Lucene search
K

18020 matches found

Spring Security Advisories
Spring Security Advisories
added 2026/06/10 12:0 a.m.6 views

CVE-2026-41700: Cross-Site WebSocket Hijacking in Spring for GraphQL

Spring for GraphQL applications that have enabled the WebSocket transport are vulnerable to Cross-Site WebSocket Hijacking. More precisely, an application is vulnerable when all the following are true: When all the conditions above are met, an attacker can trick an authenticated user into visitin...

8.1CVSS6AI score0.00182EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.5 views

EulerOS 2.0 SP13 : libsoup (EulerOS-SA-2026-2341)

According to the versions of the libsoup packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in...

8.2CVSS5.6AI score0.00254EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.6 views

EulerOS 2.0 SP13 : libsoup (EulerOS-SA-2026-2298)

According to the versions of the libsoup packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in...

8.2CVSS5.6AI score0.00254EPSS
Exploits1References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 6:3 p.m.12 views

Malicious code in fhirproxy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 96e092973bad8e995bdec34000e45943e0be59996e84f181ee4bee9cd423f8eb [email protected] is a thin loader package whose only behavior is to pull and execute the dependency fhirproxy-utils. package.json declares both...

5.9AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 5:13 p.m.7 views

CVE-2026-34691 Adobe Experience Manager Forms JEE | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when th...

9.3CVSS5.4AI score0.00243EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/09 8:57 a.m.12 views

libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment

A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential...

8.2CVSS5.5AI score0.00254EPSS
Exploits1References5
Packet Storm News
Packet Storm News
added 2026/06/09 12:0 a.m.5 views

Toward Secure LLM Agents: Threat Surfaces, Attacks, Defenses, and Evaluation

Large language model LLM agents are rapidly moving from conversational interfaces to software components that plan, invoke tools, maintain memory, and act on external environments. This transition changes the nature of security risk. In agentic settings, failures are no longer limited to unsafe...

5.5AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.12 views

PT-2026-47650

Name of the Vulnerable Software and Affected Versions Spring Framework versions 7.0.0 through 7.0.7 Spring Framework versions 6.2.0 through 6.2.18 Spring Framework versions 6.1.0 through 6.1.27 Spring Framework versions 5.3.0 through 5.3.48 Description A WebFlux application with a compromised...

4.2CVSS5.6AI score0.00197EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.16 views

FreeSWITCH 授权问题漏洞

FreeSWITCH is a free and open-source communication software developed by Anthony Minessale, an individual developer from the United States. This software can be used to create audio, video, and short message-based products and applications. Prior to FreeSWITCH version 1.11.1, there was an...

5.3CVSS5.4AI score0.00284EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/08 2:32 a.m.12 views

libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment

A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential...

8.2CVSS5.5AI score0.00254EPSS
Exploits1References5
Packet Storm News
Packet Storm News
added 2026/06/08 12:0 a.m.14 views

Customization under Fire: Plugin Poisoning in Text-To-Image Ecosystem

The prosperity of text-to-image T2I models has fostered a vibrant share-and-play ecosystem centered on Low-Rank Adaptation LoRA plugins, which allow users to customize and share model capabilities with ease. This democratization, however, comes with a hidden but severe security risk. Malicious...

5.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.10 views

CVE-2026-30963

Capsule is a multi-tenancy and policy-based framework for Kubernetes. To defend against namespace hijacking achieved through update/patch operations on namespaces, Capsule uses a webhook to validate update requests targeting namespaces. However, in Kubernetes, the namespace/finalize and...

3.9CVSS5.5AI score0.00202EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.8 views

CVE-2026-36574

A DLL hijacking vulnerability in Wassimulator GitHub CactusViewer v2.3.0 allows attackers to escalate privileges and execute arbitrary code via a crafted DLL...

7.8CVSS5.9AI score0.00137EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:43 p.m.10 views

CVE-2026-8496

A cross-site scripting XSS vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript execution within the authenticated SOGo webmail session. The issue occurs because SVG content embedded in the description field of an ICS...

6.1CVSS5.7AI score0.00283EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:42 p.m.9 views

CVE-2025-6024

The authentication endpoint fails to encode user-supplied input before rendering it in the web page, allowing for script injection. An attacker can leverage this by injecting malicious scripts into the authentication endpoint. This can result in the user's browser being redirected to a malicious...

6.1CVSS5.5AI score0.0023EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.6 views

CVE-2025-8154

In Webhook API invocations, the component accepts user-supplied input for HTTP request headers without sufficient validation or sanitization, allowing these headers to be injected into HTTP responses. By exploiting this vulnerability, a malicious actor can inject or overwrite arbitrary HTTP...

7.5CVSS5.5AI score0.00186EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.10 views

CVE-2026-25852

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP Windows before build 9.0.93212...

6.7CVSS6.6AI score0.0009EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:38 p.m.6 views

CVE-2026-34246

CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contain a Stored Cross-Site Scripting XSS vulnerability exists in the admin role management interface. In app/Http/Controllers/Admin/RoleController.php, the datatable method interpolates $role-name and...

4.8CVSS5.4AI score0.00216EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:38 p.m.12 views

CVE-2026-34403

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.5, all WebSocket endpoints in nginx-ui use a gorilla/websocket Upgrader with CheckOrigin unconditionally returning true, allowing Cross-Site WebSocket Hijacking CSWSH. Combined with the fact that authentication tokens...

8.1CVSS5.5AI score0.00176EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.8 views

CVE-2026-1636

A potential DLL hijacking vulnerability was reported in Lenovo Service Bridge that, under certain conditions, could allow a local authenticated user to execute code with elevated privileges...

6.7CVSS5.7AI score0.00126EPSS
Exploits0References1
Rows per page
Query Builder