Lucene search
+L

1196 matches found

nuclei
nuclei
added yesterday93 views

Vite Dev Server - Path Traversal in Optimized Deps .map Handling

Vite development server versions prior to 8.0.5, 7.3.2, and 6.4.2 are vulnerable to path traversal through the optimized dependencies sourcemap handler. The dev server's handling of .map requests for optimized dependencies resolves file paths via normalizePathpath.resolveroot, url.slice1 and call...

6.3CVSS6.1AI score0.00914EPSS
Exploits1References3
nvd
nvd
added 2 days ago2 views

CVE-2026-50470

Out-of-bounds read in Windows Network Policy Server SNMP allows an unauthorized attacker to disclose information over a network...

7.5CVSS0.00754EPSS
Exploits0References1
cve
cve
added 2 days ago9 views

CVE-2026-52840

Affected software: Easy!Appointments (self-hosted) prior to 1.6.0. Vulnerability: Server-Side Request Forgery (SSRF) in the CalDAV connection test. In Caldav::connect_to_server (application/controllers/Caldav.php:60), the request’s caldav_url is handed to a Guzzle REPORT call without proper schem...

2.7CVSS6.2AI score0.00186EPSS
Exploits0References2
cvelist
cvelist
added 2 days ago27 views

CVE-2026-52840 Easy!Appointments has server-side request forgery in CalDAV connection test that exposes the deployment's internal network

Easy!Appointments is a self hosted appointment scheduler. In versions prior to 1.6.0, Caldav::connecttoserver at application/controllers/Caldav.php:60 hands the request's caldavurl to a Guzzle REPORT call without scheme or host validation. A logged-in backend user admin, provider, or secretary...

2.7CVSS0.00186EPSS
Exploits0References2
osv
osv
added 2 days ago3 views

CVE-2026-52840 Easy!Appointments has server-side request forgery in CalDAV connection test that exposes the deployment's internal network

Easy!Appointments is a self hosted appointment scheduler. In versions prior to 1.6.0, Caldav::connecttoserver at application/controllers/Caldav.php:60 hands the request's caldavurl to a Guzzle REPORT call without scheme or host validation. A logged-in backend user admin, provider, or secretary...

2.7CVSS6.2AI score0.00186EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2 days ago6 views

PT-2026-58471

Name of the Vulnerable Software and Affected Versions Windows Remote Desktop Protocol affected versions not specified Description An off-by-one error occurs in the Remote Desktop Protocol, which is a protocol used to provide a graphical interface to a remote computer. This flaw allows an...

6.5CVSS6.1AI score0.00887EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2 days ago5 views

PT-2026-58517

Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description An out-of-bounds read in the Remote Desktop Protocol RDP allows an unauthorized attacker to disclose information over a network. This issue can be triggered when a user interacts with a...

6.5CVSS6.1AI score0.00666EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2 days ago11 views

PT-2026-58247

Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network...

6.5CVSS6.1AI score0.00666EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2 days ago6 views

PT-2026-58117

Name of the Vulnerable Software and Affected Versions Windows Event Logging Service affected versions not specified Description A protection mechanism failure in the Windows Event Logging Service allows an authorized attacker to disclose information over a network. Recommendations Install the Jul...

6.5CVSS6.1AI score0.00714EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2 days ago4 views

PT-2026-58558

Name of the Vulnerable Software and Affected Versions Microsoft Office Excel affected versions not specified Description An out-of-bounds read issue exists that allows an unauthorized attacker to disclose information over a network. An out-of-bounds read occurs when the software reads data past t...

6.5CVSS6.1AI score0.00637EPSS
Exploits0References5
nvd
nvd
added 6 days ago7 views

CVE-2026-55883

Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.24.0 through 0.37.3, the Tilt HUD WebSocket at /ws/view is gated by a CSRF token, but the token is served by the unauthenticated /api/websockettoken endpoint and the upgrader accepts clients that omit an Origin...

8.3CVSS0.00222EPSS
Exploits0References4
osv
osv
added 6 days ago5 views

CVE-2026-55884 Tilt: Missing authentication on the network-exposed Tilt HUD server

Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.20.8 through 0.37.3, the Tilt HUD HTTP server registers handlers on a gorilla/mux router with no authenticating middleware. When the HUD is bound to a non-loopback address, an unauthenticated network caller can...

9.2CVSS6.2AI score0.00397EPSS
Exploits0References6
nvd
nvd
added last week7 views

CVE-2026-57028

An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause license exhaustion. Due to an incorrect initialization, a process which should only be able to communicate internall...

7.3CVSS0.00301EPSS
Exploits0References1
nvd
nvd
added last week10 views

CVE-2026-58378

Allwinner H616 TV Box TV98 has ADB enabled and exposed to the network on production. An attacker could request for ADB authorization and gain root level privileges if the victim allows access...

8.8CVSS0.00242EPSS
Exploits0References2
cve
cve
added last week14 views

CVE-2026-58378

CVE-2026-58378 affects the Allwinner H616 TV Box TV98 where ADB is enabled and exposed on production to the network. The vulnerability can allow an attacker to request ADB authorization and obtain root privileges if the user authorizes access. Public metrics show a high severity (CVSS v3.1/4.0 ba...

8.8CVSS6AI score0.00242EPSS
Exploits0References2
euvd
euvd
added last week7 views

EUVD-2026-42661

Allwinner H616 TV Box TV98 has ADB enabled and exposed to the network on production. An attacker could request for ADB authorization and gain root level privileges if the victim allows access...

8.8CVSS6AI score0.00242EPSS
Exploits0References2
redhat
redhat
added 2026/07/08 11:36 a.m.7 views

389-ds-base: 389-ds-base: integer overflow in SASL packet length bypasses size limit leading to heap buffer overflow

An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server 389-ds-base. In sasliostartpacket, adding sizeofuint32t to a crafted SASL packet length prefix of 0xFFFFFFFC causes unsigned wraparound to zero, bypassing the nsslapd-maxsasliosize limit and leading to a heap buffer...

7.6CVSS6.2AI score0.0067EPSS
Exploits0References5
redhat
redhat
added 2026/07/08 6:34 a.m.8 views

389-ds-base: 389-ds-base: integer overflow in SASL packet length bypasses size limit leading to heap buffer overflow

An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server 389-ds-base. In sasliostartpacket, adding sizeofuint32t to a crafted SASL packet length prefix of 0xFFFFFFFC causes unsigned wraparound to zero, bypassing the nsslapd-maxsasliosize limit and leading to a heap buffer...

7.6CVSS6.2AI score0.0067EPSS
Exploits0References5
redhat
redhat
added 2026/07/07 1:6 p.m.7 views

389-ds-base: 389-ds-base: Heap buffer overflow in sasl_io_recv() via padded SASL UNBIND

A heap buffer overflow flaw was found in the SASL I/O layer of 389 Directory Server 389-ds-base. After a successful SASL bind with integrity protection SSF 0, an authenticated attacker can send a specially crafted oversized LDAP UNBIND packet that is copied into a 512-byte heap receive buffer...

8.8CVSS6.1AI score0.00627EPSS
Exploits0References4
snyk
snyk
added 2026/07/07 1:1 p.m.5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the notification URL validation process. An attacker can access internal network resources and potentially expose sensitive internal data by configuring notification URLs to point to hostnames that...

7.7CVSS6AI score0.00437EPSS
Exploits0References2
Rows per page
Query Builder