Lucene search
K

289 matches found

NVD
NVD
added 3 days ago7 views

CVE-2026-59208

n8n is an open source workflow automation platform. Prior to 2.27.4 and from 2.28.0 prior to 2.28.1, n8n instances configured with more than one trusted token-exchange issuer resolved external identities to local accounts using only the JWT sub claim and ignored the iss claim, allowing an attacke...

7.6CVSS0.00143EPSS
Exploits0References3
Cvelist
Cvelist
added 3 days ago33 views

CVE-2026-47840 LDAP StartTLS unconditionally disables hostname verification

A network attacker positioned between UAA and its LDAP directory can impersonate the directory using any certificate from any trusted CA, then harvest the LDAP bind password and every end-user password sent during simple-bind authentication, and return forged group memberships that grant themselv...

9.3CVSS0.00132EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago6 views

Malicious code in express-mongo-limit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f17b459e01affe3f0cc1640da6fcc4e1db9cdf3b7379caa6e6865747ce71a60 The package advertises itself as an Express/Mongo payload sanitizer but its postinstall hook node index.js globally installs pm2, clipboardy, and...

6.1AI score
Exploits0References6
NVD
NVD
added 2026/07/02 10:16 p.m.8 views

CVE-2026-50722

Libreswan, via the function RSAauthenticatehashsignaturepkcs115rsa, did not correctly verify the DER encoding of the ASN.1 digest when the IKEv2 AUTH payload was encoded using RSASSA-PKCS1-v15 RFC 8017. A remote attacker can use a variation on the Bleichenbacher attack to forge the AUTH payload...

8.1CVSS0.00352EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/25 5:46 p.m.31 views

CVE-2026-54089 File Browser: Authentication Bypass via Proxy Auth Header Forgery

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Starting with 2.0.0-rc.1, when FileBrowser is configured with proxy authentication auth.method=proxy, any unauthenticated attacker who can reach the server...

9.1CVSS0.00337EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/24 3:34 a.m.32 views

CVE-2026-12488 GeoVision GV-VMS V20 GV-Cloud memory corruption vulnerability

A memory corruption vulnerability exists in the GV-Cloud functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted network request can lead to a denial of service. An attacker can impersonate the legitimate server to trigger this vulnerability...

6.2CVSS0.00197EPSS
Exploits0References2
NVD
NVD
added 2026/06/22 4:16 p.m.11 views

CVE-2026-8858

IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to remote code execution and denial of service in the WebSphere Web Server Plug-in component. This vulnerability can be exploited when an attacker impersonates the application server and sends crafted...

8.8CVSS0.0026EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 2:16 p.m.7 views

EUVD-2026-38284

IBM i 7.6, 7.5, 7.4, and 7.3, IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to remote code execution and denial of service in the WebSphere Web Server Plug-in component. This vulnerability can be exploited when an attacker impersonates the applicatio...

7.5CVSS6.5AI score0.0026EPSS
Exploits0References1
OSV
OSV
added 2026/06/22 12:0 p.m.5 views

MAL-2026-6310 Malicious code in @petitcode/eb-retry (npm)

@petitcode/eb-retry malicious version 1.3.5, published by [email protected] is a trojanized npm package belonging to the wshu.net credential-stealer campaign. The campaign published trojanized look-alike utility packages across 12+ scopes whose publisher accounts all follow the pattern...

6AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.9 views

PT-2026-51346

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server affected versions not specified IBM WebSphere Application Server Liberty affected versions not specified IBM i versions 7.3 through 7.6 Description The WebSphere Web Server Plug-in component is susceptible to...

8.8CVSS6.4AI score0.0026EPSS
Exploits0References3
OSV
OSV
added 2026/06/19 8:47 p.m.6 views

GHSA-GQV6-PWCG-87R8 CoreWCF: XML Signature Wrapping in WS-Security endorsing/supporting signature verification allows replay of captured signed messages

Impact The attacker, with one captured signed SOAP envelope from a victim and no other privileges, can invoke arbitrary operations on the service as the victim principal for the lifetime of the captured signing key. There is no rate limit on replays. The DetectReplays setting on transport-securit...

7.4CVSS6AI score0.00143EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.14 views

PT-2026-51079

Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.8.1 CoreWCF versions prior to 1.9.1 Description SAML 1.1 and SAML 2.0 token validation fails to correctly resolve the issuer signing key or enforce signed tokens when IdentityConfiguration is used with federated...

10CVSS6AI score0.00246EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.18 views

PT-2026-50711

Name of the Vulnerable Software and Affected Versions Webmin versions prior to 2.641 Description The Webmin HTTP server miniserv.pl improperly trusts a client-supplied HTTP header for SSL client certificate identity. This allows unauthenticated remote attackers to spoof certificate distinguished...

9.2CVSS6AI score0.00285EPSS
Exploits0References10
OSV
OSV
added 2026/06/12 8:43 a.m.7 views

BIT-JENKINS-2026-53435

In Jenkins 2.567 and earlier, LTS 2.555.2 and earlier, it is possible for attackers to have Jenkins deserialize arbitrary types defined in Jenkins core or plugins from an attacker-controlled config.xml submission in a way that allows them to handle HTTP requests afterwards. This can be used to...

8.8CVSS5.5AI score0.14907EPSS
Exploits2References5
OSV
OSV
added 2026/06/10 6:46 p.m.16 views

MAL-2026-5526 Malicious code in chai-check-error (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e290b42de2cbd4aa74afa6550fc9a0381dfcb0f6996dcdc22254268b391f9f8 [email protected] impersonates the legitimate chaijs/check-error utility copied README, author metadata, repository URL, and exported API surfac...

5.6AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 8:34 p.m.17 views

Malicious code in mcp-server-sequential-thinking (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 211672c16839ae6cd4e9f10810163da536480f07938b2d51c50ecbbb9f5e90ed Unscoped package impersonating the official @modelcontextprotocol/server-sequential-thinking MCP server. package.json declares postinstall: 'node...

5.5AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/09 5:5 p.m.8 views

CVE-2026-47641 Microsoft SharePoint Server Spoofing Vulnerability

...

4.6CVSS7.1AI score0.00505EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.15 views

Linux Distros Unpatched Vulnerability : CVE-2026-44393

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenStack oslo.messaging 1.0.0 through 17.3.0. The oslo.messaging RabbitMQ driver does not perform TLS hostname verification when...

7.4CVSS5.9AI score0.0016EPSS
Exploits0References3
OSV
OSV
added 2026/06/01 8:0 a.m.9 views

MAL-2026-5155 Malicious code in @ownit/core (npm)

Dependency confusion attack campaign targeting Scandinavian telecommunications and digital services organizations Telenor, Ownit, Vimla, and Customer 360 / C360. Four packages published by the debating0166 npm account use inflated version numbers 99.0.x to win npm registry resolution over private...

5.8AI score
Exploits0
OSV
OSV
added 2026/06/01 8:0 a.m.10 views

MAL-2026-5157 Malicious code in @tse-digital/core (npm)

Dependency confusion attack campaign targeting Scandinavian telecommunications and digital services organizations Telenor, Ownit, Vimla, and Customer 360 / C360. Four packages published by the debating0166 npm account use inflated version numbers 99.0.x to win npm registry resolution over private...

5.8AI score
Exploits0
Rows per page
Query Builder