Lucene search
K

5 matches found

CVE
CVE
added 2026/06/17 9:48 p.m.28 views

CVE-2026-12566

The CVE describes a vulnerability in the docker_pull module where the realm parameter from a Docker registry’s WWW-Authenticate header is used as the authentication endpoint without validation. This enables a man-in-the-middle between bb ot and a Docker registry to alter the header and redirect t...

3.1CVSS5.5AI score0.00167EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/03/27 1:47 p.m.3 views

CVE-2026-32695

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 3.6.11 and 3.7.0-ea.2, Traefik's Knative provider builds router rules by interpolating user-controlled values into backtick-delimited rule expressions without escaping. In live cluster validation, Knative rules.hosts was...

7.7CVSS5.9AI score0.00463EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/10/05 12:0 a.m.5 views

PT-2025-40795

Name of the Vulnerable Software and Affected Versions Zytec Dalian Zhuoyun Technology Central Authentication Service version 3 Description A security issue exists in Zytec Dalian Zhuoyun Technology Central Authentication Service version 3 related to the HTTP Header Handler component. The issue...

7.5CVSS7.3AI score0.0044EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/05/15 1:5 p.m.8 views

xdg-utils: improper parse of mailto URIs allows bypass of Thunderbird security mechanism for attachments

When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attac...

7.4CVSS5.8AI score0.00652EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/02/22 12:0 a.m.6 views

EC-CUBE 安全漏洞

Ec-cube is an open source e-commerce system from the Japanese company Ec-cube. A security vulnerability exists in EC-CUBE due to the application improperly handling HTTP Host header values. A remote attacker could exploit this vulnerability to send an email with a forged redistribution password U...

5.3CVSS5.3AI score0.01138EPSS
Exploits0References5
Rows per page
Query Builder