.token.endpoint.url and sasl.oauthbearer.jwks.endpoint.url, letting attackers read files or send requests to unintended locations, exploit requires untrusted party...

7.5CVSS7AI score0.62368EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2 days ago6 views

CVE-2026-15075

A flaw was found in Eclipse Vert.x. The DefaultRedirectHandler in vertx-core improperly handles HTTP 30x redirects by propagating all request headers, including sensitive authentication and session credentials, to cross-origin redirect destinations. An attacker can exploit this by redirecting a...

8.2CVSS6AI score0.00141EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2 days ago8 views

PT-2026-60465

Name of the Vulnerable Software and Affected Versions ubuntu-pro-client affected versions not specified Description An information disclosure issue exists where the client validates Ubuntu Pro APT credentials by executing the /usr/lib/apt/apt-helper using the download-file command. The secret...

5.5CVSS6.1AI score0.00103EPSS
Exploits0References5
NVD
NVD
added 3 days ago6 views

CVE-2026-52869

The MCP Python SDK, called mcp on PyPI, is a Python implementation of the Model Context Protocol MCP. Prior to 1.27.2, the SSE and stateful Streamable HTTP transports mcp.server.sse.SseServerTransport and mcp.server.streamablehttpmanager.StreamableHTTPSessionManager route requests to existing...

7.1CVSS0.00251EPSS
Exploits0References6
CVE
CVE
added 3 days ago20 views

CVE-2026-52869

The MCP Python SDK (mcp on PyPI) has a vulnerability affecting versions prior to 1.27.2 in its SSE and stateful Streamable HTTP transports. These transports (mcp.server.sse.SseServerTransport and mcp.server.streamable_http_manager.StreamableHTTPSessionManager) route requests to an existing sessio...

7.1CVSS6.1AI score0.00251EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 3 days ago36 views

CVE-2026-52869 MCP Python SDK: HTTP transports serve session requests without verifying the authenticated principal

The MCP Python SDK, called mcp on PyPI, is a Python implementation of the Model Context Protocol MCP. Prior to 1.27.2, the SSE and stateful Streamable HTTP transports mcp.server.sse.SseServerTransport and mcp.server.streamablehttpmanager.StreamableHTTPSessionManager route requests to existing...

7.1CVSS0.00251EPSS
Exploits0References6
NVD
NVD
added 3 days ago6 views

CVE-2026-56764

Hono before 4.11.10 contains a timing attack vulnerability in the basicAuth and bearerAuth middlewares due to non-constant-time string comparison in the timingSafeEqual function. Attackers can exploit early termination of string equality checks to infer valid credentials through precise timing...

6.3CVSS0.00229EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-56764 Hono - Timing Attack in basicAuth and bearerAuth Middleware

Hono before 4.11.10 contains a timing attack vulnerability in the basicAuth and bearerAuth middlewares due to non-constant-time string comparison in the timingSafeEqual function. Attackers can exploit early termination of string equality checks to infer valid credentials through precise timing...

6.3CVSS0.00229EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago4 views

EUVD-2026-44631

Hono before 4.11.10 contains a timing attack vulnerability in the basicAuth and bearerAuth middlewares due to non-constant-time string comparison in the timingSafeEqual function. Attackers can exploit early termination of string equality checks to infer valid credentials through precise timing...

6.3CVSS6.1AI score0.00229EPSS
Exploits0References2
OSV
OSV
added 3 days ago4 views

CVE-2026-56764 Hono - Timing Attack in basicAuth and bearerAuth Middleware

Hono before 4.11.10 contains a timing attack vulnerability in the basicAuth and bearerAuth middlewares due to non-constant-time string comparison in the timingSafeEqual function. Attackers can exploit early termination of string equality checks to infer valid credentials through precise timing...

6.3CVSS6.1AI score0.00229EPSS
Exploits0References4
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-44608

Missing Authorization CWE-862 in BankAccountListController app/Http/Controllers/Api/BankAccount/BankAccountListController.php, exposed at GET /api/bank-account, in Prospero Flow CRM companyid-get, performing only company scoping and no role or permission check before returning the data. This...

8.7CVSS6.2AI score0.00413EPSS
Exploits0References3
Cvelist
Cvelist
added 3 days ago35 views

CVE-2026-59235 Missing authorization in Prospero Flow CRM allows low-privileged users to read all bank accounts

Missing Authorization CWE-862 in BankAccountListController app/Http/Controllers/Api/BankAccount/BankAccountListController.php, exposed at GET /api/bank-account, in Prospero Flow CRM companyid-get, performing only company scoping and no role or permission check before returning the data. This...

8.7CVSS0.00413EPSS
Exploits0References3
CVE
CVE
added 3 days ago9 views

CVE-2026-59235

CVE-2026-59235 describes a missing authorization check in Prospero Flow CRM company_id)->get(), enabling any authenticated, low-privilege user to read all bank accounts within their company. The vulnerability exposes sensitive data (IBAN, SWIFT/BIC, account identifiers) without role/permission...

8.7CVSS6.2AI score0.00413EPSS
Exploits0References3
NVD
NVD
added 4 days ago5 views

CVE-2026-11403

A vulnerability in Sonatype Nexus Repository Manager's format-specific API key generation may allow a remote attacker to gain unauthorized access to repository operations as a targeted user. A format-specific API key realm NuGet API Key, Docker Bearer Token, or npm Bearer Token must be enabled an...

8.7CVSS0.00349EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago26 views

CVE-2026-15075

In Eclipse Vert.x versions up to and including 4.5.29 4.x branch and 5.1.4 5.x branch, DefaultRedirectHandler vertx-core propagates all request headers as-is across cross-origin HTTP 30x redirects. Only Content-Length is stripped; no origin comparison scheme, host, port is performed before copyin...

8.2CVSS0.00141EPSS
Exploits0References1
OSV
OSV
added 4 days ago4 views

CVE-2026-15075

In Eclipse Vert.x versions up to and including 4.5.29 4.x branch and 5.1.4 5.x branch, DefaultRedirectHandler vertx-core propagates all request headers as-is across cross-origin HTTP 30x redirects. Only Content-Length is stripped; no origin comparison scheme, host, port is performed before copyin...

8.2CVSS6.2AI score0.00141EPSS
Exploits0References4
Rows per page
Query Builder