Lucene search
+L

173 matches found

NVD
NVD
added 17 hours ago5 views

CVE-2026-62386

The Grav API plugin getgrav/grav-plugin-api before 1.0.0-rc.16 accepts JWT access tokens through the ?token= URL query parameter on every API route JwtAuthenticator::extractBearerToken fallback. Because tokens are embedded in URLs, they are logged verbatim in web server access logs, leaked via th...

8.2CVSS
Exploits0References2
OSV
OSV
added 2026/07/08 8:25 p.m.2 views

GHSA-9X82-RM84-C6X7 DSpace has possible Remote Code Execution (RCE) through Velocity Templates used by LDN

Overview Remote Code Execution RCE is possible via Velocity Templates used by DSpace for COAR Notify/LDN messages. This vulnerability impacts DSpace versions 8.0 = 8.3, 9.0 = 9.2. The attacker MUST already have DSpace administrator credentials in order to perform the attack. This attack is relate...

8CVSS6.2AI score
Exploits0References4
OSV
OSV
added 2026/06/16 7:27 p.m.8 views

MAL-2026-5918 Malicious code in nottuff7 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 15a5e98054661d6eea29d8120457ffc7e00d7b516223a5fa6ec91355e9434652 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
NVD
NVD
added 2026/06/08 12:16 p.m.17 views

CVE-2026-11569

A flaw was found in Quay. The filedrop endpoint accepts any mime type without validation, allowing an authenticated user with repository write access to upload a malicious SVG file containing JavaScript. The file is stored and served inline through the CDN, enabling stored cross-site scripting wh...

5.4CVSS0.00138EPSS
Exploits0References2
CVE
CVE
added 2026/06/08 10:54 a.m.28 views

CVE-2026-11569

CVE-2026-11569 affects Quay: the filedrop endpoint accepts any mime type without validation, allowing an authenticated user with repository write access to upload a malicious SVG containing JavaScript. The file is stored and served inline via the CDN, enabling stored XSS when a victim visits the ...

5.4CVSS5.2AI score0.00138EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/08 10:54 a.m.10 views

CVE-2026-11569 Quay: quay: stored xss via filedrop svg upload

A flaw was found in Quay. The filedrop endpoint accepts any mime type without validation, allowing an authenticated user with repository write access to upload a malicious SVG file containing JavaScript. The file is stored and served inline through the CDN, enabling stored cross-site scripting wh...

5.4CVSS5.2AI score0.00138EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 p.m.16 views

CVE-2026-11345

An Improper Authentication vulnerability in the /api/Cdn/GetFile endpoint of linqi allows unauthenticated, remote attackers to bypass file access controls. The ValidateAnonFileAccess function incorrectly grants access if an 'AnonFile' query parameter containing exactly 256 characters is provided...

6.9CVSS5.5AI score0.00414EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:24 p.m.10 views

CVE-2026-8941

The CDN Linker lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the ossdloffoptions function. This makes it possible for unauthenticated attackers to update the plugin's settings ...

4.3CVSS5.4AI score0.0014EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/02 4:1 p.m.14 views

CVE-2026-44593

esm.sh is a no-build content delivery network CDN for web development. In 137 and earlier, the legacy router first retrieves a response from legacyServer, parses the incoming request path, and ultimately writes the data to storage via buildStorage.Put. The router concatenates the path components...

8.7CVSS5.9AI score0.00362EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/28 2:45 p.m.13 views

EUVD-2026-32911

esm.sh is a no-build content delivery network CDN for web development. In 137 and earlier, a Local File Inclusion LFI vulnerability exists in the esbuild plugin's handling of the browser field in package.json. An attacker can publish an npm package that causes the server to read and return...

7.5CVSS6AI score0.00321EPSS
Exploits0References1
CVE
CVE
added 2026/05/28 2:44 p.m.26 views

CVE-2026-44593

esm.sh (no-build CDN) vulnerable to path traversal in legacy_router.go. In versions up to 137, the router concatenates request path components without sanitization, generating a storage key that can resolve to arbitrary filesystem paths (example: writing to /tmp/pwned). This allows an attacker to...

8.7CVSS5.9AI score0.00362EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 5:31 a.m.9 views

CVE-2026-8941

The CDN Linker lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the ossdloffoptions function. This makes it possible for unauthenticated attackers to update the plugin's settings ...

4.3CVSS5.7AI score0.0014EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/27 5:31 a.m.14 views

EUVD-2026-32067

The CDN Linker lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the ossdloffoptions function. This makes it possible for unauthenticated attackers to update the plugin's settings ...

4.3CVSS5.7AI score0.0014EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/05/26 5:23 p.m.11 views

WordPress CDN Linker lite plugin <= 1.3.1 - Cross-Site Request Forgery to Plugin Settings Update vulnerability

Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin CDN Linker lite versions = 1.3.1...

4.3CVSS5.8AI score0.0014EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/25 7:52 a.m.17 views

CVE-2026-44572

A flaw was found in Next.js. An external client could exploit this vulnerability by sending a x-nextjs-data header on a request to a path handled by middleware that returns a redirect. This action could cause the middleware or proxy to incorrectly process the request as a data request, replacing...

5.9CVSS5.7AI score0.00195EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.28 views

PT-2026-42038

Name of the Vulnerable Software and Affected Versions Nuxt versions 3.1.0 through 3.21.5 Nuxt versions 4.0.0-alpha.1 through 4.4.5 @nuxt/nitro-server versions 3.20.0 through 3.21.5 @nuxt/nitro-server versions 4.0.0-alpha.1 through 4.4.5 Description The '/ nuxt island/' endpoint accepts...

5.4CVSS5.2AI score0.00091EPSS
Exploits0References8
OSV
OSV
added 2026/05/11 4:12 p.m.8 views

GHSA-3G8H-86W9-WVMQ Next.js's Middleware / Proxy redirects can be cache-poisoned

Impact Next.js uses the x-nextjs-data request header for internal data requests. On affected versions, an external client could send this header on a normal request to a path handled by middleware that returns a redirect. When that happened, the middleware/proxy could treat the request as a data...

3.7CVSS5.8AI score0.00195EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/08 3:36 p.m.7 views

CVE-2026-41883

OmniFaces is a utility library for Faces. Prior to versions 1.14.2, 2.7.32, 3.14.16, 4.7.5, and 5.2.3, there is a server-side EL injection leading to Remote Code Execution RCE. This affects applications that use CDNResourceHandler with a wildcard CDN mapping e.g...

8.1CVSS5.8AI score0.00382EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/08 3:36 p.m.15 views

EUVD-2026-28794

OmniFaces is a utility library for Faces. Prior to versions 1.14.2, 2.7.32, 3.14.16, 4.7.5, and 5.2.3, there is a server-side EL injection leading to Remote Code Execution RCE. This affects applications that use CDNResourceHandler with a wildcard CDN mapping e.g...

8.1CVSS5.8AI score0.00382EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/16 8:41 p.m.3 views

Directory Traversal

Overview weblate is an A web-based continuous localization system with tight version control integration Affected versions of this package are vulnerable to Directory Traversal via the translation memory API when unintended endpoints are exposed without proper access control. An attacker can acce...

6.9CVSS6.4AI score0.00323EPSS
Exploits0References2
Rows per page
Query Builder