Lucene search
K

18018 matches found

EUVD
EUVD
added 2026/06/11 2:44 p.m.8 views

EUVD-2026-36252

IBM DevOps Plan 3.0.0 through 3.0.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking...

6.5CVSS5.3AI score0.00149EPSS
Exploits0References1
CVE
CVE
added 2026/06/11 2:44 p.m.23 views

CVE-2026-4096

Summary of CVE-2026-4096 (IBM DevOps Plan) IBM DevOps Plan versions 3.0.0 to 3.0.6 are affected by an HTTP header injection vulnerability caused by improper validation of the Host header. This can enable attacker-driven attacks such as cross-site scripting, cache poisoning, or session hijacking a...

6.5CVSS5.3AI score0.00149EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/11 7:16 a.m.11 views

CVE-2026-41700

Spring for GraphQL applications that have enabled the WebSocket transport are vulnerable to Cross-Site WebSocket Hijacking. An attacker can trick an authenticated user into visiting a malicious page, allowing the attacker to execute arbitrary GraphQL operations with the victim's credentials...

8.1CVSS0.00182EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/11 5:4 a.m.26 views

CVE-2026-41700 Cross-Site WebSocket Hijacking in Spring for GraphQL

Spring for GraphQL applications that have enabled the WebSocket transport are vulnerable to Cross-Site WebSocket Hijacking. An attacker can trick an authenticated user into visiting a malicious page, allowing the attacker to execute arbitrary GraphQL operations with the victim's credentials...

8.1CVSS0.00182EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/11 5:4 a.m.10 views

EUVD-2026-36213

Spring for GraphQL applications that have enabled the WebSocket transport are vulnerable to Cross-Site WebSocket Hijacking. An attacker can trick an authenticated user into visiting a malicious page, allowing the attacker to execute arbitrary GraphQL operations with the victim's credentials...

8.1CVSS5.9AI score0.00182EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/11 5:4 a.m.9 views

CVE-2026-41700 Cross-Site WebSocket Hijacking in Spring for GraphQL

Spring for GraphQL applications that have enabled the WebSocket transport are vulnerable to Cross-Site WebSocket Hijacking. An attacker can trick an authenticated user into visiting a malicious page, allowing the attacker to execute arbitrary GraphQL operations with the victim's credentials...

8.1CVSS5.9AI score0.00182EPSS
Exploits0References1
CVE
CVE
added 2026/06/11 5:4 a.m.40 views

CVE-2026-41700

Spring for GraphQL with WebSocket transport is affected by Cross-Site WebSocket Hijacking. Affected versions: Spring for GraphQL 2.0.0–2.0.3; 1.4.0–1.4.5; 1.3.0–1.3.8; 1.0.0–1.0.6. Description confirms the issue: an attacker can lure an authenticated user to a malicious page to execute arbitrary ...

8.1CVSS5.9AI score0.00182EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.12 views

boruta-server 安全漏洞

Boruta-Server is an open-source independent authorization server developed by Malach.it. Versions of Boruta-Server prior to 0.9.1 contained security vulnerabilities. These vulnerabilities stemmed from the lack of the Secure attribute for session cookies and remember-me cookies. In deployments whe...

8.8CVSS5.3AI score0.00259EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.13 views

PT-2026-48672

Name of the Vulnerable Software and Affected Versions IBM DevOps Plan versions 3.0.0 through 3.0.6 Description An issue exists due to improper validation of input within the Host header of HTTP requests. This allows for HTTP header injection, which can be leveraged to perform cross-site scripting...

6.5CVSS5.7AI score0.00149EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

VMware Spring for GraphQL 访问控制错误漏洞

VMware Spring for GraphQL is a GraphQL application development framework provided by the American company VMware. Versions of VMware Spring for GraphQL such as 2.0.0 and earlier, 1.4.0 and earlier, 1.3.0 and earlier, as well as 1.0.0 and earlier, contain an access control vulnerability. This...

8.1CVSS5.7AI score0.00182EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.15 views

PT-2026-48626

Name of the Vulnerable Software and Affected Versions Spring for GraphQL versions 1.0.0 through 1.0.6 Spring for GraphQL versions 1.3.0 through 1.3.8 Spring for GraphQL versions 1.4.0 through 1.4.5 Spring for GraphQL versions 2.0.0 through 2.0.3 Description Applications using the WebSocket...

8.1CVSS5.6AI score0.00182EPSS
Exploits0References8
CVE
CVE
added 2026/06/10 10:11 p.m.17 views

CVE-2026-44693

Pi-hole FTL contains a race condition in the HTTP session management subsystem (global session buffer) introduced with the v6.0 CivetWeb rewrite, allowing unauthenticated session hijacking. It affects versions prior to 6.6.1 and is patched in 6.6.1. CVSS v3.1 is 8.8 (Network, Privileges None, Use...

8.8CVSS5.4AI score0.0023EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/10 10:11 p.m.7 views

CVE-2026-44693 Pi-hole FTL: Unauthenticated Session Hijacking via Race Condition on Global Session Buffer

Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tracker blocker. Prior to version 6.6.1, Pi-hole FTL contains a race condition vulnerability in the HTTP session management subsystem, introduced with the v6.0 rewrite of the embedded CivetWeb-based web server. This iss...

8.8CVSS5.4AI score0.0023EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/10 9:47 p.m.32 views

CVE-2026-46693 ImageMagick: Race Condition in distributed pixel cache server can result in file descriptor hijacking

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can hijack a file descriptor in the server process when a race condition is met. This issue ha...

4.1CVSS0.00077EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.18 views

ImageMagick 竞争条件问题漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It allows for reading, converting, and writing images in various formats. Versions of ImageMagick prior to 6.9.13-48 and 7.1.2-23 contained a race condition vulnerability. This vulnerability stemme...

4.1CVSS5.3AI score0.00077EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.6 views

EulerOS 2.0 SP13 : libsoup (EulerOS-SA-2026-2298)

According to the versions of the libsoup packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in...

8.2CVSS5.6AI score0.00254EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.5 views

EulerOS 2.0 SP13 : libsoup (EulerOS-SA-2026-2341)

According to the versions of the libsoup packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in...

8.2CVSS5.6AI score0.00254EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/10 12:0 a.m.7 views

Origin Validation Error

Overview org.springframework.graphql:spring-graphql is a GraphQL Support for Spring Applications Affected versions of this package are vulnerable to Origin Validation Error via insufficient Origin validation for WebSocket connections. An attacker can perform Cross-Site WebSocket Hijacking CSWSH b...

8.5CVSS5.8AI score0.00182EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.17 views

PT-2026-48375

Name of the Vulnerable Software and Affected Versions ansible.posix affected versions not specified Description A local privilege escalation issue exists in the authorized key module. The keyfile function utilizes os.chown instead of os.lchown and opens files without the O NOFOLLOW flag when...

7.3CVSS5.6AI score0.00127EPSS
Exploits0References7
Spring Security Advisories
Spring Security Advisories
added 2026/06/10 12:0 a.m.6 views

CVE-2026-41700: Cross-Site WebSocket Hijacking in Spring for GraphQL

Spring for GraphQL applications that have enabled the WebSocket transport are vulnerable to Cross-Site WebSocket Hijacking. More precisely, an application is vulnerable when all the following are true: When all the conditions above are met, an attacker can trick an authenticated user into visitin...

8.1CVSS6AI score0.00182EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder