Lucene search
K

371 matches found

Cvelist
Cvelist
added yesterday16 views

CVE-2026-13211 Genucenter Disclosure of SNMP Credentials

The genucenter web interface before version 8.0p11 unnecessarily exposes sensitive SNMP authentication and encryption keys in its HTTP responses to users with the “Service” or “Admin” role...

4.3CVSS
Exploits0References1
Nuclei
Nuclei
added yesterday12 views

phpMyFAQ <= 4.1.1 - SQL Injection

phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector and BuiltinCaptcha::saveCaptcha methods that interpolate unsanitized User-Agent headers into DELETE and INSERT queries. Unauthenticated attackers can exploit the public GET /api/captc...

9.8CVSS5.8AI score0.01709EPSS
Exploits0References3
OSV
OSV
added 3 days ago5 views

PYSEC-2026-413 Meta Ads MCP: Unauthenticated HTTP MCP Tool Execution Leaks Operator Meta Access Token

Unauthenticated HTTP MCP Tool Execution Leaks Operator Meta Access Token | Field | Value | | ---------------- | ----- | | Repository | pipeboard-co/meta-ads-mcp | | Affected version | ≤ 1.0.101 commit 496c988 7d14226; Versions 1.0.102–1.0.105 lack git tags, so patch status is unconfirmed. | |...

9.1CVSS6AI score0.0013EPSS
Exploits0References6
OSV
OSV
added 6 days ago3 views

GHSA-QVQC-4C52-X6QP regclient may leak authentication credentials to external blob stores

Credentials for a registry may be inadvertently leaked to external servers. A prerequisite for this attack is a malicious registry server, a malicious blob store, or a registry that does not restrict the external URLs for foreign blobs. Example attack A malicious registry serves an OCI image...

6.8CVSS5.7AI score
Exploits0References2
OSV
OSV
added 6 days ago5 views

BIT-GRAFANA-2026-10601 Path Traversal in Tempo and Loki Data Source Plugins — Credential Leakage and Admin Endpoint Access

The Tempo and Loki datasource plugins construct backend HTTP requests by interpolating user-supplied input into URL paths without sanitization, enabling path traversal. A Viewer-role user can: 1 capture admin-configured datasource credentials secureJsonData custom headers by traversing to an...

5.4CVSS5.8AI score0.00258EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added last week6 views

CVE-2026-41715

A flaw was found in Reactor Netty HTTP client. In specific scenarios, a remote attacker could exploit this vulnerability when the HTTP client is explicitly configured to follow redirects from a secure endpoint to an insecure one. This could lead to the leakage of sensitive credentials. Mitigation...

6.5CVSS5.9AI score0.00172EPSS
Exploits0References4
CVE
CVE
added 2026/06/23 6:6 p.m.12 views

CVE-2026-54323

CVE-2026-54323 describes a vulnerability in Daytona prior to 0.185.0 where the daemon’s git clone path disabled TLS certificate verification. When a clone carried Git credentials, the daemon sent the HTTP Basic Authorization header to the remote over an unvalidated TLS connection on both the go-g...

5.9CVSS6.4AI score0.00117EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/23 1:28 p.m.13 views

CVE-2026-54276

A flaw was found in aiohttp, an asynchronous HTTP client/server framework for asyncio and Python. The DigestAuthMiddleware component can send an authentication response after following a cross-origin redirect. This could allow a remote attacker, in conjunction with an open redirect vulnerability ...

6.3CVSS5.7AI score0.00178EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-50184

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.1...

6.1CVSS5.9AI score0.0015EPSS
Exploits0References3
NVD
NVD
added 2026/06/22 6:16 p.m.11 views

CVE-2026-50184

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, an issue in the @angular/service-worker package compromises the integrity of request-policy enforcement during...

6.1CVSS0.0015EPSS
Exploits0References2
CVE
CVE
added 2026/06/22 3:42 p.m.16 views

CVE-2026-50184

Summary (CVE-2026-50184) : The vulnerability affects the Angular ecosystem, specifically the @angular/service-worker package. When the service worker reconstructs outbound requests, an internal helper strips client-specified safety parameters (credentials: omit and cache: no-store), reverting the...

6.1CVSS5.9AI score0.0015EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/22 3:42 p.m.6 views

CVE-2026-50184

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, an issue in the @angular/service-worker package compromises the integrity of request-policy enforcement during...

6.1CVSS5.8AI score0.0015EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Ansible

A flaw was discovered in the ansible-connection module of Ansible Engine, where sensitive information such as Ansible user credentials is disclosed by default in the traceback error message. The greatest threat posed by this vulnerability is related to confidentiality...

5.5CVSS6.7AI score0.00384EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.13 views

PT-2026-50930

Name of the Vulnerable Software and Affected Versions Joomla! Component My Projects version 2.0 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by injecting malicious code through the VerAyari parameter at the component endpoint,...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/18 12:56 p.m.7 views

EUVD-2026-37885

UBB.threads is vulnerable to Blind SQL Injection, allowing attackers with access to the Members in Control Panel to interact with the underlying database. Due to insufficient input sanitization, an attacker can extract sensitive information, such as user credentials, by manipulating SQL queries...

8.6CVSS5.6AI score0.00305EPSS
Exploits0References2
OSV
OSV
added 2026/06/17 10:23 p.m.5 views

MAL-2026-6087 Malicious code in uol-simple-api-futebol (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 962c38ed6ec061ce6a530aeea5a960dfc2b75caec56f7a1bc648f6b6cb655271 The package's only documented function, getJogos default export, unconditionally invokes an internal helper named prepareCacheMatchs which POSTs the...

5.8AI score
Exploits0References3
Cvelist
Cvelist
added 2026/06/17 4:36 p.m.20 views

CVE-2026-6734 undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse

Impact: When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's origin matches the requested origin. All requests are dispatched through the pool connected to the first origin, regardless of the intended destination. This caus...

7.5CVSS0.00277EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/16 2:15 a.m.9 views

Malicious code in carousel-controller-mixin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1a4b1be297682ca77d8a92fc502887ee6d718a5541fa88413acdc6accb3ed97 package.json declares both preinstall and postinstall hooks that execute callback.js on every install. callback.js collects username, uid, hostname,...

5.8AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/15 5:13 p.m.27 views

@angular/service-worker: Request Credential & Cache Policy Stripping

An issue in the @angular/service-worker package compromises the integrity of request-policy enforcement during request reconstruction. When the Angular Service Worker intercepts network requests for matched assets, it reconstructs a new Request object using an internal helper function. During thi...

6.1CVSS5.5AI score0.0015EPSS
Exploits0References3Affected Software1
Talos
Talos
added 2026/06/15 12:0 a.m.7 views

GeoVision LPC2011/LPC2211 Web Interface / ssi.cgi privilege escalation vulnerability

Summary A privilege escalation vulnerability exists in the Web Interface / ssi.cgi functionality of LPC2011/LPC2211 versions: 1.10. A specially crafted HTTP request can lead to credentials leak. An attacker can visit a webpage to trigger this vulnerability. Confirmed Vulnerable Versions The...

6.5CVSS5.4AI score0.00271EPSS
Exploits0
Rows per page
Query Builder