Lucene search
K

6 matches found

CVE
CVE
added 2026/06/17 5:57 p.m.146 views

CVE-2026-53869

CVE-2026-53869 : Hermes Agent prior to 0.16.0 has a DNS rebinding vulnerability in WebSocket endpoints that allows remote attackers to bypass Host and Origin validation. The FastAPI HTTP middleware is not executed for WebSocket upgrade requests on /api/pty, /api/ws, /api/pub, and /api/events, ena...

8.7CVSS5.6AI score0.006EPSS
Exploits0References5
Snyk
Snyk
added 2026/06/15 5:39 p.m.8 views

Unintended Proxy or Intermediary ('Confused Deputy')

Overview org.webjars.npm:webpack-dev-server is an Uses webpack with a development server that provides live reloading. It should be used for development only. Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' via permissive user proxy...

7.1CVSS5.9AI score0.00163EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/06 6:22 a.m.8 views

CVE-2026-35253

Vulnerability in the Oracle Macoron Tool product of Oracle Open Source Projects. The supported versions that is affected is v0.22.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Macaron Tool. Successful attacks of this...

4.7CVSS5.8AI score0.00147EPSS
Exploits0References1
OSV
OSV
added 2024/10/25 7:29 p.m.17 views

GHSA-6CF5-W9H3-4RQV Denied Host Validation Bypass in Zitadel Actions

Summary A flaw in the URL validation mechanism of Zitadel actions allows bypassing restrictions intended to block requests to localhost 127.0.0.1. The isHostBlocked check, designed to prevent such requests, can be circumvented by creating a DNS record that resolves to 127.0.0.1. This enables...

5.9CVSS6.5AI score0.00643EPSS
Exploits1References10
Vulnrichment
Vulnrichment
added 2024/10/25 2:11 p.m.20 views

CVE-2024-49753 Denied Host Validation Bypass in Zitadel Actions

Zitadel is open-source identity infrastructure software. Versions prior to 2.64.1, 2.63.6, 2.62.8, 2.61.4, 2.60.4, 2.59.5, and 2.58.7 have a flaw in the URL validation mechanism of Zitadel actions allows bypassing restrictions intended to block requests to localhost 127.0.0.1. The isHostBlocked...

5.9CVSS6.7AI score0.00643EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2023/12/14 7:1 p.m.3 views

keycloak: redirect_uri validation bypass

A flaw was found in the redirecturi validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users...

7.1CVSS5.7AI score0.0095EPSS
Exploits0References4
Rows per page
Query Builder