Lucene search
K

118 matches found

Nuclei
Nuclei
added yesterday80 views

Oracle Weblogic - Server-Side Request Forgery

An unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect confidentiality via vectors related to WLS - Web Services. id: CVE-2014-4210 info: name: Oracle Weblogic - Server-Side Request Forgery author:...

5CVSS7.1AI score0.38152EPSS
Exploits8References5
NVD
NVD
added 2026/06/30 11:17 p.m.8 views

CVE-2026-14054

Insufficient policy enforcement in Network in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...

4.3CVSS0.0023EPSS
Exploits0References2
OSV
OSV
added 2026/06/26 4:36 p.m.4 views

GHSA-72F5-RR8C-R6GR Fluentd is Vulnerable to Server-Side Request Forgery (SSRF) via Placeholder Expansion in `out_http`

The outhttp output plugin allows the use of placeholders such as $tag in the endpoint configuration parameter. It was discovered that if the placeholder value is derived from untrusted user input, an attacker can maliciously control the destination hostname of the outbound HTTP requests made by...

7.2CVSS6AI score0.00449EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.63 views

PT-2026-53004

Name of the Vulnerable Software and Affected Versions Fluentd versions prior to 1.19.3 Description The in http and in forward plugins support gzip-compressed data but only enforce size limits on the compressed payloads via settings like body size limit and chunk size limit. Because no limit is...

7.5CVSS7.1AI score0.0063EPSS
Exploits0References14
CVE
CVE
added 2026/06/23 5:15 p.m.19 views

CVE-2026-49860

Summary of CVE-2026-49860 (Deno) A WebSocket sandbox bypass affects Deno prior to 2.8.1. When a WebSocket connection is opened, Deno checked the destination hostname against --deny-net rules but did not re-check the IPs that the hostname resolved to, allowing an attacker-controlled domain to reso...

5.2CVSS5.8AI score0.00101EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/23 5:14 p.m.35 views

CVE-2026-49859 Deno: `fetch()` API sandbox bypass via missing DNS resolution check

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, when fetch was called, Deno checked the destination hostname against --deny-net rules but did not re-check the IP addresses that hostname resolved to. An attacker-controlled script could use a specially crafted domain name...

5.2CVSS0.00101EPSS
Exploits0References1
OSV
OSV
added 2026/06/16 7:2 p.m.5 views

GHSA-CPGJ-F7G3-2PP2 Deno: `fetch()` API sandbox bypass via missing DNS resolution check

Summary When fetch was called, Deno checked the destination hostname against --deny-net rules but did not re-check the IP addresses that hostname resolved to. An attacker-controlled script could use a specially crafted domain name that passes the hostname check yet resolves to a denied IP,...

5.2CVSS5.5AI score0.00101EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.9 views

CVE-2026-21003

Improper input validation in data related to network restrictions prior to SMR Apr-2026 Release 1 allows physical attackers to bypass the restrictions...

6.8CVSS5.4AI score0.00162EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/04 12:0 a.m.5 views

Exposed Dangerous Method or Function

Overview mistral is a Mistral Project Affected versions of this package are vulnerable to Exposed Dangerous Method or Function in the exposed API endpoints. An attacker can execute arbitrary code and potentially access sensitive service credentials by sending crafted requests to the affected...

9.9CVSS6.1AI score0.00733EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/01 9:0 p.m.10 views

Malicious Package

Overview abuden28 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertising...

9.8CVSS5.8AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/26 11:9 a.m.16 views

CVE-2026-48700

A flaw was found in PCManFM-Qt. This vulnerability allows an attacker to achieve arbitrary code execution or bypass network security restrictions. This occurs when a specially crafted file path, provided as a Uniform Resource Identifier URI in a D-Bus method call, causes PCManFM-Qt to open the fi...

9.3CVSS6.2AI score0.00181EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/19 10:47 a.m.9 views

CVE-2026-7307

A flaw was found in Keycloak. A remote, unauthenticated attacker can send a specially crafted XML input to the Security Assertion Markup Language SAML endpoint. This malicious input can cause high CPU usage and worker thread starvation, leading to a Denial of Service DoS where the server becomes...

7.5CVSS5.8AI score0.00743EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/30 6:12 p.m.5 views

Server-side Request Forgery (SSRF)

Overview n8n-mcp is an Integration between n8n workflow automation and Model Context Protocol MCP Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the SSRFProtection.validateUrlSync function in the src/utils/ssrf-protection.ts component. An attacker can rea...

8.5CVSS5.8AI score0.00206EPSS
Exploits0References2
NVD
NVD
added 2026/04/13 5:16 a.m.17 views

CVE-2026-21003

Improper input validation in data related to network restrictions prior to SMR Apr-2026 Release 1 allows physical attackers to bypass the restrictions...

6.8CVSS0.00162EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/13 4:57 a.m.5 views

CVE-2026-21003

Improper input validation in data related to network restrictions prior to SMR Apr-2026 Release 1 allows physical attackers to bypass the restrictions...

5.2CVSS5.8AI score0.00162EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/13 4:57 a.m.6 views

CVE-2026-21003

Improper input validation in data related to network restrictions prior to SMR Apr-2026 Release 1 allows physical attackers to bypass the restrictions...

5.2CVSS5.8AI score0.00162EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/13 4:57 a.m.33 views

CVE-2026-21003

Improper input validation in data related to network restrictions prior to SMR Apr-2026 Release 1 allows physical attackers to bypass the restrictions...

5.2CVSS0.00162EPSS
Exploits0References1
CVE
CVE
added 2026/04/13 4:57 a.m.11 views

CVE-2026-21003

CVE-2026-21003 describes improper input validation of data related to network restrictions before SMR Apr-2026 Release 1, enabling physical attackers to bypass those restrictions. The impact in the provided metrics shows no confidentiality impact, high integrity and availability impact, with phys...

6.8CVSS5.8AI score0.00162EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.13 views

PT-2026-32241

Improper input validation in data related to network restrictions prior to SMR Apr-2026 Release 1 allows physical attackers to bypass the restrictions...

5.2CVSS5.8AI score0.00162EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.10 views

SAMSUNG Mobile devices 安全漏洞

Samsung Mobile devices are a series of mobile devices produced by South Korea’s Samsung Corporation, including smartphones and tablets. There are security vulnerabilities in Samsung Mobile Devices, which stem from improper validation of data input during network restrictions. This could allow...

6.8CVSS5.8AI score0.00162EPSS
Exploits0References1
Rows per page
Query Builder