Lucene search
K

4824 matches found

CVE
CVE
added 2026/06/22 3:30 p.m.22 views

CVE-2026-54267

Summary: Angular’s SSR hydration uses a state element with a predictable id (ng-state). In versions prior to 22.0.1, 21.2.17, and 20.3.25, an attacker could DOM-clobber by injecting an element with that id before the legitimate [removed] tag is parsed, causing Angular to parse forged JSON from Tr...

8.6CVSS5.9AI score0.00179EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/22 3:30 p.m.35 views

CVE-2026-54267 Angular Client Hydration DOM Clobbering & Response-Cache Poisoning

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, to optimize client-side bootstrap in Server-Side Rendered SSR environments, Angular supports Hydration via...

8.6CVSS0.00179EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/22 2:33 p.m.31 views

CVE-2024-51454 IBM Engineering Lifecycle Management - Engineering Workflow Management is impacted by vulnerabilities Host Header Injection observed

IBM Engineering Workflow Management 7.0.2 through 7.0.2 Interim Fix 035, 7.0.3 through 7.0.3 Interim Fix 017, and 7.1 through 7.1 Interim Fix 004 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various...

6.5CVSS0.00181EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 2:33 p.m.11 views

CVE-2024-51454

Affected product: IBM Engineering Workflow Management (part of IBM Engineering Lifecycle Management). The vulnerability is a free-form HTTP header injection in HOST header parsing due to input validation weaknesses. Affected versions are 7.0.2 (with Interim Fix 035), 7.0.3 (IFix 017), and 7.1 (IF...

6.5CVSS5.8AI score0.00181EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/22 2:33 p.m.7 views

EUVD-2024-55644

IBM Engineering Workflow Management 7.0.2 through 7.0.2 Interim Fix 035, 7.0.3 through 7.0.3 Interim Fix 017, and 7.1 through 7.1 Interim Fix 004 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various...

6.5CVSS5.8AI score0.00181EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.13 views

PT-2026-51324

Name of the Vulnerable Software and Affected Versions IBM Engineering Workflow Management versions 7.0.2 through 7.0.2 Interim Fix 035 IBM Engineering Workflow Management versions 7.0.3 through 7.0.3 Interim Fix 017 IBM Engineering Workflow Management versions 7.1 through 7.1 Interim Fix 004...

6.5CVSS5.7AI score0.00181EPSS
Exploits0References3
OSV
OSV
added 2026/06/19 8:47 p.m.5 views

GHSA-X845-2F78-7V36 Blocky DNSSEC validation bypass and validation-cache scope pollution

Summary Blocky accepts and caches forged DNS answers while dnssec.validate: true is enabled. The issue has two related exploit paths: 1. Basic DNSSEC validation bypass. If an untrusted upstream returns an unsigned positive answer for a DNSSEC-signed public domain, Blocky classifies the response a...

8.6CVSS5.9AI score
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in dnsmasq

A flaw was discovered in dnsmasq in versions prior to 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, who can determine the outgoing port used by dnsmasq, only needs to guess the random...

4.3CVSS6.7AI score0.01988EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Waitress

In Waitress version 1.4.0, if a proxy server is used in front of Waitress, an attacker may send an invalid request that bypasses the front-end and is parsed differently by Waitress. This could lead to HTTP request smuggling. Specifically, requests containing special whitespace characters in the...

8.2CVSS6.3AI score0.02587EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in libhttp-daemon-perl

HTTP::Daemon is a simple HTTP server class written in Perl. Versions prior to 6.15 are vulnerable to a vulnerability that could potentially be exploited to gain privileged access to APIs or corrupt intermediate caches. It’s unclear how severe these risks are; most Perl-based applications are serv...

7.3CVSS6.5AI score0.02108EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in bind9

BIND 9.11.0 - 9.11.36 9.12.0 - 9.16.26 9.17.0 - 9.18.0 BIND supports the following preview editions: 9.11.4-S1 - 9.11.36-S1 9.16.8-S1 - 9.16.26-S1 Versions of BIND 9 that are earlier than those shown—going back to 9.1.0, including the supported preview editions—are also believed to be affected, b...

6.8CVSS6.7AI score0.0325EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Firefox

The fetch API and navigation incorrectly shared the same cache, as the cache key did not include the optional headers that fetch might contain. Under the correct circumstances, an attacker could have been able to corrupt the local browser cache by using a fetch response controlled by these...

9.8CVSS6.9AI score0.00382EPSS
Exploits1References2
OSV
OSV
added 2026/06/18 2:32 p.m.3 views

SUSE-SU-2026:22160-1 Security update for unbound

This update for unbound fixes the following issues - CVE-2026-32792: Packet of death with DNSCrypt bsc1265583. - CVE-2026-33278: Possible remote code execution during DNSSEC validation bsc1265587. - CVE-2026-40622: "Ghost domain name" variant bsc1265581. - CVE-2026-41292: Parsing a long list of...

10CVSS6.5AI score0.01272EPSS
Exploits0References23
OSV
OSV
added 2026/06/18 2:32 p.m.2 views

SUSE-SU-2026:22213-1 Security update for unbound

This update for unbound fixes the following issues - CVE-2026-32792: Packet of death with DNSCrypt bsc1265583. - CVE-2026-33278: Possible remote code execution during DNSSEC validation bsc1265587. - CVE-2026-40622: "Ghost domain name" variant bsc1265581. - CVE-2026-41292: Parsing a long list of...

10CVSS6.5AI score0.01272EPSS
Exploits0References23
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.8 views

Drupal 10.5.x < 10.5.12 / 10.6.x < 10.6.11 / 11.2.x < 11.2.14 / 11.3.x < 11.3.12 Multiple Vulnerabilities (drupal-2026-06-17)

According to its self-reported version, the instance of Drupal running on the remote web server is 10.5.x prior to 10.5.12, 10.6.x prior to 10.6.11, 11.2.x prior to 11.2.14, or 11.3.x prior to 11.3.12. It is, therefore, affected by multiple vulnerabilities. - Drupal core contains a chain of metho...

6.3AI score
Exploits0References19
RedhatCVE
RedhatCVE
added 2026/06/17 11:9 p.m.7 views

CVE-2026-9679

A flaw was found in undici. The cookie parser in the parseSetCookie function incorrectly decodes cookie values, which is contrary to standard specifications. This vulnerability allows an attacker-controlled upstream to inject arbitrary HTTP response headers, such as Set-Cookie, Location, or...

5.9CVSS5AI score0.00257EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/17 11:5 p.m.10 views

io.netty/netty-resolver-dns: Netty has Insufficient Bailiwick Validation for NS Records

A flaw was found in Netty's DnsResolveContext. An attacker controlling an authoritative name server for a subdomain can exploit this vulnerability by providing crafted NS records that are insufficiently validated. This allows the attacker to poison the DNS cache for parent domains, bypassing...

10CVSS5.3AI score0.00292EPSS
Exploits0References7
NVD
NVD
added 2026/06/17 8:17 p.m.11 views

CVE-2026-54387

Tinyproxy through 1.11.3, fixed in commit ff45d3b, fails to reconcile conflicting Content-Length and Transfer-Encoding: chunked headers, forwarding both verbatim to the backend while using Content-Length to determine how many request body bytes to consume. Remote attackers can desynchronize the...

9.3CVSS0.00439EPSS
Exploits0References4
NVD
NVD
added 2026/06/17 8:17 p.m.11 views

CVE-2026-54388

Tinyproxy through 1.11.3, fixed in commit 364cdb6, fails to reject requests containing multiple Content-Length headers with differing values, forwarding all duplicate headers to the backend while using the first value to determine how many request body bytes to consume. Remote attackers can...

9.3CVSS0.00439EPSS
Exploits0References4
OSV
OSV
added 2026/06/17 8:17 p.m.4 views

DEBIAN-CVE-2026-54387

Tinyproxy through 1.11.3, fixed in commit ff45d3b, fails to reconcile conflicting Content-Length and Transfer-Encoding: chunked headers, forwarding both verbatim to the backend while using Content-Length to determine how many request body bytes to consume. Remote attackers can desynchronize the...

9.3CVSS5.6AI score0.00439EPSS
Exploits0References1
Rows per page
Query Builder