Lucene search
K

377 matches found

Nuclei
Nuclei
added 9 hours ago13 views

phpMyFAQ <= 4.1.1 - SQL Injection

phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector and BuiltinCaptcha::saveCaptcha methods that interpolate unsanitized User-Agent headers into DELETE and INSERT queries. Unauthenticated attackers can exploit the public GET /api/captc...

9.8CVSS5.9AI score0.01709EPSS
Exploits0References3
CVE
CVE
added 2 days ago14 views

CVE-2026-44936

CVE-2026-44936 describes an SSRF risk in SUSE Rancher Fleet’s bundle reader when the helmRepoURLRegex field is not set on a GitRepo. The vulnerability allows forwarding Helm authentication credentials (BasicAuth) to any URL specified in the fleet.yaml helm.repo field, potentially leaking admin cr...

5CVSS6AI score0.0037EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago30 views

CVE-2026-44936 Rancher Fleet SSRF in Bundle Reader via Unvalidated Helm Repository URL in fleet.yaml

Missing filtering when the helmRepoURLRegex field isn't set on a GitRepo resource in SUSE Rancher Fleet's bundle reader in 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 forwards Helm authentication credentials BasicAuth to any URL specified in the helm.repo...

5CVSS0.0037EPSS
Exploits0References1
Snyk
Snyk
added 5 days ago7 views

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the Authorization header handling process. An attacker can cause sensitive authentication information to be sent to an unintended origin by reusing a handle for transfers to different HTTP origins...

9.8CVSS6AI score0.00754EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 6 days ago15 views

PT-2026-55464

Name of the Vulnerable Software and Affected Versions kerberos-io/agent versions prior to 3.6.26 Description An issue exists in the Kerberos Hub upload path where the agent sends credentials in the custom X-Kerberos-Hub-PrivateKey and X-Kerberos-Hub-PublicKey request headers to the...

6.9CVSS6AI score
Exploits0References5
Snyk
Snyk
added last week3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the helm.repo process when the helmRepoURLRegex field is not set on a GitRepo resource. An attacker with git push access to a monitored repository can cause the system to forward Helm authentication...

5.3CVSS6.1AI score0.0037EPSS
Exploits0References2
OSV
OSV
added last week3 views

GHSA-HX4V-CXPF-VH8M Rancher Fleet has SSRF in Bundle Reader via Unvalidated Helm Repository URL in fleet.yaml

Impact A vulnerability has been identified in Fleet when the helmRepoURLRegex field isn't set on a GitRepo resource. Fleet's bundle reader forwards Helm authentication credentials BasicAuth to any URL specified in the helm.repo field of a fleet.yaml file. An attacker with git push access to a...

5CVSS5.8AI score0.0037EPSS
Exploits0References2
Cvelist
Cvelist
added last week30 views

CVE-2026-13211 Genucenter Disclosure of SNMP Credentials

The genucenter web interface before version 8.0p11 unnecessarily exposes sensitive SNMP authentication and encryption keys in its HTTP responses to users with the “Service” or “Admin” role...

4.3CVSS0.00139EPSS
Exploits0References1
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-413 Meta Ads MCP: Unauthenticated HTTP MCP Tool Execution Leaks Operator Meta Access Token

Unauthenticated HTTP MCP Tool Execution Leaks Operator Meta Access Token | Field | Value | | ---------------- | ----- | | Repository | pipeboard-co/meta-ads-mcp | | Affected version | ≤ 1.0.101 commit 496c988 7d14226; Versions 1.0.102–1.0.105 lack git tags, so patch status is unconfirmed. | |...

9.1CVSS6AI score0.0013EPSS
Exploits0References6
OSV
OSV
added 2026/06/26 10:43 p.m.3 views

GHSA-QVQC-4C52-X6QP regclient may leak authentication credentials to external blob stores

Credentials for a registry may be inadvertently leaked to external servers. A prerequisite for this attack is a malicious registry server, a malicious blob store, or a registry that does not restrict the external URLs for foreign blobs. Example attack A malicious registry serves an OCI image...

6.8CVSS5.7AI score
Exploits0References2
OSV
OSV
added 2026/06/26 8:42 a.m.5 views

BIT-GRAFANA-2026-10601 Path Traversal in Tempo and Loki Data Source Plugins — Credential Leakage and Admin Endpoint Access

The Tempo and Loki datasource plugins construct backend HTTP requests by interpolating user-supplied input into URL paths without sanitization, enabling path traversal. A Viewer-role user can: 1 capture admin-configured datasource credentials secureJsonData custom headers by traversing to an...

5.4CVSS5.8AI score0.00258EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/25 11:8 p.m.7 views

CVE-2026-41715

A flaw was found in Reactor Netty HTTP client. In specific scenarios, a remote attacker could exploit this vulnerability when the HTTP client is explicitly configured to follow redirects from a secure endpoint to an insecure one. This could lead to the leakage of sensitive credentials. Mitigation...

6.5CVSS5.9AI score0.00172EPSS
Exploits0References4
CVE
CVE
added 2026/06/23 6:6 p.m.16 views

CVE-2026-54323

CVE-2026-54323 describes a vulnerability in Daytona prior to 0.185.0 where the daemon’s git clone path disabled TLS certificate verification. When a clone carried Git credentials, the daemon sent the HTTP Basic Authorization header to the remote over an unvalidated TLS connection on both the go-g...

5.9CVSS6.4AI score0.00117EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/23 1:28 p.m.13 views

CVE-2026-54276

A flaw was found in aiohttp, an asynchronous HTTP client/server framework for asyncio and Python. The DigestAuthMiddleware component can send an authentication response after following a cross-origin redirect. This could allow a remote attacker, in conjunction with an open redirect vulnerability ...

6.3CVSS5.7AI score0.00178EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-50184

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.1...

6.1CVSS6AI score0.0015EPSS
Exploits0References3
NVD
NVD
added 2026/06/22 6:16 p.m.11 views

CVE-2026-50184

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, an issue in the @angular/service-worker package compromises the integrity of request-policy enforcement during...

6.1CVSS0.0015EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/22 3:42 p.m.6 views

CVE-2026-50184

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, an issue in the @angular/service-worker package compromises the integrity of request-policy enforcement during...

6.1CVSS5.8AI score0.0015EPSS
Exploits0
CVE
CVE
added 2026/06/22 3:42 p.m.17 views

CVE-2026-50184

Summary (CVE-2026-50184) : The vulnerability affects the Angular ecosystem, specifically the @angular/service-worker package. When the service worker reconstructs outbound requests, an internal helper strips client-specified safety parameters (credentials: omit and cache: no-store), reverting the...

6.1CVSS5.9AI score0.0015EPSS
Exploits0References2Affected Software1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Ansible

A flaw was discovered in the ansible-connection module of Ansible Engine, where sensitive information such as Ansible user credentials is disclosed by default in the traceback error message. The greatest threat posed by this vulnerability is related to confidentiality...

5.5CVSS6.7AI score0.00384EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Ansible

A flaw was discovered in Ansible. Credentials, such as secrets, are being disclosed in the console logs by default, and are not protected by the nolog feature when using those modules. An attacker can exploit this information to steal those credentials. The greatest threat posed by this...

5.5CVSS6.8AI score0.00347EPSS
Exploits0References2
Rows per page
Query Builder