Lucene search
K

7704 matches found

NVD
NVD
added 2026/06/22 2:17 p.m.15 views

CVE-2026-56425

The Azure Active Directory AAD authentication implementation contained multiple weaknesses in its OAuth 2.0 authorization flow that could allow attackers to bypass important security guarantees provided by the protocol. The application used the PHP session identifier sessionid as the OAuth state...

9.3CVSS0.00258EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 12:25 p.m.11 views

EUVD-2026-38228

The Azure Active Directory AAD authentication implementation contained multiple weaknesses in its OAuth 2.0 authorization flow that could allow attackers to bypass important security guarantees provided by the protocol. The application used the PHP session identifier sessionid as the OAuth state...

9.3CVSS5.9AI score0.00258EPSS
Exploits0References1
OSV
OSV
added 2026/06/22 12:0 p.m.5 views

MAL-2026-6310 Malicious code in @petitcode/eb-retry (npm)

@petitcode/eb-retry malicious version 1.3.5, published by [email protected] is a trojanized npm package belonging to the wshu.net credential-stealer campaign. The campaign published trojanized look-alike utility packages across 12+ scopes whose publisher accounts all follow the pattern...

6AI score
Exploits0References6
NVD
NVD
added 2026/06/22 8:17 a.m.14 views

CVE-2026-54665

Apache NiFi 0.0.1 through 2.9.0 support building qualified URLs from one of several HTTP request headers that provide an alternative to the standard Host header without validating the values provided. Apache NiFi 1.6.0 introduced a configurable application property to restrict values provided in...

6.3CVSS0.00268EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/22 7:34 a.m.10 views

EUVD-2026-38216

Apache NiFi 0.0.1 through 2.9.0 support building qualified URLs from one of several HTTP request headers that provide an alternative to the standard Host header without validating the values provided. Apache NiFi 1.6.0 introduced a configurable application property to restrict values provided in...

6.3CVSS5.9AI score0.00268EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 7:34 a.m.18 views

CVE-2026-54665

Apache NiFi (versions 0.0.1–2.9.0) is affected by an input-validation flaw where URL redirection/data references can be influenced by non-standard host headers. NiFi 1.6.0 added a proxy-host header validation mechanism, but validation was not applied to alternative headers (X-ProxyHost, X-Forward...

6.3CVSS5.9AI score0.00268EPSS
Exploits0References2Affected Software1
Circl
Circl
added 2026/06/21 3:59 a.m.8 views

CVE-2026-12770

creationtimestamp| type| source ---|---|--- 2026-06-21 03:59:42+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3morib5g34w2r...

8.8CVSS5.8AI score0.00337EPSS
Exploits1References1
Circl
Circl
added 2026/06/20 9:37 a.m.10 views

CVE-2023-33190

creationtimestamp| type| source ---|---|--- 2026-06-20 09:37:06+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mopknjoa4c25...

9.9CVSS5.8AI score0.00706EPSS
Exploits0References1
OSV
OSV
added 2026/06/20 6:53 a.m.2 views

SUSE-SU-2026:22198-1 Security update for bind

This update for bind fixes the following issues Upgrade to release 9.20.23: - CVE-2026-3039: BIND 9 server memory exhaustion during GSS-API TKEY negotiation bsc1265591. - CVE-2026-3592: Amplification vulnerabilities via self-pointed glue records bsc1265592. - CVE-2026-3593: Heap use-after-free...

9.8CVSS5.8AI score0.01844EPSS
Exploits1References13
OSV
OSV
added 2026/06/19 2:17 p.m.5 views

GHSA-WPWQ-4J6V-78M3 guzzlehttp/guzzle: Silent HTTPS-Proxy Downgrade to Cleartext

Impact The built-in cURL handlers GuzzleHttp\Handler\CurlHandler and GuzzleHttp\Handler\CurlMultiHandler, used by default whenever the PHP cURL extension is available accept an https:// proxy — a proxy reached over a TLS-encrypted connection — through the proxy request option, client-level proxy...

5.9CVSS5.9AI score0.00106EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.20 views

Astra Linux – Vulnerability in busybox

Busybox contains a vulnerability related to SSL certificate validation. This vulnerability exists in the “busybox wget” applet, and it can lead to the execution of arbitrary code. This vulnerability appears to be exploitable by simply downloading any file over an HTTPS connection using “busybox...

8.1CVSS7AI score0.02462EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Firefox

If an attacker needed a user to load an insecure http: page and knew that the user had enabled HTTPS-only mode, the attacker could trick the user into clicking to grant an HTTPS-only exception, provided they could get the user to participate in a clicking game. This vulnerability affects Firefox...

6.5CVSS6.6AI score0.0049EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in requests

Requests is an HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This issue arises due to the way we use rebuildproxies to reattach the Proxy-Authorization header to requests. For HTTP connections...

6.1CVSS6.2AI score0.02782EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/19 12:0 a.m.7 views

Oracle Enterprise Manager Cloud Control (June 2026 CSPU)

The 13.5 and 24.1 versions of Enterprise Manager Base Platform installed on the remote host are affected by multiple vulnerabilities as referenced in the June 2026 CSPU advisory. - Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Target...

9.9CVSS6.7AI score0.0086EPSS
Exploits1References22
Tenable Nessus
Tenable Nessus
added 2026/06/19 12:0 a.m.11 views

Oracle Coherence (June 2026 CPU)

The 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0, and 15.1.1.0.0 versions of Coherence installed on the remote host are affected by multiple vulnerabilities as referenced in the June 2026 CPU advisory. - Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware component: Core. Supported...

10CVSS6AI score0.00483EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/17 11:25 p.m.10 views

CVE-2026-6734

A flaw was found in undici. When using Socks5ProxyAgent, undici incorrectly reuses a single connection pool across different origins. This can lead to cross-origin request routing, where sensitive credentials and data intended for one destination are sent to another. Consequently, responses from...

8.8CVSS7AI score0.00323EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/17 11:20 p.m.13 views

CVE-2026-9697

A flaw was found in undici. When undici's ProxyAgent is configured with a SOCKS5 proxy Uniform Resource Identifier URI, it silently ignores Transport Layer Security TLS options, such as custom Certificate Authorities CAs. This allows a remote attacker to perform a Man-in-the-Middle MITM attack,...

7.4CVSS6.8AI score0.00459EPSS
Exploits0References5
Circl
Circl
added 2026/06/17 9:15 p.m.5 views

CVE-2025-36220

creationtimestamp| type| source ---|---|--- 2026-06-17 21:15:25+00:00| seen| https://bsky.app/profile/securitycyberuk.bsky.social/post/3mojabhsgt52t...

9.8CVSS5AI score0.0031EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/17 6:21 p.m.8 views

Origin Validation Error

Overview undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Origin Validation Error in the Socks5ProxyAgent. An attacker can intercept or redirect sensitive data, including credentials and request payloads, to unintended origins b...

8.8CVSS6.4AI score0.00323EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 10:54 a.m.10 views

CVE-2026-46872

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Install. Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTPS to compromise Oracle...

9CVSS0.00277EPSS
Exploits0References1
Rows per page
Query Builder