Lucene search
K

2605 matches found

Nuclei
Nuclei
added yesterday77 views

DomainMOD 4.13.0 - Cross-Site Scripting

DomainMOD 4.13.0 is vulnerable to cross-site scripting via reporting/domains/cost-by-owner.php in the "or Expiring Between" parameter. id: CVE-2020-20988 info: name: DomainMOD 4.13.0 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.13.0 is vulnerable to...

5.4CVSS6AI score0.01331EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2 days ago4 views

io.netty/netty-resolver-dns: Netty has Insufficient Bailiwick Validation for NS Records

A flaw was found in Netty's DnsResolveContext. An attacker controlling an authoritative name server for a subdomain can exploit this vulnerability by providing crafted NS records that are insufficiently validated. This allows the attacker to poison the DNS cache for parent domains, bypassing...

10CVSS5.9AI score0.00292EPSS
Exploits0References7
Cvelist
Cvelist
added 2 days ago30 views

CVE-2026-59207 n8n: "Allowed HTTP Request Domains" Restriction Bypass via AI Agents MCP Connector

n8n is an open source workflow automation platform. Prior to 2.27.4 and 2.28.1, the AI Agents feature did not enforce the Allowed HTTP Request Domains restriction configured on credentials when an MCP tool was pointed at an arbitrary URL, allowing a member-level user with use-only access to a...

7.1CVSS0.00263EPSS
Exploits0References3
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-42609

n8n is an open source workflow automation platform. Prior to 2.27.4 and 2.28.1, the AI Agents feature did not enforce the Allowed HTTP Request Domains restriction configured on credentials when an MCP tool was pointed at an arbitrary URL, allowing a member-level user with use-only access to a...

7.1CVSS6.1AI score0.00263EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-59207

n8n is an open source workflow automation platform. Prior to 2.27.4 and 2.28.1, the AI Agents feature did not enforce the Allowed HTTP Request Domains restriction configured on credentials when an MCP tool was pointed at an arbitrary URL, allowing a member-level user with use-only access to a...

7.1CVSS6.1AI score0.00263EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-42603

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. XAPI can configure different users with different roles, using Role Based Access Control. For more details, see:...

9.4CVSS7.3AI score0.0014EPSS
Exploits0References1
NVD
NVD
added 2 days ago9 views

CVE-2026-56458

HCL DevOps Deploy uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains...

7.5CVSS0.00226EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago33 views

CVE-2026-56458 HCL DevOps Deploy is susceptible to a Permissive Cross-domain Security Policy with Untrusted Domains

HCL DevOps Deploy uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains...

5.4CVSS0.00226EPSS
Exploits0References1
CVE
CVE
added 2 days ago10 views

CVE-2026-56458

Technical details about CVE-2026-56458 are not publicly available in the provided documents. No affected versions, root cause specifics, exploits, or mitigations are disclosed here. Monitor for updates from vendors or CVE pages.

7.5CVSS5.9AI score0.00226EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-56458

HCL DevOps Deploy uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains...

5.4CVSS5.9AI score0.00226EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-42552

HCL DevOps Deploy uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains...

5.4CVSS5.9AI score0.00226EPSS
Exploits0References1
CVE
CVE
added 3 days ago11 views

CVE-2026-59883

CVE-2026-59883 – Guzzle: CookieJar domain-matching flaw in the PHP HTTP client allowed cookies scoped to IP-address or bare-numeric domains (e.g., 192.168.0.1, ::1) to be accepted by non-origin hosts due to SetCookie::matchesDomain() applying ordinary suffix matching. Affects versions prior to 7....

4.7CVSS6AI score0.00115EPSS
Exploits0References4
Cvelist
Cvelist
added 3 days ago33 views

CVE-2026-59883 Guzzle: Cookie Disclosure and Injection via IP-Address Domains

Guzzle is an extensible PHP HTTP client. Prior to 7.12.3, CookieJar did not restrict cookies scoped to IP-address or bare-numeric Domain values to the exact host that set them, because SetCookie::matchesDomain applied ordinary suffix matching to domains such as 192.168.0.1, ::1, or 1, allowing...

4.7CVSS0.00115EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 3 days ago3 views

crypto/x509: Incorrect enforcement of email constraints in crypto/x509

A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly...

7.5CVSS7AI score0.00606EPSS
Exploits0References8
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago5 views

Malicious code in domains-billing-types (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4860726efc056e319a24e46ac4e179809cc294267679a9b8122c5205b49369f1 [email protected] executes node index.js from its postinstall lifecycle script. On install, index.js reads os.hostname and...

6AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 3 days ago7 views

PT-2026-56285

Name of the Vulnerable Software and Affected Versions WebPros Plesk versions prior to 18.0.78.4 Description Incorrect authorization in the XML-RPC API allows a low-privileged authenticated customer to look up domains they do not own. This occurs because ownership is enforced only for specific...

9.9CVSS6AI score0.00336EPSS
Exploits0References10
NVD
NVD
added 4 days ago8 views

CVE-2026-53878

An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. DomainNameValidator does not prohibit newlines in domain names unless used via a form field, since CharField strips newlines. If an application uses values with newlines in an HTTP response, header injection can occur. Djan...

6.1CVSS0.00217EPSS
Exploits0References3
OSV
OSV
added 5 days ago3 views

BIT-MASTODON-2026-50128 Mastodon: Spoofing of attribution domains

Mastodon is a free, open-source social network server based on ActivityPub. From 4.3.0 until 4.5.11 and 4.4.18, Mastodon has a feature to let websites credit authors of their articles. To prevent false attribution claims, Mastodon uses the attributionDomains JSON-LD term, however, an error in how...

5.3CVSS6AI score0.00129EPSS
Exploits0References3
OSV
OSV
added 6 days ago4 views

RLSA-2026:30845 Moderate: mod_md security update

This module manages common properties of domains for one or more virtual hosts. Specifically it can use the ACME protocol to automate certificate provisioning. Certificates will be configured for managed domains and their virtual hosts automatically, including at renewal. Security Fixes: httpd:...

7.5CVSS5.9AI score0.00628EPSS
Exploits0References2
OSV
OSV
added 2026/07/03 7:16 a.m.4 views

ALPINE-CVE-2026-8924

A flaw in curl’s cookie parsing logic allows a malicious HTTP server to set 'super cookies' that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that curl subsequently scopes and transmits to unrelated third-party domains...

9.1CVSS6AI score0.00649EPSS
Exploits1References1
Rows per page
Query Builder