Lucene search
K

1401 matches found

Nuclei
Nuclei
added 20 hours ago49 views

Lotus Domino R5 and R6 WebMail - Information Disclosure

Lotus Domino R5 and R6 WebMail with 'Generate HTML for all fields' enabled which is by default allows remote attackers to read the HTML source to obtain sensitive information including the password hash in the HTTPPassword field, the password change date in the HTTPPasswordChangeDate field, and t...

5CVSS6AI score0.73635EPSS
Exploits11References5
Nuclei
Nuclei
added yesterday65 views

Apache APISIX - Remote Code Execution

A default configuration of Apache APISIX with default API key is vulnerable to remote code execution. An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. When the admin key was changed or the port of Admin API was changed to a port different...

9.8CVSS7.7AI score0.96182EPSS
Exploits16References5
Vulnrichment
Vulnrichment
added 5 days ago6 views

CVE-2026-56782 Gorse - Unauthenticated Database Dump and Restore via /api/dump and /api/restore Endpoints

Gorse before 0.5.10 contains an authentication bypass vulnerability in the /api/dump and /api/restore endpoints that allows unauthenticated attackers to access protected functionality when adminapikey is empty, which is the default configuration. Remote attackers can exfiltrate the entire databas...

9.8CVSS5.8AI score0.03016EPSS
Exploits2References4
OSV
OSV
added 5 days ago5 views

PYSEC-2026-553 TorchServe Server-Side Request Forgery vulnerability

Impact Remote Server-Side Request Forgery SSRF Issue: TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity of the system and...

9.8CVSS5.8AI score0.35256EPSS
Exploits6References8
OSV
OSV
added 5 days ago5 views

PYSEC-2026-385 Remote code execution in pytorch lightning

A remote code execution RCE vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user input and mismanagement of dunder attributes by the deepdiff library. The library uses deepdiff.Delta objects to modify application state base...

9.8CVSS8AI score0.26488EPSS
Exploits3References8
CVE
CVE
added 2026/06/25 8:38 p.m.7 views

CVE-2026-12473

OHIF Viewers are affected: two default-configured data sources, DICOMWebProxy and DICOMJSON, fetch an arbitrary URL parameter without validation. A global authentication service in OHIF automatically injects the user's OIDC Bearer token into those requests and transmits it to an attacker-controll...

8.3CVSS6AI score0.00232EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-52096

Name of the Vulnerable Software and Affected Versions Rocket.Chat versions prior to 8.5.0 Rocket.Chat versions prior to 8.4.1 Rocket.Chat versions prior to 8.3.3 Rocket.Chat versions prior to 8.2.3 Rocket.Chat versions prior to 8.1.4 Rocket.Chat versions prior to 8.0.5 Rocket.Chat versions prior ...

9.3CVSS5.7AI score0.00149EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/22 1:34 p.m.3 views

CVE-2026-5139

Mattermost versions 11.7.x = 11.7.0, 11.6.x = 11.6.2, 11.5.x = 11.5.5, 10.11.x = 10.11.17 fail to enforce administrator authorization on the setDefaultInstance call within the /gitlab connect command handler, which allows any authenticated user to overwrite the global default GitLab instance...

5.4CVSS5.9AI score0.0017EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/22 1:34 p.m.39 views

CVE-2026-5139 GitLab Plugin Allows Non-Admin Users to Modify Default Instance Configuration

Mattermost versions 11.7.x slash command.. Mattermost Advisory ID: MMSA-2026-00644...

5.4CVSS0.0017EPSS
Exploits0References1
NVD
NVD
added 2026/06/19 2:16 p.m.10 views

CVE-2026-44915

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Apache APISIX. The default configuration of cas-auth in Apache APISIX is vulnerable to phishing and credential theft. This issue affects Apache APISIX: from 3.0.0 through 3.16.0. Users are recommended to upgrade to version 3.17.0,...

6.1CVSS0.004EPSS
Exploits0References2
NVD
NVD
added 2026/06/19 2:16 p.m.9 views

CVE-2026-47339

Incorrect Authorization vulnerability in Apache APISIX. An attacker can capitalise on authz-casdoor plugin under default configuration to authenticate themselves with credentials from a different source. This issue affects Apache APISIX: from 2.14.1 through 3.16.0. Users are recommended to upgrad...

8.1CVSS0.00285EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 1:13 p.m.27 views

CVE-2026-49230 Apache APISIX: Authentication bypass in jwe-decrypt

Improper Validation of Integrity Check Value vulnerability in Apache APISIX. The jwe-decrypt plugin under default configuration is vulnerable to authentication bypass. This issue affects Apache APISIX: from 3.8.0 through 3.16.0. Users are recommended to upgrade to version 3.17.0, which fixes the...

6.3CVSS0.00224EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/19 1:13 p.m.20 views

EUVD-2026-38019

Improper Validation of Integrity Check Value vulnerability in Apache APISIX. The jwe-decrypt plugin under default configuration is vulnerable to authentication bypass. This issue affects Apache APISIX: from 3.8.0 through 3.16.0. Users are recommended to upgrade to version 3.17.0, which fixes the...

6.3CVSS5.8AI score0.00224EPSS
Exploits0References1
CVE
CVE
added 2026/06/19 1:13 p.m.19 views

CVE-2026-49230

CVE-2026-49230 affects Apache APISIX via the jwe-decrypt plugin in default config, enabling authentication bypass. Vulnerable versions are 3.8.0–3.16.0; remediation is upgrade to 3.17.0. The CVE details indicate a improper validation of an integrity check value, with a network-exposed risk. If ex...

9.1CVSS5.8AI score0.00224EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/19 1:12 p.m.21 views

CVE-2026-44915

CVE-2026-44915 is an Open Redirect vulnerability in Apache APISIX related to the cas-auth plugin in its default configuration. The issue affects Apache APISIX versions 3.0.0 through 3.16.0 and could enable phishing and credential theft. Apache recommends upgrading to version 3.17.0, which contain...

6.1CVSS5.8AI score0.004EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/19 1:10 p.m.8 views

EUVD-2026-38015

Incorrect Authorization vulnerability in Apache APISIX. An attacker can capitalise on authz-casdoor plugin under default configuration to authenticate themselves with credentials from a different source. This issue affects Apache APISIX: from 2.14.1 through 3.16.0. Users are recommended to upgrad...

5.3CVSS5.9AI score0.00285EPSS
Exploits0References1
CVE
CVE
added 2026/06/19 1:10 p.m.16 views

CVE-2026-47339

CVE-2026-47339 affects Apache APISIX (authz-casdoor plugin). Under default configuration, it allows an attacker to authenticate using credentials from a different source, indicating an incorrect authorization vulnerability across versions 2.14.1 through 3.16.0. The risk is described as high (per ...

8.1CVSS5.9AI score0.00285EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/19 1:9 p.m.6 views

CVE-2026-44046

Use of Less Trusted Source vulnerability in Apache APISIX. Attacker can take advantage of wolf-rbac plugin under default configuration to potentially pollute logs with spoofed identity information and exploit IP based access control rules. This issue affects Apache APISIX: from 1.2.0 through...

2.3CVSS5.8AI score0.00314EPSS
Exploits0References2Affected Software1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in wkhtmltopdf

A directory traversal vulnerability exists in wkhtmltopdf version 0.12.5, allowing remote attackers to read local files and disclose sensitive information by using a crafted HTML file with default configurations...

7.5CVSS7.2AI score0.01817EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.3 views

PT-2026-53777

Impact ServerFilters.DigestAuth and the underlying DigestAuthProvider both defaulted their nonceVerifier parameter to true — i.e. every nonce was accepted regardless of value, age, or prior use. Any deployment using the default configuration had no replay protection on Digest authentication; a...

5.7AI score
Exploits0References7
Rows per page
Query Builder