Lucene search
K

85 matches found

SUSE CVE
SUSE CVE
added 2026/06/30 1:42 a.m.9 views

SUSE CVE-2026-58055

nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a Content-Length header and body onto reusable keep-alive backend connections, re-adding the Upgrade and Connection headers while passing Content-Length verbatim. A backend that resolves the resulting...

5.4CVSS5.8AI score0.00202EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/28 1:32 a.m.9 views

EUVD-2026-39975

nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a Content-Length header and body onto reusable keep-alive backend connections, re-adding the Upgrade and Connection headers while passing Content-Length verbatim. A backend that resolves the resulting...

6.3CVSS5.8AI score0.00202EPSS
Exploits0References3
NVD
NVD
added 2026/06/24 8:16 p.m.6 views

CVE-2026-27708

FOSSBilling is a free, open-source billing and client management system. In versions 0.7.2 and prior, the Servicecustom Client API's call method accepts an orderid parameter and fetches the associated order without verifying the authenticated client owns it, potentially exposing cross-client data...

7.1CVSS0.00265EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 7:24 p.m.11 views

CVE-2026-27708

FOSSBilling, before 0.8.0, is vulnerable to an IDOR in the Servicecustom Client API: the __call method accepts an order_id and fetches the order without ensuring the authenticated client owns it, enabling cross-client access to other clients’ orders and exposing PII and service configuration data...

7.1CVSS5.8AI score0.00265EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 7:24 p.m.17 views

CVE-2026-27708 FOSSBilling: IDOR in Servicecustom Client API allows cross-client data access

FOSSBilling is a free, open-source billing and client management system. In versions 0.7.2 and prior, the Servicecustom Client API's call method accepts an orderid parameter and fetches the associated order without verifying the authenticated client owns it, potentially exposing cross-client data...

7.1CVSS0.00265EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-52076

Name of the Vulnerable Software and Affected Versions FOSSBilling versions prior to 0.8.0 Description The Servicecustom Client API's call method accepts an order id parameter and retrieves the associated order without verifying if the authenticated client owns it. This allows an authenticated...

7.1CVSS5.8AI score0.00265EPSS
Exploits0References5
NVD
NVD
added 2026/06/23 9:16 p.m.7 views

CVE-2025-64105

FOSSBilling is a billing and client management system that automates invoicing, payments, and communication for online service businesses. Versions 0.6.21 through 0.7.2 are vulnerable to IDOR through the support ticket creation workflow. By manipulating relid when reltype=order, an authenticated...

5.1CVSS0.00265EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.13 views

PT-2026-50741

Name of the Vulnerable Software and Affected Versions Zitadel versions 4.0.0 through 4.15.1 Zitadel versions 3.0.0 through 3.4.11 Description The OAuth2 / OIDC CodeExchange and RefreshToken implementations fail to validate that the requesting client matches the client that originally initiated th...

7.4CVSS6AI score
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.16 views

CVE-2026-46416

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO creates one shared UFOWebSocketHandler instance and reuses it for multiple authenticated WebSocket connections. The handler stores per-connection protocol objects in...

6.3CVSS5.5AI score0.00276EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.13 views

CVE-2026-46544

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO accepts client-supplied sessionid values in WebSocket task messages and reuses an existing in-memory session object if that sessionid already exists. If a prior session...

5.3CVSS5.5AI score0.00422EPSS
Exploits0References1
NVD
NVD
added 2026/05/27 11:16 p.m.22 views

CVE-2026-46544

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO accepts client-supplied sessionid values in WebSocket task messages and reuses an existing in-memory session object if that sessionid already exists. If a prior session...

5.3CVSS0.00422EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 9:56 p.m.47 views

CVE-2026-46416 Microsoft UFO shared WebSocket handler state causes cross-client response hijacking

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO creates one shared UFOWebSocketHandler instance and reuses it for multiple authenticated WebSocket connections. The handler stores per-connection protocol objects in...

6.3CVSS0.00276EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 9:56 p.m.31 views

CVE-2026-46416

Microsoft UFO (open-source framework for intelligent automation) in version 3.0.1-4-ge2626659 uses a single shared UFOWebSocketHandler instance for multiple authenticated WebSocket connections. The handler caches per-connection protocol objects in mutable fields, and each new connection overwrite...

6.3CVSS5.8AI score0.00276EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 9:56 p.m.10 views

CVE-2026-46416 Microsoft UFO shared WebSocket handler state causes cross-client response hijacking

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO creates one shared UFOWebSocketHandler instance and reuses it for multiple authenticated WebSocket connections. The handler stores per-connection protocol objects in...

6.3CVSS5.8AI score0.00276EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 9:53 p.m.12 views

CVE-2026-46544 Microsoft UFO reuses client-supplied WebSocket session IDs and replays stale task results to new authenticated requesters

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO accepts client-supplied sessionid values in WebSocket task messages and reuses an existing in-memory session object if that sessionid already exists. If a prior session...

5.3CVSS5.8AI score0.00422EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 9:53 p.m.9 views

CVE-2026-46544

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO accepts client-supplied sessionid values in WebSocket task messages and reuses an existing in-memory session object if that sessionid already exists. If a prior session...

5.3CVSS5.8AI score0.00422EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/27 9:53 p.m.11 views

EUVD-2026-32673

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO accepts client-supplied sessionid values in WebSocket task messages and reuses an existing in-memory session object if that sessionid already exists. If a prior session...

5.3CVSS5.8AI score0.00422EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 9:53 p.m.41 views

CVE-2026-46544 Microsoft UFO reuses client-supplied WebSocket session IDs and replays stale task results to new authenticated requesters

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO accepts client-supplied sessionid values in WebSocket task messages and reuses an existing in-memory session object if that sessionid already exists. If a prior session...

5.3CVSS0.00422EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 9:53 p.m.27 views

CVE-2026-46544

Technical details beyond the provided CVE description are not publicly available in the supplied documents. Monitor for updates from the referenced UFO advisory and CVE entry.

5.3CVSS5.8AI score0.00422EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.13 views

PT-2026-44122

Name of the Vulnerable Software and Affected Versions Microsoft UFO version 3.0.1-4-ge2626659 Description Microsoft UFO is an open-source framework for intelligent automation across devices and platforms. The software accepts client-supplied session id values in WebSocket task messages and reuses...

5.3CVSS5.8AI score0.00422EPSS
Exploits0References3
Rows per page
Query Builder