Lucene search
K

1132 matches found

RedHat Linux
RedHat Linux
added 2026/03/17 12:48 p.m.4 views

io.vertx/vertx-core: static handler component cache can be manipulated to deny the access to static files

A flaw was found in Vert.x. The Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URIs, preventing legitimate users from accessing static files with an HTTP 404 response...

6.9CVSS5.7AI score0.00343EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.8 views

PT-2026-25994

Summary AVideo contains a reflected XSS vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser. User input from a URL parameter flows through PHP's json encode into a JavaScript function that renders it via innerHTML, bypassing encoding and...

5.3CVSS6.2AI score0.00317EPSS
Exploits1References5
HackRead
HackRead
added 2026/03/11 11:5 p.m.9 views

Iran-Linked Handala Hackers Claim Major Hacks on Stryker and Verifone

Iran-linked Handala hackers claim cyberattacks on Stryker and Verifone. Stryker confirms network disruption while Verifone says no breach evidence found...

5.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/03/11 7:23 p.m.10 views

Shopware has user enumeration via distinct error codes on Store API login endpoint

Summary The Store API login endpoint POST /store-api/account/login returns different error codes depending on whether the submitted email address belongs to a registered customer CHECKOUTCUSTOMERAUTHBADCREDENTIALS or is unknown CHECKOUTCUSTOMERNOTFOUND. The "not found" response also echoes the...

5.3CVSS5.8AI score0.00218EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2026/03/11 7:23 p.m.5 views

GHSA-GQC5-XV7M-GCJQ Shopware has user enumeration via distinct error codes on Store API login endpoint

Summary The Store API login endpoint POST /store-api/account/login returns different error codes depending on whether the submitted email address belongs to a registered customer CHECKOUTCUSTOMERAUTHBADCREDENTIALS or is unknown CHECKOUTCUSTOMERNOTFOUND. The "not found" response also echoes the...

5.3CVSS5.8AI score0.00218EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/03/05 8:0 p.m.6 views

io.vertx/vertx-core: static handler component cache can be manipulated to deny the access to static files

A flaw was found in Vert.x. The Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URIs, preventing legitimate users from accessing static files with an HTTP 404 response...

6.9CVSS5.7AI score0.00343EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/03/05 1:32 p.m.3 views

io.vertx/vertx-core: static handler component cache can be manipulated to deny the access to static files

A flaw was found in Vert.x. The Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URIs, preventing legitimate users from accessing static files with an HTTP 404 response...

6.9CVSS5.7AI score0.00343EPSS
Exploits1References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/03 3:23 p.m.8 views

Malicious code in demo-pipelinetest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8cdbe67e8fa0e92aa8f588916bbaf7b0c041cd6613636172f671c1a6251df15e The package demo-pipelinetest was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/20 6:40 a.m.2 views

CVE-2017-4558

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none...

5.5AI score
Exploits0References1
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.7 views

Dify - User Enumeration via "Account not found" Message

A user enumeration vulnerability exists in langgenius/dify, where the login API leaks information about whether a user account exists or not. When an invalid/non-existent email is used during login, the API returns a distinct error message such as "accountnotfound" or "Account not found.", allowi...

5.3CVSS4.5AI score0.00722EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2026/02/02 12:0 a.m.3 views

Huawei EulerOS: Security Advisory for augeas (EulerOS-SA-2026-1154)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.8CVSS5.4AI score0.00241EPSS
Exploits1References2
OSV
OSV
added 2026/01/29 12:49 a.m.3 views

CGA-GC25-RCCJ-J593

Bulletin has no description...

8.1CVSS7.1AI score0.03607EPSS
Exploits0
NVD
NVD
added 2026/01/28 9:16 p.m.7 views

CVE-2026-23743

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, permalinks pointing to access-restricted resources private topics, categories, posts, or hidden tags were redirecting users to URLs containing the resource slug, even when the user...

7.5CVSS0.00245EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/28 8:7 p.m.7 views

EUVD-2026-4861

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, permalinks pointing to access-restricted resources private topics, categories, posts, or hidden tags were redirecting users to URLs containing the resource slug, even when the user...

6.9CVSS5.9AI score0.00245EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/28 8:7 p.m.20 views

CVE-2026-23743 Discourse allows permalinks to restricted resources to leak resource slugs to unauthorized users

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, permalinks pointing to access-restricted resources private topics, categories, posts, or hidden tags were redirecting users to URLs containing the resource slug, even when the user...

6.9CVSS0.00245EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/01/28 1:44 a.m.6 views

WordPress Ivory Search plugin <= 5.5.13 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'menu_gcse' and 'nothing_found_text' Parameters vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'menugcse' and 'nothingfoundtext' Parameters vulnerability discovered by JongHwan Shin zzzsleep in WordPress Plugin Ivory Search versions = 5.5.13...

4.4CVSS5.9AI score0.00261EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.4 views

Azure Linux 3.0 Security Update: kernel (CVE-2025-38362)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38362 advisory. - In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null pointer check...

5.5CVSS5.3AI score0.00107EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/16 6:16 p.m.13 views

CVE-2026-1002

A flaw was found in Vert.x. The Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URIs, preventing legitimate users from accessing static files with an HTTP 404 response. Mitigation To mitigate this...

6.9CVSS6.6AI score0.00343EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/01/09 11:22 a.m.4 views

CVE-2021-31641

An unauthenticated XSS vulnerability exists in several IoT devices from CHIYU Technology, including BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, BF-MINI-W, and SEMAC due to a lack of sanitization when the HTTP 404 message is generated...

6.1CVSS6.4AI score0.05125EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:18 a.m.8 views

CVE-2025-1366

A vulnerability was found in MicroWord eScan Antivirus 7.0.32 on Linux and classified as critical. Affected by this issue is the function strcpy of the component VirusPopUp. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been...

7.8CVSS6.8AI score0.0032EPSS
Exploits1References1
Rows per page
Query Builder