Lucene search
+L

19544 matches found

CVE
CVE
added yesterday47 views

CVE-2026-48022

The CVE concerns @hapi/wreck, an HTTP client utility. Before version 18.1.2, it forwarded credential headers (Authorization, Cookie, Proxy-Authorization) across cross-origin redirects because the origin check only compared hostnames and ignored scheme and port. This allowed credentials to flow ac...

6.5CVSS5.3AI score0.0001EPSS
Exploits0References4
CVE
CVE
added yesterday11 views

CVE-2026-13445

Langflow OSS (IBM Langflow) versions 1.0.0–1.10.1 are affected by CVE-2026-13445 due to a SaveToFile flaw that allows an authenticated attacker to read and modify another user’s uploaded files by supplying absolute paths to victim storage locations. In append mode, attacker reads victim data, app...

8.1CVSS5.6AI score
Exploits0References1
CVE
CVE
added yesterday33 views

CVE-2026-50151

CVE-2026-50151 affects oras-go prior to 2.6.1. During monolithic blob uploads, blobStore.completePushAfterInitialPost reuses the initial POST’s Authorization header for a subsequent PUT, while following a registry-controlled Location header. A malicious registry can return a cross-host Location a...

7.5CVSS5.3AI score
Exploits0References4
Cvelist
Cvelist
added yesterday13 views

CVE-2026-50151 oras-go: credential forwarding via unvalidated Location header in blob upload

oras-go is a Go library for managing OCI artifacts. Prior to 2.6.1, registry/remote/repository.go in blobStore.completePushAfterInitialPost follows a registry-controlled Location header during monolithic blob upload and reuses the Authorization header from the initial POST request for the...

7.5CVSS
Exploits0References4
Cvelist
Cvelist
added yesterday13 views

CVE-2026-48978 oras-go: Malicious registry can hijack Bearer token realm to exfiltrate credentials and refresh tokens

oras-go is a Go library for managing OCI artifacts. Prior to 2.6.1, auth.Client follows the realm URL from a registry's WWW-Authenticate: Bearer challenge without validating the scheme or host, allowing a malicious or compromised registry to cause SSRF to internal networks such as...

2.1CVSS
Exploits0References3
Nuclei
Nuclei
added yesterday115 views

Cobbler - Authentication Bypass

Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ and possibly even older versions, may be vulnerable to an authentication bypass vulnerability in XMLRPC API /cobblerapi that can result in privilege escalation, data manipulation or exfiltration, and LDAP credential harvesting...

9.8CVSS8AI score0.12484EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday16 views

D-Link DIR-803 - Authentication Bypass

An authentication bypass vulnerability exists in D-Link DIR-803 routers firmware A1 1.04 and earlier. By manipulating the AUTHORIZEDGROUP parameter in /getcfg.php via newline injection, an attacker can retrieve XML configuration containing administrator credentials without authentication. id:...

7.5CVSS6.1AI score0.03559EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday51 views

Kaseya VSA < 9.5.7 - Credential Disclosure via Windows Agent

Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. By default Kaseya VSA on premise offers a download page where the clients for the installation can be downloaded. The default URL for this page is https://x.x.x.x/dl.asp When an attacker download a client...

10CVSS8.5AI score0.85619EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday74 views

EyouCMS 1.5.4 Open Redirect

EyouCMS 1.5.4 is vulnerable to an Open Redirect vulnerability. An attacker can redirect a user to a malicious url via the Logout function. id: CVE-2021-39501 info: name: EyouCMS 1.5.4 Open Redirect author: 0xAkoko severity: medium description: EyouCMS 1.5.4 is vulnerable to an Open Redirect...

6.1CVSS6.2AI score0.03604EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday52 views

Pritunl VPN Server 1.29.2145.25 - Username Enumeration

Pritunl 1.29.2145.25 contains a username enumeration issue caused by different error responses in /auth/session login attempts, letting attackers verify valid usernames, exploit requires network access to the login endpoint. id: CVE-2020-25200 info: name: Pritunl VPN Server 1.29.2145.25 - Usernam...

5.3CVSS5.7AI score0.0747EPSS
Exploits1References1
Nuclei
Nuclei
added yesterday41 views

MantisBT < 2.25.2 - Cross-Site Scripting

MantisBT before 2.25.2 contains a cross-site scripting vulnerability in browsersearchplugin.php. The application does not properly sanitize the 'type' parameter, which allows attackers to inject arbitrary web script or HTML via a crafted URL. id: CVE-2022-28508 info: name: MantisBT 2.25.2 -...

6.1CVSS6AI score0.05227EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday82 views

kkFileView 4.1.0 - Cross-Site Scripting

kkFileView 4.1.0 contains multiple cross-site scripting vulnerabilities via the errorMsg parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and...

6.1CVSS6.1AI score0.01131EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday31 views

FortiOS - Insecure LDAP Configuration Detection

The FortiGate LDAP configuration was detected to be insecure due to missing ca-cert, secure LDAPS, or server-identity-check, potentially exposing LDAP communications to credential interception or man-in-the-middle attacks under specific network conditions. id: CVE-2019-5591 info: name: FortiOS -...

6.5CVSS7.2AI score0.18566EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday69 views

Haraj 3.7 - Cross-Site Scripting

Haraj 3.7 contains a cross-site scripting vulnerability in the User Upgrade Form. An attacker can inject malicious script and thus steal authentication credentials and launch other attacks. id: CVE-2022-31299 info: name: Haraj 3.7 - Cross-Site Scripting author: edoardottt severity: medium...

6.1CVSS5.9AI score0.04731EPSS
Exploits2References5
NVD
NVD
added yesterday5 views

CVE-2026-62211

OpenClaw versions before 2026.6.1 contain a credential redaction bypass vulnerability in the trajectory export feature that allows lower-trust callers to access data that should remain within trusted boundaries. Attackers can exploit misconfigured input paths or feature accessibility to expose...

5CVSS0.00117EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-62214

OpenClaw versions before 2026.5.28 Bot Framework contains an improper input validation vulnerability that allows lower-trust callers to expose bot tokens and credentials by failing to properly validate serviceUrl parameters. Attackers can supply malicious serviceUrl values through configured inpu...

6.5CVSS6.1AI score0.00308EPSS
Exploits0References3
CVE
CVE
added yesterday10 views

CVE-2026-62214

OpenClaw Bot Framework (versions before 2026.5.28) contains an input validation flaw in serviceUrl parameters that enables SSRF-style access by lower-trust callers. This misvalidation can allow retrieval of bot tokens and credentials by supplying malicious serviceUrl values through configured inp...

6.5CVSS6.1AI score0.00308EPSS
Exploits0References2
EUVD
EUVD
added yesterday6 views

EUVD-2026-45099

OpenClaw versions before 2026.6.1 contain a credential redaction bypass vulnerability in the trajectory export feature that allows lower-trust callers to access data that should remain within trusted boundaries. Attackers can exploit misconfigured input paths or feature accessibility to expose...

5CVSS6.1AI score0.00117EPSS
Exploits0References2
CVE
CVE
added yesterday8 views

CVE-2026-62211

OpenClaw versions prior to 2026.6.1 expose a credential redaction bypass in the trajectory export feature. The flaw allows lower-trust callers to access data that should remain within trusted boundaries by exploiting misconfigured input paths or feature accessibility in the export mechanism. Affe...

5CVSS6.1AI score0.00117EPSS
Exploits0References2
NVD
NVD
added 2 days ago6 views

CVE-2026-46514

Frogman provides headless PBX control through MCP and HTTP API. Prior to 1.6.2, fmresetpassword in Tools/ResetPassword.php:48-53 returned a plaintext password and fmaddextension in Tools/AddExtension.php:172 returned a plaintext secret; Frogman.class.php:2207-2211 used auditOutcome to JSON-encode...

6.5CVSS0.0026EPSS
Exploits0References4
Rows per page
Query Builder