Lucene search
K

8 matches found

Nuclei
Nuclei
added yesterday23 views

Next.js Middleware - Server-Side Request Forgery

In Next.js prior to versions 14.2.32 and 15.4.7, when request headerswere insecurely passed to NextResponse.next, an attacker could exploit this behavior to perform Server-Side Request Forgery SSRF attacks. id: CVE-2025-57822 info: name: Next.js Middleware - Server-Side Request Forgery author:...

8.2CVSS6.1AI score0.02328EPSS
Exploits0References3
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-41845

Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection', Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel Salesforce Component. The camel-salesforce producer resolves its operation parameters - the SOQL query, the SOSL search,...

6AI score0.00341EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/10 7:33 a.m.7 views

CVE-2025-66607

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The response header contains an insecure setting. Users could be redirected to malicious sites by an attacker. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN, UNSVRN, HMIWEB,...

6.3CVSS5.3AI score0.00169EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/09 3:9 a.m.31 views

CVE-2025-66607

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The response header contains an insecure setting. Users could be redirected to malicious sites by an attacker. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN, UNSVRN, HMIWEB,...

6.3CVSS0.00169EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:50 a.m.8 views

CVE-2020-10591

An issue was discovered in Walmart Labs Concord before 1.44.0. CORS Access-Control-Allow-Origin headers have a potentially unsafe dependency on Origin headers, and are not configurable. This allows remote attackers to discover host information, nodes, API metadata, and references to usernames via...

7.5CVSS6.9AI score0.01999EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/11/30 2:16 p.m.149 views

CyberSecurityProject

CyberSecurityProject This project...

7.7AI score
Exploits0
OSV
OSV
added 2025/01/22 5:20 p.m.11 views

CVE-2025-23047 Cilium vulnerable to information leakage via insecure default Hubble UI CORS header

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An insecure default Access-Control-Allow-Origin header value could lead to sensitive data exposure for users of Cilium versions 1.14.0 through 1.14.7, 1.15.0 through 1.15.11, and 1.16.0 through 1.16.4 who...

6.5CVSS6.5AI score0.00481EPSS
Exploits0References4
Veracode
Veracode
added 2017/09/29 8:21 a.m.9 views

Cross-Site Scripting (XSS)

airflow is vulnerable to cross-site scripting XSS attacks. These attacks are possible through the insecure headers endpoint, allowing the attacker to get the authproxy cookie to use for authentication to other internal services...

5.9AI score
Exploits0
Rows per page
Query Builder