Lucene search
K

4441 matches found

Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.11 views

PT-2026-51019

Name of the Vulnerable Software and Affected Versions YARD versions prior to 0.9.44 Description YARD is a documentation generation tool for the Ruby programming language. The static cache lookup reads a request path before the router's path cleanup process occurs. When a server is configured with...

5.3CVSS5.7AI score0.00273EPSS
Exploits0References9
OSV
OSV
added 2026/06/18 8:34 a.m.5 views

MINI-GJ7Q-3M59-C2QH

Bulletin has no description...

10CVSS5AI score0.0044EPSS
Exploits0
OSV
OSV
added 2026/06/18 6:43 a.m.6 views

MINI-J8VQ-J869-FHJM

Bulletin has no description...

9.1CVSS5AI score0.00533EPSS
Exploits0
OSV
OSV
added 2026/06/17 4:22 p.m.3 views

MINI-QCM4-G93Q-CQ8H

Bulletin has no description...

6.9CVSS5AI score0.00123EPSS
Exploits0
OSV
OSV
added 2026/06/15 3:22 p.m.4 views

MINI-V94P-8FG4-X4HW

Bulletin has no description...

6.7CVSS4.9AI score0.00828EPSS
Exploits0
Veracode
Veracode
added 2026/06/15 7:20 a.m.11 views

XXE Injection

Spring REST Docs is vulnerable to XML External Entity XXE Injection. The vulnerability is due to unsafe processing of XML content when documenting remote APIs, where a compromised or malicious API can supply crafted XML containing external entities. When documentation-generating tests are execute...

5.9CVSS5.3AI score0.00223EPSS
Exploits0References2Affected Software1
Fedora
Fedora
added 2026/06/14 5:4 a.m.20 views

[SECURITY] Fedora 43 Update: composer-2.10.1-1.fc43

Composer helps you declare, manage and install dependencies of PHP projects, ensuring you have the right stack everywhere. Documentation: https://getcomposer.org/doc/...

5.4AI score
Exploits0
EUVD
EUVD
added 2026/06/13 8:38 a.m.15 views

EUVD-2026-36650

The Model Context Protocol has a security warning advising servers to validate the "Origin" header on all incoming connections to prevent DNS rebinding attacks. Prior to the v0.25.0 release, users had no way to validate the origin's host. In v0.25.0, a new "--allowed-hosts" flag was introduced...

9.4CVSS5.3AI score0.00153EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/13 8:38 a.m.11 views

CVE-2026-11624

The Model Context Protocol has a security warning advising servers to validate the "Origin" header on all incoming connections to prevent DNS rebinding attacks. Prior to the v0.25.0 release, users had no way to validate the origin's host. In v0.25.0, a new "--allowed-hosts" flag was introduced...

9.4CVSS5.3AI score0.00153EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/13 1:24 a.m.13 views

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: nodejs24: nodejs24-24.16.0-1.hum1 aarch64, x8664 nodejs24-bin-24.16.0-1.hum1 noarch nodejs24-devel-24.16.0-1.hum1 aarch64, x8664 nodejs24-docs-24.16.0-1.hum1 noarch...

7.5CVSS5.8AI score0.00426EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.19 views

PT-2026-49089

Name of the Vulnerable Software and Affected Versions Model Context Protocol versions prior to 0.25.0 Description Servers fail to validate the "Origin" header on incoming connections, which may allow DNS rebinding attacks. DNS rebinding is a method of bypassing the Same-Origin Policy to interact...

9.4CVSS5.3AI score0.00153EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/12 2:11 p.m.30 views

CVE-2026-8694 Improper access control on the API documentation endpoint in PowerShell Universal

Improper access control in Devolutions PowerShell Universal 2026.1.7 and earlier allows an unauthenticated remote attacker to obtain the OpenAPI specification of user-defined REST endpoints...

0.00221EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 2:11 p.m.9 views

CVE-2026-8694 Improper access control on the API documentation endpoint in PowerShell Universal

Improper access control in Devolutions PowerShell Universal 2026.1.7 and earlier allows an unauthenticated remote attacker to obtain the OpenAPI specification of user-defined REST endpoints...

5.3AI score0.00221EPSS
Exploits0References1
OPENSUSE Linux
OPENSUSE Linux
added 2026/06/12 12:0 a.m.5 views

python-M2Crypto-doc-0.48.0-1.1 on GA media (moderate)

python-M2Crypto-doc-0.48.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10990-1 Rating: moderate Cross-References: CVE-2026-0672 CVSS scores: CVE-2026-0672 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2026-0672 SUSE : 8.7...

8.7CVSS5.4AI score0.00401EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.17 views

AlmaLinux 9 : redis (ALSA-2026:23229)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:23229 advisory. redis: RESTORE invalid memory access may allow remote code execution CVE-2026-25243 Tenable has extracted the preceding description block directly from the...

8.8CVSS6.2AI score0.02995EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/10 12:31 a.m.12 views

EUVD-2026-35885

When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote API accessed over HTTP, an attacker who compromises the API or tricks the user into documenting a malicious API can perform an XXE injection attack when the documentation-generating tests are next execute...

5.9CVSS5.5AI score0.00223EPSS
Exploits0References2
NVD
NVD
added 2026/06/10 12:16 a.m.19 views

CVE-2026-40991

When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote API accessed over HTTP, an attacker who compromises the API or tricks the user into documenting a malicious API can perform an XXE injection attack when the documentation-generating tests are next execute...

5.9CVSS0.00223EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 11:46 p.m.24 views

CVE-2026-40991

The CVE-2026-40991 issue affects Spring REST Docs: 4.0.0; 3.0.0–3.0.5; and 2.0.0.RELEASE–2.0.8.RELEASE. When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote HTTP API, an attacker who compromises the API or tricks a user into documenting a malicious API can ...

5.9CVSS5.5AI score0.00223EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 11:46 p.m.10 views

CVE-2026-40991 XML External Entity (XXE) injection when documenting untrusted XML content

When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote API accessed over HTTP, an attacker who compromises the API or tricks the user into documenting a malicious API can perform an XXE injection attack when the documentation-generating tests are next execute...

5.9CVSS5.5AI score0.00223EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 11:46 p.m.40 views

CVE-2026-40991 XML External Entity (XXE) injection when documenting untrusted XML content

When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote API accessed over HTTP, an attacker who compromises the API or tricks the user into documenting a malicious API can perform an XXE injection attack when the documentation-generating tests are next execute...

5.9CVSS0.00223EPSS
Exploits0References1
Rows per page
Query Builder