Lucene search
K

692 matches found

RedHat Linux
RedHat Linux
added 2 days ago3 views

foreman: Foreman: Information disclosure via improper validation of nested request parameters

A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomyscope controller method does not properly validate organization and location IDs from nested request parameters,...

4.3CVSS5.7AI score0.00247EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2 days ago4 views

foreman: Foreman: Information disclosure via improper validation of nested request parameters

A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomyscope controller method does not properly validate organization and location IDs from nested request parameters,...

4.3CVSS5.7AI score0.00247EPSS
Exploits0References4
NVD
NVD
added 2 days ago5 views

CVE-2026-5138

A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomyscope controller method does not properly validate organization and location IDs from nested request parameters,...

4.3CVSS0.00247EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2 days ago4 views

CVE-2026-5138 Foreman: foreman: information disclosure via improper validation of nested request parameters

A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomyscope controller method does not properly validate organization and location IDs from nested request parameters,...

4.3CVSS5.8AI score0.00247EPSS
Exploits0References4
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-41004

A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomyscope controller method does not properly validate organization and location IDs from nested request parameters,...

4.3CVSS5.8AI score0.00247EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-5138

A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomyscope controller method does not properly validate organization and location IDs from nested request parameters,...

4.3CVSS5.8AI score0.00247EPSS
Exploits0References7
NVD
NVD
added 2 days ago6 views

CVE-2026-7517

The Custom Payment Gateways for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'algwccpginputfields' parameter in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS0.00247EPSS
Exploits0References8
CVE
CVE
added 2 days ago8 views

CVE-2026-7517

The CVE-2026-7517 entry concerns the Custom Payment Gateways for WooCommerce WordPress plugin. It is vulnerable to Stored Cross-Site Scripting via the alg_wc_cpg_input_fields parameter in all versions up to 2.1.0 due to insufficient input sanitization and output escaping. Exploitation is possible...

7.2CVSS5.9AI score0.00247EPSS
Exploits0References8
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-7517 Custom Payment Gateways for WooCommerce <= 2.1.0 - Unauthenticated Stored Cross-Site Scripting via 'alg_wc_cpg_input_fields' Parameter

The Custom Payment Gateways for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'algwccpginputfields' parameter in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS0.00247EPSS
Exploits0References8
CheckPoint Security
CheckPoint Security
added 2026/06/07 12:0 a.m.31 views

CVE-2026-50752 - VPN site to site certificate bypass vulnerability in deprecated IKEv1 key exchange

Symptoms - A vulnerability in the certificate validation logic of the deprecated IKEv1 key exchange method may lead to a man-in-the-middle attack on the VPN site-to-site configuration. This vulnerability was discovered by Check Point security research team. There are no reported exploits of this...

7.4CVSS6.1AI score0.04859EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.9 views

CVE-2025-69606

Cross-Site Scripting XSS vulnerability was discovered in the GSVoIP web panel version 2.0.90. The msg parameter in the /painel/gateways.php/error endpoint does not properly sanitize user-supplied input, allowing attackers to inject arbitrary JavaScript into the HTML response. A remote attacker ca...

6.1CVSS5.6AI score0.00354EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.8 views

MBS多款产品 安全漏洞

MBS Single-A and other products are a series of industrial communication gateways developed by the German company MBS. Several MBS products have security vulnerabilities; these vulnerabilities stem from a stack buffer overflow in dali-devconfig, which could allow remote attackers to gain full...

8.8CVSS5.9AI score0.00456EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.7 views

MBS多款产品 安全漏洞

MBS Single-A and other products are a series of industrial communication gateways developed by the German company MBS. Several MBS products have security vulnerabilities; these vulnerabilities stem from insufficient validation of user-controlled inputs through the ugw-restoreinfo method, which...

8.1CVSS5.5AI score0.0037EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.8 views

MBS多款产品 安全漏洞

MBS Single-A and other products are a series of industrial communication gateways developed by the German company MBS. Several MBS products have security vulnerabilities; these vulnerabilities stem from insufficient validation of user-controlled inputs using the ugw-restore method, which could...

8.1CVSS5.5AI score0.0037EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.7 views

MBS多款产品 安全漏洞

MBS Single-A and other products are a series of industrial communication gateways developed by the German company MBS. Several MBS products have security vulnerabilities. These vulnerabilities stem from insufficient validation of user-controlled inputs using the ugw-logstop method, which could...

8.1CVSS5.5AI score0.0037EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/31 9:0 p.m.5 views

Malicious Package

Overview @cloudplatform-single-spa/svp-gateways is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...

9.8CVSS5.9AI score
Exploits0References2
OSV
OSV
added 2026/05/25 12:3 p.m.12 views

MAL-2026-4350 Malicious code in clobprice.api (npm)

A campaign of npm packages sharing a common dropper clob.js that downloads and persistently installs a Windows executable from IPFS on postinstall. The dropper fetches the binary from IPFS CID bafybeif3zkapj364ofnrvbty7oj5h5ufpxlp4s62usk3ulxrru35e3gssa via multiple public gateways Pinata,...

5.8AI score
Exploits0References3
Microsoft Secure
Microsoft Secure
added 2026/05/22 4:53 p.m.15 views

From edge appliance to enterprise compromise: Multi-stage Linux intrusion via F5 and Confluence

In this article 1. Attack chain overview 1. Initial access: Exploiting edge appliances 2. Discovery and reconnaissance 3. Lateral movement and identity compromise 2. Mitigation and protection guidance 1. Microsoft Defender XDR detections 2. Advanced hunting 3. Indicators of compromise IOC 4. MITR...

8.8CVSS8AI score0.64987EPSS
Exploits6
CheckPoint Security
CheckPoint Security
added 2026/05/20 12:0 a.m.19 views

CVE-2026-48132 - VPN service may restart unexpectedly when processing IKE traffic over NAT-T 4500/UDP

Symptoms - The Security Gateway does not correctly validate a length value in certain IKE packets when NAT-T is used 4500/UDP. As a result, a specially crafted or malformed packet can cause the VPN processing service to terminate unexpectedly, leading to denial of service temporary interruption o...

8.1CVSS5.4AI score0.02139EPSS
Exploits0
NVD
NVD
added 2026/05/05 4:16 p.m.17 views

CVE-2026-31196

OS command injection vulnerability in the traceroute diagnostic handler in /bin/httpdclientside in ALTICE LABS / SFR France GR140DG Fibre Router with firmware 3GN8020801R13, 3GN8020802R0A, or 3GN8020803R0A inserts unsanitized user input into a system call, allowing authenticated remote attackers ...

8.8CVSS0.01275EPSS
Exploits0References3
Rows per page
Query Builder