Lucene search
K

90 matches found

CNNVD
CNNVD
added 2026/02/24 12:0 a.m.10 views

Craft CMS 代码问题漏洞

Craft CMS is an open-source content management system developed by Craft CMS. There are code vulnerabilities in versions 4.5.0-RC1 to 4.16.18, and from 5.0.0-RC1 to 5.8.22 of Craft CMS. These vulnerabilities stem from a GraphQL Asset mutation where the SSRF validation only parses IPv4 addresses,...

7.1CVSS5.9AI score0.00421EPSS
Exploits1References3
OSV
OSV
added 2026/02/03 7:16 p.m.2 views

CVE-2025-52628

HCL AION is affected by a Cookie with Insecure, Improper, or Missing SameSite vulnerability. This can allow cookies to be sent in cross-site requests, potentially increasing exposure to cross-site request forgery and related security risks. This issue affects AION: 2.0...

8.8CVSS5.6AI score0.0019EPSS
Exploits0References1
CVE
CVE
added 2026/02/03 6:6 p.m.9 views

CVE-2025-52628

CVE-2025-52628 affects HCL AION 2.0. Connected sources describe a cookie handling issue due to missing or insecure SameSite attributes, enabling cross-site requests and increasing CSRF risk. The CNVD entry calls it a CSRF vulnerability stemming from the cookie SameSite issue; Red Hat and NVD desc...

8.8CVSS5.1AI score0.0019EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.7 views

PT-2026-5904

Name of the Vulnerable Software and Affected Versions HCL AION version 2.0 Description HCL AION is susceptible to a cookie handling issue where cookies may lack proper SameSite attributes, or have insecure or improper configurations. This can allow cookies to be transmitted in unintended cross-si...

8.8CVSS5.1AI score0.0019EPSS
Exploits0References3
OSV
OSV
added 2026/01/22 2:5 a.m.6 views

CVE-2026-23965 sm-crypto Affected by Signature Forgery in SM2-DSA

sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A signature forgery vulnerability exists in the SM2 signature verification logic of sm-crypto prior to version 0.4.0. Under default configurations, an attacker can forge valid signatures for...

7.5CVSS5.8AI score0.00194EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/16 4:14 p.m.4 views

CVE-2026-22782

RustFS is a distributed object storage system built in Rust. From = 1.0.0-alpha.1 to 1.0.0-alpha.79, invalid RPC signatures cause the server to log the shared HMAC secret and expected signature, which exposes the secret to log readers and enables forged RPC calls. In...

7.5CVSS5.4AI score0.00472EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 2:56 p.m.10 views

Jervis Has a JWT Algorithm Confusion Vulnerability

Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovyL244-L249 The code doesn't validate that the JWT header specifies "alg":"RS256". Impact Depending on the broader system, this could allow JWT...

6.9CVSS7AI score0.00128EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/01/13 2:56 p.m.3 views

GHSA-5PQ9-5MPR-JJ85 Jervis Has a JWT Algorithm Confusion Vulnerability

Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovyL244-L249 The code doesn't validate that the JWT header specifies "alg":"RS256". Impact Depending on the broader system, this could allow JWT...

6.9CVSS6.9AI score0.00128EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/09 8:40 a.m.6 views

CVE-2022-35924

NextAuth.js is a complete open source authentication solution for Next.js applications. next-auth users who are using the EmailProvider either in versions before 4.10.3 or 3.29.10 are affected. If an attacker could forge a request that sent a comma-separated list of emails eg.:...

9.1CVSS6.8AI score0.01098EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.3 views

PT-2026-1013

Name of the Vulnerable Software and Affected Versions cpp-httplib versions prior to 0.30.0 Description The write headers function in cpp-httplib does not properly validate user-supplied headers, specifically failing to check for carriage return CR and line feed LF characters. This allows attacker...

8.7CVSS6.5AI score0.00602EPSS
Exploits6References24
EUVD
EUVD
added 2025/12/11 12:30 a.m.4 views

EUVD-2025-202637

Multiple vulnerabilities in Aqara Hub firmware update process in the Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 devices, allow attackers to install malicious firmware without proper verification. The device fails to validate firmware signatures during updates, uses outdated...

8.1CVSS6.3AI score0.002EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/11/24 12:0 a.m.2 views

PT-2025-48045

Name of the Vulnerable Software and Affected Versions cggmp21 versions 0.6.3 and earlier cggmp24 version 0.7.0-alpha.1 Description The software is susceptible to a security issue related to the use of presignatures in specific contexts. Specifically, using presignatures in conjunction with HD...

8.2CVSS6.2AI score0.00181EPSS
Exploits0References20
CNNVD
CNNVD
added 2025/10/09 12:0 a.m.2 views

Progress Flowmon 跨站脚本漏洞

Progress Flowmon is a real-time network traffic monitoring tool from Progress. A cross-site scripting vulnerability exists in versions of Progress Flowmon prior to 12.5.5, which originates from a user clicking on a malicious link that could trigger an unexpected action, potentially leading to a...

8.8CVSS6.1AI score0.00293EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-2348

Malware in sbrugna...

4.3CVSS4.6AI score0.00382EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-26864

Malicious code in bioql PyPI...

8.6CVSS7.5AI score0.00693EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.19 views

EUVD-2025-11892

Malicious code in bioql PyPI...

4.3CVSS4.7AI score0.00092EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/22 6:22 p.m.2 views

CVE-2025-58688 WordPress Casengo Live Chat Support Plugin <= 2.1.4 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Casengo Casengo Live Chat Support the-casengo-chat-widget allows Stored XSS.This issue affects Casengo Live Chat Support: from n/a through = 2.1.4...

7.1CVSS5.9AI score0.00118EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/28 6:4 p.m.1 views

CVE-2025-31971 AIML Solutions for HCL SX is susceptible to a URL validation vulnerability

AIML Solutions for HCL SX is vulnerable to a URL validation vulnerability. The issue may allow attackers to launch a server-side request forgery SSRF attack enabling unauthorized network calls from the system, potentially exposing internal services or sensitive information...

5.1CVSS6.3AI score0.00127EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/08 12:0 a.m.6 views

F5 Networks BIG-IP : Apache HTTP Server vulnerability (K000152924) (deprecated)

The vendor no longer states that their product is vulnerable. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from F5 Networks BIG-IP Solution K000152924. Disabled on 2026/01/29. Advisory states BIG-IP no longer vulnerable...

7.5CVSS6.8AI score0.00772EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/08/01 5:42 p.m.4 views

org.eclipse.jetty:jetty-http: jetty: Jetty URI parsing of invalid authority

A flaw was found in Jetty. The HttpURI class performs insufficient validation on the authority segment of a URI. The HttpURI and the browser may differ on the value of the host extracted from an invalid URI. This combination of Jetty and a vulnerable browser may be vulnerable to an open redirect...

5.3CVSS5.7AI score0.00986EPSS
Exploits1References7
Rows per page
Query Builder