Lucene search
K

2855 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/08 2:40 p.m.9 views

CVE-2026-41574

Nhost is an open source Firebase alternative with GraphQL. Prior to version 0.49.1, Nhost automatically links an incoming OAuth identity to an existing Nhost account when the email addresses match. This is only safe when the email has been verified by the OAuth provider. Nhost's controller trusts...

9.3CVSS5.8AI score0.00809EPSS
Exploits1References5Affected Software1
Snyk
Snyk
added 2026/05/07 6:30 p.m.10 views

Prototype Pollution

Overview parse-ini is a Parse ini file to get the content and variables of the ini file as node object. Affected versions of this package are vulnerable to Prototype Pollution via the index.js file. An attacker can manipulate object properties and potentially execute arbitrary code or alter...

9.8CVSS6.5AI score0.00416EPSS
Exploits0References2
OSV
OSV
added 2026/05/07 6:23 p.m.5 views

ECHO-A2CB-9FEB-100C From https://github.com/nltk/nltk/pull/3468 (merge commit 1056b32).

Bulletin has no description...

5.7AI score
Exploits0References1
OSV
OSV
added 2026/05/07 5:3 p.m.9 views

CLSA-2026-1778163112 Update of cups

Merge of the Amazon Linux 2 cups package cups-1.6.3-51.amzn2.0.9...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/07 3:11 p.m.7 views

CLSA-2026-1778166693 Update of cups

Merge of the Amazon Linux 2 cups package cups-1.6.3-51.amzn2.0.9...

5.8AI score
Exploits0References1
Snyk
Snyk
added 2026/05/07 12:59 a.m.6 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the stampExpression and watermarkExpression parameters in the merge, split, and convert routes. An attacker can access the contents of arbitrary PDF files on the server by supplying a path to a...

6.9CVSS5.9AI score0.00311EPSS
Exploits1References3
Snyk
Snyk
added 2026/05/07 12:59 a.m.4 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the stampExpression and watermarkExpression parameters in the merge, split, and convert routes. An attacker can access the contents of arbitrary PDF files on the server by supplying a path to a...

6.9CVSS5.9AI score0.00311EPSS
Exploits1References3
Snyk
Snyk
added 2026/05/07 12:59 a.m.6 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the stampExpression and watermarkExpression parameters in the merge, split, and convert routes. An attacker can access the contents of arbitrary PDF files on the server by supplying a path to a...

6.9CVSS5.9AI score0.00311EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/05/07 12:59 a.m.8 views

Gotenberg has arbitrary PDF read via stampExpression and watermarkExpression in merge, split, and convert routes

Summary Six conversion routes pdfengines/merge, pdfengines/split, libreoffice/convert, chromium/convert/url, chromium/convert/html, chromium/convert/markdown accept stampSource=pdf + stampExpression=/path and watermarkSource=pdf + watermarkExpression=/path from anonymous callers. The dedicated...

5.3CVSS5.9AI score0.00311EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/06 8:22 p.m.14 views

CVE-2026-42077

Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a prototype pollution vulnerability in the mailbox store module allows attackers to modify the behavior of all JavaScript objects by injecting malicious properties into Object.prototype. The vulnerability exists...

5.2CVSS5.7AI score0.00109EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/05 12:26 a.m.11 views

Axios: Prototype Pollution Gadgets - Response Tampering, Data Exfiltration, and Request Hijacking

Summary When Object.prototype has been polluted by any co-dependency with keys that axios reads without a hasOwnProperty guard, an attacker can a silently intercept and modify every JSON response before the application sees it, or b fully hijack the underlying HTTP transport, gaining access to...

7.4CVSS6.9AI score0.00838EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/05/05 12:21 a.m.5 views

EUVD-2026-25606

Axios: Authentication Bypass via Prototype Pollution Gadget in validateStatus Merge Strategy...

6.5CVSS5.8AI score0.00611EPSS
Exploits1References2
OSV
OSV
added 2026/05/05 12:21 a.m.3 views

GHSA-W9J2-PVGH-6H63 Axios: Authentication Bypass via Prototype Pollution Gadget in `validateStatus` Merge Strategy

Vulnerability Disclosure: Authentication Bypass via Prototype Pollution Gadget in validateStatus Merge Strategy Summary The Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution to silently suppress all HTTP error responses 401, 403, 500,...

4.8CVSS5.9AI score0.00611EPSS
Exploits1References3
Patchstack
Patchstack
added 2026/05/05 12:21 a.m.9 views

NPM: Axios: Authentication Bypass via Prototype Pollution Gadget in `validateStatus` Merge Strategy

NPM: Axios: Authentication Bypass via Prototype Pollution Gadget in validateStatus Merge Strategy vulnerability discovered by ? in WordPress Npm axios versions = 0.31.0...

6.5CVSS5.8AI score0.00611EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 12:21 a.m.14 views

Axios: Authentication Bypass via Prototype Pollution Gadget in `validateStatus` Merge Strategy

Vulnerability Disclosure: Authentication Bypass via Prototype Pollution Gadget in validateStatus Merge Strategy Summary The Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution to silently suppress all HTTP error responses 401, 403, 500,...

8.2CVSS5.9AI score0.00611EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/05/04 10:28 p.m.6 views

GHSA-G27R-R6PH-VF5R sequoia-git has broken hard revocation handling

Before sq-git checks if a commit can be authenticated, it first looks for hard revocations. Because parsing a policy is expensive and a project's policy rarely changes, sq-git has an optimization to only check a policy if it hasn't checked it before. It does this by maintaining a set of policies...

1.8CVSS5.8AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/04 10:28 p.m.10 views

sequoia-git has broken hard revocation handling

Before sq-git checks if a commit can be authenticated, it first looks for hard revocations. Because parsing a policy is expensive and a project's policy rarely changes, sq-git has an optimization to only check a policy if it hasn't checked it before. It does this by maintaining a set of policies...

5.8AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 8:11 p.m.10 views

Argo has incomplete fix for CVE-2026-31892: hostNetwork, securityContext, serviceAccountName bypass templateReferencing Strict/Secure

The fix for CVE-2026-31892 commit 534f4ff blocks podSpecPatch when templateReferencing: Strict is active, but doesn't restrict other WorkflowSpec fields that flow through the same merge path and get applied to pods. A user can set hostNetwork: true, override serviceAccountName, or change...

9.9CVSS7.3AI score0.00424EPSS
Exploits2References8Affected Software2
Snyk
Snyk
added 2026/05/04 10:26 a.m.6 views

Improper Handling of Length Parameter Inconsistency

Overview Affected versions of this package are vulnerable to Improper Handling of Length Parameter Inconsistency in the mergehandshakepacket process. An attacker can cause application crashes or memory corruption by sending crafted DTLS handshake fragments with inconsistent messagelength values,...

8.7CVSS6AI score0.01263EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.11 views

PT-2026-37357

Before sq-git checks if a commit can be authenticated, it first looks for hard revocations. Because parsing a policy is expensive and a project's policy rarely changes, sq-git has an optimization to only check a policy if it hasn't checked it before. It does this by maintaining a set of policies...

1.8CVSS5.8AI score
Exploits0References4
Rows per page
Query Builder